Swiss researchers have found holes in AMD Ryzen processor security. AMD has outlined the newly uncovered “Inception” attack in its official CVE-2023-20569 bulletin. Like some of the most infamous CPU vulnerabilities, Inception is a speculative side channel attack, which can possibly lead to privileged data leakage to unprivileged processes. At the time of writing AMD is not aware of any Inception exploits outside of security research circles.
Unfortunately for AMD and its users, Inception affects the latest AMD Ryzen processor families based on Zen 3 and Zen 4 cores — across data center, desktop, HEDT, and mobile. However, we must be thankful that, as details of Inception go live, mitigations are in the pipeline.
In its security bulletin, AMD says that customers may have a choice between a standalone microcode patch or a BIOS update that incorporates the microcode patch. AMD CPU users may be familiar with the quite frequent AGESA microcode update releases, and some patches will be delivered this way later this month, while others might have to wait until December. Users are asked to check with their OEM, ODM, or MB for a BIOS update specific to their product.
To be clear, AMD says that users of products based on the Zen or Zen 2 CPU architectures don’t need any patching “because these architectures are already designed to flush branch type predictions from the branch predictor.” This is a little different from what the researchers from ETH Zurich say in their Inception paper (PDF), so we hope things will become clearer soon.
So, what is the new Inception vulnerability? We already mentioned it’s a speculative side channel attack like the infamous Spectre. Processor makers thought they had eliminated the ability of attackers to snoop at the look up table used for accessing DRAM in Spectre mitigations. However, the ETH Zurich team discovered that, on Zen architecture processors, they could “make the CPUs manufactured by AMD believe that they had seen certain instructions before, whereas in reality that had never happened,” explained one of the researchers to EE News Europe. Another summary of Inception is provided by COMSEC.
Over the past one and a half years, we have studied two phenomena that enable an unprivileged attacker to leak arbitrary information on all modern AMD CPUs –
▪ Phantom speculation: We can trigger misprediction without any branch at the source of the misprediction.
▪ Training in Transient Execution: We can manipulate future mispredictions through a previous misprediction that we trigger. –
Putting the two together gives rise to a new type of attack called Inception: we can inject future mispredictions through a previous misprediction that we trigger — in the absence of branches.Inception summary, COMSEC
Ultimately, Inception means that an attacker of an unpatched AMD Ryzen system can obtain leaked data from anywhere in the computer’s memory.
AMD says that it believes the Inception vulnerability is “only potentially exploitable locally, such as via downloaded malware.” Thus, it says good general system security practices should keep Inception dangers away from your PC. However, the researchers reckon Inception could be used by an attacker in the context of cloud computing, where several customers share the same processing hardware resource.
In case you missed it, AMD’s fiercest CPU-making rival, Intel, was also in the news just hours ago for a notable newly discovered security vulnerability — the Intel ‘Downfall’ bug, which affects architectures spanning from Sky Lake to Tiger Lake/Ice Lake.
