AMD admits that ZEN 3 processors are affected by Spectre vulnerability
Spectre and Meltdown series vulnerabilities are security issues that have plagued the entire industry in recent years because these vulnerabilities are based on the Intel processor hardware level and cannot be repaired.
Although Intel introduced multiple microcode updates that can mitigate the vulnerabilities, it can also cause processor performance degradation, which has a serious negative impact on data centers.
Now AMD’s processor based on the ZEN 3 architecture has also been found to have Spectre vulnerabilities. Attackers can steal key data with the help of Spectre vulnerabilities.
Specifically, these processors are variants of the Spectre vulnerability (Spectre V4), which are also speculative execution vulnerabilities that are easily exploited by attackers.
AMD explains:
“In typical code, PSF provides a performance benefit by speculating on the load result and allowing later instructions to begin execution sooner than they otherwise would be able to. Most of the time, the PSF prediction is accurate. However, there are cases where the prediction may not be accurate and cause incorrect CPU speculation.
Because PSF speculation is limited to the current program context, the impact of bad PSF speculation is similar to that of speculative store bypass (e.g., Spectre v4). In both cases, a security concern arises if code exists that implements some kind of security control which can be bypassed when the CPU speculates incorrectly. This may occur if a program (such as a web browser) hosts pieces of untrusted code and the untrusted code is able to influence how the CPU speculates in other regions in a way that results in data leakage. This is similar to the security risk with other Spectre-type attacks.”
To fix the vulnerability, the method used has not changed: Disabling the speculative execution function of the processor through a microcode update can alleviate the vulnerability but affect performance.
That is, disabling speculative execution can indeed improve security but reduce processor performance, but AMD believes that the security risk of this vulnerability is relatively low.
The company has not yet discovered any code that can trigger such attacks, so currently, the company will not release microcode updates to disable speculative execution.
In addition, AMD also emphasizes that users are vulnerable to attacks if they execute programs in a sandbox, but hardware isolation programs can avoid this type of attack.
As for the follow-up situation, we may need to continue to observe, but AMD currently believes that it is not worth disabling the speculative execution function, so there is no need to repair it temporarily.