In an article called «One glitch to rule them all“(Something like” a glitch to rule them all “), the researchers claim that all AMD EPYC server processors and all architectural generations are vulnerable. But, before you get alarmed (in case you happen to have any of these processors) you should know that it only affects the virtualization security system and that, in addition, it is necessary to have physical access to the machine.
What is this security vulnerability in AMD EPYC CPUs?
The entire family of AMD EPYC processors, regardless of their generation, use what they call AMD Secure Encrypted Virtualization, which uses the secure PSP processor contained in these chips to encrypt communications. The researchers cite that according to AMD, the secure processor protects virtual machines from external attacks, such as hosting software problems and malicious administrators.
The error is called “voltage fault injection attack” and is based on the ability to modify the input voltage of the ROM (the read-only memory) in the bootloader of this secure processor. This allows a malicious attacker to take ownership of the entire root of processor confidence, giving you access to virtually the entire system.
At the beginning of the year, AMD already announced that it was aware of two security vulnerabilities related to the secure encrypted virtualization, and both had to do with code injection attacks, but it seems that now there are three problems that they have to face. Remember that a large majority of AMD EPYC processors are sold for virtualization environments, which means that we could be before thousands and thousands of affected servers.
It appears that in this newly discovered vulnerability, hardware attacks can bypass the security capabilities of this secure processor, despite the fact that CPU Milan (EPYC 7003) they receive security updates against these types of issues constantly. Of course, as we mentioned at the beginning, it is required to have physical access to the hardware to be able to take control, so the security failure should not have consequences in the first instance.
Are AMD processors unsafe?
From what we could call the “great IT security controversy” of what we have been doing for a decade, the issue of Meltdown Y Specter occurred in 2018, the issue of security in processors from AMD and Intel has always been questioned. Not long ago we told you that right now Intel accumulates 486 vulnerabilities to be solved for only 21 (well, now 22) from AMD, so it certainly seems that AMD processors could be more secure than Intel’s, that or what Researchers put more emphasis on calling into question the security of the blue’s CPUs.
In any case, we could say that we are in a kind of paradox in which all processors are potentially unsafe (since new vulnerabilities are constantly being discovered) but they are also very safe, since both companies put a lot of effort in making it so. In fact, as soon as a new serious vulnerability is discovered, they usually focus on it until fix it quickly. Why do they accumulate so many unsolved then? Because they are not serious, they do not affect confidential data, and therefore they are not a priority, neither more nor less.
Therefore, and answering the question: no, the processors of AMD (nor those of Intel) they are not unsafe, and in fact we can be quite confident that the security systems they incorporate really work. After all, in most cases in which a vulnerability affects a processor, physical access to the machine is required, and it would be difficult for someone with the necessary knowledge and material to have access to our PC to steal our data. , do not?