After all, the AMD Ryzen 5000s were susceptible to Specter-like vulnerabilities


AMD published on its official website a technical document that collects the possible security vulnerability of its AMD Ryzen 5000 (Zen3) processors in the face of a side-channel attack is similar to Specter, which gave much to talk about in its day since it affected virtually all Intel processors. In this specific case, don't worry, it is a vulnerability classified as low risk.

With the Zen3 microarchitecture, AMD introduced a new technology called Predictive Store Forwarding (PSF), which helps improve code execution performance by predicting the relationship between loads and stores. In most cases, PSF's predictions are spot on. However, there is still a small chance that the prediction is not accurate, leading to incorrect CPU speculation.

"Since PSF speculation is limited to the current context of the program, the impact of poor PSF speculation is similar to bypassing the speculative warehouse (eg Specter v4). In both cases, a security issue arises if there is code that implements some kind of security check that can be bypassed when the CPU speculates incorrectly.

This can occur if a program (such as a web browser) hosts pieces of untrusted code and the untrusted code is able to influence the way the CPU speculates in other regions in such a way as to result in a data leak. This is similar to the security risk with other Specter-type attacks."

AMD CPU architects have found that incorrect PSF speculation equates to Specter v4. Software that relies on isolation or "sandboxing" is at great risk when it comes to incorrect speculation.

AMD provided two scenarios in which an incorrect PSF prediction can occur:

"First, the storage / load pair may have had a dependency for a while but then no longer have a dependency. This can happen if the address of the warehouse or load changes during program execution."

"The second source of incorrect PSF predictions can occur if there is an alias in the structure of the PSF predictor. The PSF predictor is designed to track store / load pairs based on parts of its RIP. It is possible that a store / load pair having a dependency has an alias in the predictor with another store / load pair that doesn't. This can lead to incorrect speculation when the second store / load pair is executed."

AMD concludes that Predictive Store Forwarding helps improve application performance but also has security complications. However, the chipmaker has not seen any code deemed vulnerable to PSF's misprediction and no such exploit has been reported. The security risk of Predictive Store Forwarding is low for most applications.

AMD's official recommendation is to leave Predictive Store Forwarding enabled, so disabling it could have a negative impact on performance, but it would completely shield the CPU, and that is why the company recently released a patch for Linux that allowed it to be disabled. technology.

Post a Comment

0 Comments