Two other vulnerabilities related to the Specter Variant 2 vulnerability were discovered in older processor chips from AMD and Intel. It is not yet known whether these vulnerabilities will be exploited by attackers.
Older processing chips are a potential target
The two vulnerabilities named CVE-2022-29900 (for AMD chips) and CVE-2022-29901 (for Intel chips) are a problem for Intel Core processors of generations 6 to 8 and AMD Zen 1, Zen 1+ and Zen 2 processors.
These models are vulnerable to speculative execution attacks, which can trick a given CPU into executing a malformed instruction that accesses private data in the chip’s kernel memory.
This can also be referred to as a side channel attack because a side channel is used to transmit information.
As written on the COMSEC website, These two new vulnerabilities were named RetBleed by ETH researchers Kaveh Razavi and Johannes Wikner. RetBleed is responsible for extracting the stolen data after exploiting a specific vulnerability so the attackers can use it to their advantage.
in the Episode 21 of Intel’s Chips & Salsa video seriesthe company stated that Windows, Linux and macOS devices are vulnerable to these two vulnerabilities.
It is not yet known whether these vulnerabilities are exploited
Although the CVE-2022-29900 and CVE-2022-29901 vulnerabilities can be exploited, instances where this happens have yet to be disclosed. At the time of writing, no exploits have been detected in the wild by Intel or AMD, but that doesn’t necessarily mean that future attacks are ruled out.
Although patches are being tested to mitigate both of these new vulnerabilities, the resources required to do so will likely incur significant overhead, worrying both AMD and Intel.
Expect new patches for these vulnerabilities
Specter was first announced in 2018, and each new iteration of the vulnerability has been successfully overcome. A special defense system called Reptoline was deployed in 2018 to mitigate Specter attacks, but the new vulnerabilities were able to bypass this protection. Increasing the security measures on these AMD and Intel chips can also lead to a deterioration in performance quality.
However, these patches are likely required to prevent exploitation of these Specter vulnerabilities in the wild. Workarounds are currently being worked on to address this issue.
Specter is an ongoing problem
Whether new variations of Specter will appear in the future is not yet known. Several iterations have surfaced in the past, with these two new vulnerabilities suggesting there may be more to come.
Although new patches are likely to incur significant overhead, they will protect users from becoming victims of possible future exploits over the CVE-2022-29900 and CVE-2022-29901 vulnerabilities.
This article was previously published on Source link