Security News Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,389
The latest generations of Intel processors, including Xeon chips, and AMD's older microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing ‘Spectre’ mitigations.

The vulnerabilities impact Intel's 12th, 13th, and 14th chip generations for consumers and the 5th and 6th generation of Xeon processors for servers, along with AMD's Zen 1, Zen 1+, and Zen 2 processors.

The attacks undermine the Indirect Branch Predictor Barrier (IBPB) on x86 processors, a core defense mechanism against speculative execution attacks.

Speculative execution is a performance optimization feature on modern CPUs that executes instructions before knowing if they are needed by future tasks, thus speeding up the process when the prediction is correct. Instructions executed based on the misprediction are called transient and are squashed.

This mechanism has been a source of side-channel risks, such as Spectre, because the speculation process calls sensitive data that could be retrieved from the CPU cache.
The researchers informed both Intel and AMD of these issues in June 2024.

Intel responded saying that they had already discovered the issue internally and assigned it the CVE-2023-38575 identifier.

The company released in March a microcode fix available through a firmware update but the researchers note that the code has not reached all operating systems, Ubuntu being among them.

AMD also confirmed the vulnerability and said that the flaw had already been documented and tracked as CVE-2022-23824. It is worth noting that AMD’s advisory includes Zen 3 products as beeing affected, which are not listed in ETH Zurich’s paper.

However, AMD classifies the issue as a software bug, not a hardware flaw. The older architectures affected and the fact that AMD learned about the bug a long time ago may explain the company's decision not to issue corrective microcode.
The ETH Zurich team is working with Linux kernel maintainers to develop a patch for AMD processors, which will be available here when ready.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,864
Don't know if it's related but I just saw that there are three firmware related updates available in my Arch Linux at the moment
1729277549815.png
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,864
Don't know if it's related but I just saw that there are three firmware related updates available in my Arch Linux at the moment
View attachment 285841
Once again, I'm not fully sure if these are related but after Arch received firmware related patch in October 17, AMD released a chipset driver on October 21 for windows, and today in October 23 I received the same update on openSUSE Tumbleweed. Some interesting observation on who got critical firmware updates first.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top