HEDT PC Ryzen Tech News

Vulnerability Found on AMD Zen+ and Zen2 Processors

It’s a “Meltdown-like” vulnerability … more info can be found here.

Taken from TPU … Cybersecurity researchers Saidgani Musaev and Christof Fetzer with the Dresden Technology University discovered a novel method of forcing illegal data-flow between microarchitectural elements on AMD processors based on the “Zen+” and “Zen 2” microarchitectures, titled “Transient Execution of Non-canonical Accesses.” The method was discovered in October 2020, but the researchers followed responsible-disclosure norms, giving AMD time to address the vulnerability and develop a mitigation. The vulnerability is chronicled under CVE-2020-12965 and AMD Security Bulletin ID “AMD-SB-1010.”

The one-line summary of this vulnerability from AMD reads: “When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits, potentially resulting in data leakage.” The researchers studied this vulnerability on three processors, namely the EPYC 7262 based on “Zen 2,” and Ryzen 7 2700X and Ryzen Threadripper 2990WX, based on “Zen+.” They mention that all Intel processors that are vulnerable to MDS attacks “inherently have the same flaw.” AMD is the subject of the paper as AMD “Zen+” (and later) processors are immune to MDS as demonstrated on Intel processors. AMD developed a mitigation for the vulnerability, which includes ways of patching vulnerable software.

Find the security research paper here (PDF), and the AMD security bulletin here. AMD’s mitigation blueprint can be accessed here.

Source: TPU, AMD

 

Related Articles

Respawn and Lucasfilm Games Unveil Star Wars Jedi: Survivor

nucleus

Back 4 Blood Delayed to October 12th

nucleus

AMD Announces Ryzen 6000 PRO Series of Notebook Processors

nucleus

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More