silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,802
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs.
Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as Zenbleed (CVE-2023-20593).
"Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers," Daniel Moghimi, senior research scientist at Google, said. "This vulnerability [...] enables a user to access and steal data from other users who share the same computer."
"[Downfall and Zenbleed] allow an attacker to violate the software-hardware boundary established in modern processors," Tavis Ormandy and Moghimi noted. "This could allow an attacker to access data in internal hardware registers that hold information belonging to other users of the system (both across different virtual machines and different processes)."