News AMD CacheWarp Vulnerability Afflicts Previous Gen EPYC Server CPUs, Patch Issued

[Admin]

CacheWarp is the latest security hole in AMD chips, and it's present in first, second, and third generation EPYC processors. AMD has only issued a patch for its third gen Milan CPUs.

AMD CacheWarp Vulnerability Afflicts Previous Gen EPYC Server CPUs, Patch Issued : Read more

 

[The Historical Fidelity]

Kinda seems like a big oversight to make the default condition of the anti-hack feature the correct value to pass the authentication challenge….

 

[rluker5]

Also an oversight to not release the patch for the first two gens of Epyc since it doesn't hurt performance.

That's worse than Intel APO for just 14th gen since it seems they are holding an active remote authentication exploit stick as a motivation to upgrade.

It can't cost that much just to release a microcode update for the other two gens since they are already doing it for the third.

 

[bit_user]

It can't cost that much just to release a microcode update for the other two gens since they are already doing it for the third.

You have no idea how much resemblance there is between the microcode of those cores. Don't assume all they have to do is "recompile" the fix for earlier CPUs. Furthermore, any fix needs to be validated, all of which takes resources that would probably have to be pulled off of other tasks.

IMO, the main reason they're not patching older CPUs is that it's just not a very bad vulnerability. Memory should already be getting zero'd by the OS, before it can be used by another process.

 

[rluker5]

You have no idea how much resemblance there is between the microcode of those cores. Don't assume all they have to do is "recompile" the fix for earlier CPUs. Furthermore, any fix needs to be validated, all of which takes resources that would probably have to be pulled off of other tasks.

IMO, the main reason they're not patching older CPUs is that it's just not a very bad vulnerability. Memory should already be getting zero'd by the OS, before it can be used by another process.

It is true I don't know how much work it is to update the microcode.

And it doesn't seem bad for those not using a public VM. But from the whitepaper: "Cloud providers, such as Microsoft Azure, Google Cloud, and Amazon Web Services already support AMD SEV" and "In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary. While we implement a software-based mitigation proof-of-concept, we argue that mitigations are difficult, as the root cause is in the hardware."

This is only a problem, apparently if the hypervisor has been compromised, or if an organization is required to run a trusted VM(s) and wants to use an untrusted hypervisor.

And as far as the first two gens of Epyc, per Tom's article: " In a statement to Computerbase, AMD claims that a patch isn't necessary for first and second generation CPUs as "SEV and SEV-ES features are not intended for protection."" BUT per AMD: https://www.amd.com/en/developer/sev.html that is not true and AMD SEV is used in those gens and you can download the tools to do it in the link I provided.

There may be organizations that are required to run trusted VMs that may no longer be able to do so on servers that run on those first 2 gens of Epyc. Is someone going to let them know?

I hope I don't have money or available credit in one of them.

Edit: So it is an oversight to not have released the patch for the first 2 gens as well. It looks better at least.