“Hertzbleed” Nutzt Intel- und AMD-Boost-Frequenzen aus, um Kryptoschlüssel zu stehlen
Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 Satisfye-Paket. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Zusätzlich, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.