Meltdown & Spectre

From XKCD:

New zero-day vulnerability: in addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.

A new stack-based overflow vulnerability discovered in AMD CPUs

From Security Affairs:

Google expert discovered a new stack-based overflow vulnerability in AMD CPUs that could be exploited via crafted EK certificates,
Chip manufacturers are in the tempest, while media are continues sharing news about the Meltdown and Spectre attacks, the security researcher at Google’s cloud security team Cfir Cohen disclosed a stack-based overflow vulnerability in the fTMP of AMD’s Platform Security Processor (PSP).

The vulnerability affects 64-bit x86 processors, the AMD PSP provides administrative functions similar to the Intel Management Engine.

We’re going to see a lot more investigation into hardware vulnerabilities. It won’t be pretty, I expect.

What researchers discover will not be easy or inexpensive to fix. My hope is that hardware manufacturers realize it is less expensive and better for their reputation to improve their processes in relation to secure-by-design.

Central Processor Unit (CPU) Architectural Design Flaws

If you’re looking for a solid, vetted source for information on the CPU vulnerabilities announced by Google, IBM X-Force Exchange is a great resource.

https://exchange.xforce.ibmcloud.com/