This security flaw could affect nearly all CPUs - but it might not be all bad
Your CPU could have the potential to leak sensitive data
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new vulnerability has been identified affecting a wide number of CPUs, but users have been told not to be overly concerned, given the sheer complexity of carrying out an attack.
That’s according to chipmakerAMD, who “believes that it is difficult to execute the attack/exploit of this vulnerability in the real world or outside of a controlled/lab-type environment.”
The warning came from a group of researchers from the Graz University of Technology and CISPA Helmholtz Center for Information Security.
Software-based Power Side Channel widely affecting CPUs
The issue, known as ‘Collide+Power,’ presents a potential power side-channel vulnerability affectingprocessorsthat could allow authenticated attacks to monitor CPU power consumption, which in turn may lead to the leak of sensitive information.
These are the best malware removal tools>Microsoft is fixing a load of serious Intel CPU security flaws>Your old discarded printer could be hiding security secrets - here’s what to do
The vulnerability has been tracked as CVE-2023-20583 and was awarded a severity level of ‘low’.
Ahead of a full investigation,AMDhas confirmed that “EPYC server processors contain a performance determinism mode which can be used to reduce this type of leakage” and that “Ryzen client processors support a core boost disable bit that can help reduce the changes in frequency.”
ARMalso shared some information about the issue at hand, and anIntelspokesperson toldTechRadar Pro:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Intel has evaluated this research and determined new mitigations are not required. Existing features in Intel products and guidance for mitigating power side-channel attacks are applicable in this and other known cases.”
The chipmakers appear to have been cooperative in reaching an agreement to rectify the vulnerability. The team behind the discovery said: “We thank the vendors AMD,ARM, and Intel for professionally handling the responsible disclosure.”
In its own statement,Amazonsaid that AWS customers’ data and instances are not impacted by Collide+Power.
A full breakdown of how an attacker may be able to get access to sensitive information via a machine’s CPU can be found on theCollide+Power website. Moving forward, the Graz and CISPA researchers see a solution in preventing attackers from observing power-related signals rather than redesigning general-purpose CPUs which is a sizeable task by any measure.
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption
Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
