When doing some of its own research, Intel’s security team discovered a flaw in AMD’s years-old patch against Spectre-based vulnerabilities, according to a report by Tom’s Hardware. AMD has since provided an update on its security bulletin in response, where it suggests using an alternate mitigation option and has additional advice for software developers.
AMD’s years-old fix doesn’t adequately protect against Spectre
Spectre is a type of security flaw affecting nearly all modern Intel and AMD processors that can give attackers access to sensitive data while remaining undetected. Last week, researchers found that Intel and Arm processors are susceptible to a new kind of Spectre v2 attack — although it’s just a proof-of-concept — called Branch History Injection (BHI).
During Intel’s investigation of this new potential vulnerability, Intel examined AMD’s LFENCE/JMP Spectre mitigation that the company has used since 2018. Surprisingly, researchers found that it doesn’t adequately protect against the threat. As noted on AMD’s security bulletin, the newly discovered security hole spans generations of AMD Ryzen processors on both laptops and desktop builds and also affects the second and third-generation Threadrippers. The researchers who found the new flaw performed their exploit on a Linux system and recommended mitigations, including the Retpoline fixes and disabling unprivileged eBPF on Linux systems that don’t already have it disabled. So far, there haven’t been examples of using the exploit on other platforms like Windows.
Patches for Spectre-related vulnerabilities have been known to cause performance issues, especially on older hardware. The folks at benchmarking platform Phoronix tested the impact of the initial patches on both AMD and Intel chips in 2019 and discovered Intel chips are far more likely to be bogged down by performance issues thanks to their patches, while AMD CPUs remain much less affected.