From Security Affairs:

Google expert discovered a new stack-based overflow vulnerability in AMD CPUs that could be exploited via crafted EK certificates,
Chip manufacturers are in the tempest, while media are continues sharing news about the Meltdown and Spectre attacks, the security researcher at Google's cloud security team Cfir Cohen disclosed a stack-based overflow vulnerability in the fTMP of AMD's Platform Security Processor (PSP).

The vulnerability affects 64-bit x86 processors, the AMD PSP provides administrative functions similar to the Intel Management Engine.

We're going to see a lot more investigation into hardware vulnerabilities. It won't be pretty, I expect.

What researchers discover will not be easy or inexpensive to fix. My hope is that hardware manufacturers realize it is less expensive and better for their reputation to improve their processes in relation to secure-by-design.



My original entry is here: A new stack-based overflow vulnerability discovered in AMD CPUs. It posted Sun, 07 Jan 2018 03:54:56 +0000.

Filed under: tech,