CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 723
- Points
- 113
A fission vulnerability opens the way for hackers.
A vulnerability was discovered in AMD processors (CVE-2023-20588), which leads to a data leak when performing operations on the same CPU core during processing of the #DE (Divide Error) exception that occurs when dividing by zero is attempted. The issue only affects AMD Zen1 processors, such as the AMD EPYC 7001, AMD Athlon 3000, AMD Ryzen 3000 with Radeon GPU, AMD Athlon PRO 3000 with Radeon Vega GPU, and AMD Ryzen PRO 3000 with Radeon Vega GPU.
The reason for the vulnerability is that when a #DE exception occurs due to division by zero, the processor speculatively redirects the result of the previous division operation, since in a CPU with the Zen1 microarchitecture, there is only one divisor in the pipeline that processes operations in different threads. On vulnerable systems, an attacker can learn the result of a previous division operation performed on the same CPU core in other contexts, such as in the kernel, in other processes, or outside the VM.
In practice, the vulnerability can be used to create a hidden data channel between processes, sandbox environments, or virtual machines, bypassing system access control mechanisms and without using system calls. The vulnerability also allows you to determine the result of the previous actual or speculative execution of the DIV statement from user space, which can be used when processing confidential data at a higher privilege level (for example, division can be used when performing cryptographic operations, and an attacker can find out the parameters of these operations).
Patches to fix the vulnerability have already been developed for the Linux kernel and the Xen hypervisor. The issue was fixed by overwriting the divider buffer during context switching. The fix only works when symmetric multithreading (SMT) is disabled.
A vulnerability was discovered in AMD processors (CVE-2023-20588), which leads to a data leak when performing operations on the same CPU core during processing of the #DE (Divide Error) exception that occurs when dividing by zero is attempted. The issue only affects AMD Zen1 processors, such as the AMD EPYC 7001, AMD Athlon 3000, AMD Ryzen 3000 with Radeon GPU, AMD Athlon PRO 3000 with Radeon Vega GPU, and AMD Ryzen PRO 3000 with Radeon Vega GPU.
The reason for the vulnerability is that when a #DE exception occurs due to division by zero, the processor speculatively redirects the result of the previous division operation, since in a CPU with the Zen1 microarchitecture, there is only one divisor in the pipeline that processes operations in different threads. On vulnerable systems, an attacker can learn the result of a previous division operation performed on the same CPU core in other contexts, such as in the kernel, in other processes, or outside the VM.
In practice, the vulnerability can be used to create a hidden data channel between processes, sandbox environments, or virtual machines, bypassing system access control mechanisms and without using system calls. The vulnerability also allows you to determine the result of the previous actual or speculative execution of the DIV statement from user space, which can be used when processing confidential data at a higher privilege level (for example, division can be used when performing cryptographic operations, and an attacker can find out the parameters of these operations).
Patches to fix the vulnerability have already been developed for the Linux kernel and the Xen hypervisor. The issue was fixed by overwriting the divider buffer during context switching. The fix only works when symmetric multithreading (SMT) is disabled.
