Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/intel-amd-cpus-on-linux-impacted-by-newly-disclosed-spectre-bypass/

The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.

The vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD's Zen 1, Zen 1+, and Zen 2 processors.

The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, a core defense mechanism against speculative execution attacks.

Speculative execution is a performance optimization feature on modern CPUs that executes instructions before knowing if they are needed by future tasks, thus speeding up the process when the prediction is correct. Instructions executed based on the misprediction are called transient and are squashed.

This mechanism has been a source of side-channel risks, such as Spectre, because the speculation process calls sensitive data that could be retrieved from the CPU cache.

The researchers informed both Intel and AMD of these issues in June 2024.

Intel responded saying that they had already discovered the issue internally and assigned it the CVE-2023-38575 identifier.

The company released in March a microcode fix available through a firmware update but the researchers note that the code has not reached all operating systems, Ubuntu being among them.

AMD also confirmed the vulnerability and said that the flaw had already been documented and tracked as CVE-2022-23824. It is worth noting that AMD’s advisory includes Zen 3 products as beeing affected, which are not listed in ETH Zurich’s paper.

However, AMD classifies the issue as a software bug, not a hardware flaw. The older architectures affected and the fact that AMD learned about the bug a long time ago may explain the company's decision not to issue corrective microcode.

The ETH Zurich team is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready.

Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations.

www.bleepingcomputer.com

 

[SeriousHoax]

Don't know if it's related but I just saw that there are three firmware related updates available in my Arch Linux at the moment

 

[SeriousHoax]

Don't know if it's related but I just saw that there are three firmware related updates available in my Arch Linux at the moment
View attachment 285841

Once again, I'm not fully sure if these are related but after Arch received firmware related patch in October 17, AMD released a chipset driver on October 21 for windows, and today in October 23 I received the same update on openSUSE Tumbleweed. Some interesting observation on who got critical firmware updates first.