AMD Zen+, Zen 2 vulnerable to Meltdown-style attacks

Researchers find AMD CPUs can be manipulated just like Intel ones

AMD processors could be vulnerable to Meltdown-style attacks, according to computer scientists at TU Dresden in Germany.

In a research paper titled "Transient Execution of Non-Canonical Accesses,” the scientists, Saidgani Musaev and Christof Fetzer, looked at  AMD Zen+ and Zen 2 processors. The chips tested were the AMD Epyc 7262, Ryzen 7 2700X, and Threadripper 2990WX.

AMD's security bulletin refers to the vulnerability with the name CVE-2020-12965. The flaw works by executing specific software sequences, where AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage."

While attacks like Meltdown relied on fetching data from the L1 data cache and Microarchitectural Data Sampling (MDS) to work, scientists found another way that was “very similar to Meltdown-type behavior.”

“The violation we report does not lead to cross address space leaks, but it provides a reliable way to force an illegal dataflow between microarchitectural elements,” said the scientists.

“The consequence of having a code snippet vulnerable to such behavior may allow an attacker to poison the transient execution of the AMD CPU from the microarchitectural element. In addition, this discovery shows that AMD does implement speculation on memory accesses similar to Meltdown-type attacks, suggesting that even more, similar flaws might be yet to unveil,” the scientists added.

Related Resource

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

The Forrester Wave: Top security analytics platforms - whitepaper from IBMFree download

The scientists said that while AMD’s design decisions limited the exploitability of such flaws compared to Intel CPUs, it “may be possible to use them to amplify other microarchitectural attacks.”

The scientists alerted AMD about the vulnerability in October 2020. AMD then developed a technique for mitigating the issue.

In an advisory, AMD “recommends that SW vendors analyze their code for any potential vulnerabilities related to this type of transient execution. Potential vulnerabilities can be addressed by inserting an LFENCE or using existing speculation mitigation techniques.”

AMD also outlined in a security whitepaper that there was a variety of techniques software can use to manage processor speculation, each with different properties and trade-offs. AMD said some techniques involve managing what addresses the processor can use for speculative instruction fetch, stopping the dispatch or execution of speculative instructions, or managing what data addresses the processor can calculate

“In addition, newer and future AMD products support additional security features (such as SMEP, SMAP, IBC) which are particularly useful in controlling speculation across kernel/ user privilege boundaries,” the company said.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

AMD and Microsoft fix Ryzen performance in Windows 11
Hardware

AMD and Microsoft fix Ryzen performance in Windows 11

22 Oct 2021
Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021
Graylog launches new cyber security solution to address legacy issues
cyber security

Graylog launches new cyber security solution to address legacy issues

21 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021