AMD’s “Inception” security vulnerability patch may cause a significant drop in performance

A research team from the Zurich Federal Institute of Technology recently identified a security vulnerability dubbed “Inception” that poses the risk of sensitive data exposure. This flaw misleads the processor with a contrived instruction, thrusting it into a recursive operation which eventually leads to data leakage. This vulnerability encompasses almost all AMD processors based on the Zen architecture series.

As reported by Phoronix, although AMD has yet to disclose whether any patch for the “Inception” vulnerability would impact performance, they have tested the new microcode, revealing a noticeable performance degradation in certain applications.

It’s understood that kernel-based mitigation strategies are viable for processors with Zen 1 and Zen 2 architectures, while Zen 3 and Zen 4 processors might need to await a solution. Currently, AMD has released a new microcode for the “Family 19h” processors (EPYC server processors). Phoronix executed relevant benchmark tests using the EPYC 7763, including popular applications like Blender and Mozilla Firefox.

The findings suggest that the new mitigation measures have a negligible impact on most applications used by the general populace, with no cause for alarm. The most significant performance dip, nearly 13%, was observed in 7-Zip. However, applications like MariaDB witnessed a stark performance drop, exceeding 50%, indicating that the new microcode severely hampers data-processing applications.

The recent spate of security vulnerabilities appears to have become an industry norm, with mitigation measures often resulting in performance setbacks. For instance, Intel’s updated microcode to address the “Downfall” vulnerability led to pronounced performance losses.