• Jannik2099@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    tldr: The Host can trigger cache invalidations (without write back) in SEV-protected guests. Certainly an interesting oversight, easily fixed in microcode.

  • Diomedus94@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    It is really interesting and stupid to inform about vulnerabilities because if some competent hacker dont know about it now it does :D

    • Put_It_All_On_Blck@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      CacheWarp was discovered earlier this year and AMD was informed in APRIL.

      The researchers gave AMD 8 months to come up with a patch before publication.

      You can’t blame the researchers for publishing their work, they gave AMD plenty of time to address it.

    • letsgoiowa@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Security through obscurity is usually a terrible idea. Almost all the time it gets published BECAUSE there’s a high likelihood of it being found out pretty soon, something is already in the wild, OR it was patched long ago.

      We prioritize patching against anything actively exploited which usually happens BEFORE patches even get written.

      • Sleepyjo2@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Companies are informed before the public, they are then given a period of time before the public release of the info in order to fix it. This is how its worked for quite a while now.

        Hiding the information does nothing, someone out there is possibly already using the attack anyway and making it public forces the company to act instead of sweeping the problem away.

        (Though AMD likes to make the fixes optional when they do get around to it anyway but details.)