AMD Zen+ & Zen 2 CPUs Vulnerable To Meltdown-Like Cyber Attacks

Jason R. Wilson

In October 2020, cybersecurity researchers Christof Fetzer and Saidgani Musaev of the Dresden Technology University ascertained a  Meltdown-Like vulnerability that affects both Zen+ and Zen 2 microarchitectures in AMD processors by producing illegal data sequences between both the processor and the microarchitectures.

AMD Zen+ & Zen 2 CPUs Are Vulnerable To Meltdown-Like Cyber Attacks, Report Claims

The title of the process is "Transient Execution of Non-canonical Accesses". The cybersecurity team did not divulge the information in October to give AMD the proper time frame to investigate and create a mitigating solution.

Related Story Intel Outlines 40 TOPS NPU Performance As Minimum Requirement For Windows Copilot & AI PC Platforms

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.

— AMD mitigation site for the Transient Execution of Non-canonical Accesses

Information pertaining to the vulnerability can be located in the CBE-2020-12965 disclosure and AMD's Security Bulletin for the vulnerability labeled AMD-SB-1010.

The subject of the disclosure used both the EPYC 7262, a Zen 2 modeled processor, and both the Ryzen 7 2700X and Ryzen Threadripper 2990WX, which happen to both share the Zen+ microarchitecture. The AMD Zen+ and Zen 2 microarchitectures are not affected by MDS attacks, but they do suffer from "a new Meltdown-like vulnerability," as reported by tech outlet, TechPowerup.

However, it does not stop there. Intel processors that have any vulnerability to MDS attacks are also stated to be affected as well. Although initial Meltdown vulnerabilities were patched out, a series of new exploits have been discovered and certain mitigations through software approach can lead to significant performance hits. Intel has also revised its silicon on new chips.

Since the investigation was found in their two Zen CPUs, AMD highly suggests that any software developers that create codes for both microarchitectures to research their own applications and add security measures to stop the vulnerability. One such recommendation from AMD is to use LFENCE, or Load Fence, instructions in the application packages or any current possible executive mitigations, which AMD discloses in the software manuals in this document (PDF).

It is unsure if the driver patches that AMD released last week for the Ryzen series chips that support the two Zen microarchitectures were in conjunction with this new development. The only information that was provided was that the patch was created to fix a problem in the PSP, or the Platform Security Processor. AMD does assure everyone that the patches were unrelated to the flaw in question.

Source: TechPowerup, ARXIV.org

Share this story

Deal of the Day

Comments