AMD admits that Zen 3 CPUs are vulnerable to a new Spectre-style attack

mongeese

Posts: 492   +109
Staff member
In brief: AMD has confirmed that a microarchitecture optimization inside Zen 3 CPUs can be exploited in a similar fashion to the Spectre vulnerabilities that plagued Intel CPUs a few generations ago. Disabling the optimization is possible, but will carry a performance penalty that AMD doesn’t believe is worth it for all but the most critical deployments of the processors.

Update (April 5): Even though AMD was confident enough in not recommending a majority of their customers to disable Predictive Store Forwarding (PSF) for security reasons, Phoronix ran dozens of tests during the weekend using a Ryzen 7 5800X especifically benchmarking for the Zen 3 PSF vulnerability. They conclude that "the geometric mean of all those results was less than a half percent performance loss when disabling this new Zen 3 feature," or in other words, the performance impact is negligible.

In a recently published whitepaper, titled "Security Analysis of AMD Predictive Store Forwarding," AMD describes the nature of the vulnerability and discusses the associated complications. In simple terms, the implementation of Predictive Store Forwarding (PSF) reopens the lines of attack previously threatened by Spectre v1, v2, and v4, because of its speculative nature.

AMD describes PSF as a hardware optimization "designed to improve the performance of code execution by predicting dependencies between loads and stores." Like branch prediction, a feature that enabled some previous Spectre attacks, PSF makes predictions to allow the processor to execute subsequent instructions faster. PSF creates a vulnerability when it makes an incorrect prediction.

Incorrect predictions can be the result of two scenarios, says AMD. "First, it is possible that the store/load pair had a dependency for a while but later stops having a dependency." This happens naturally as stores and loads change during a program’s execution. The second scenario occurs "if there is an alias in the PSF predictor structure," and the alias is used when it shouldn’t have been. Both scenarios can be triggered by malicious code as desired, at least theoretically.

AMD writes, "because PSF speculation is limited to the current program context, the impact of bad PSF speculation is similar to that of speculative store bypass (Spectre v4)."

Like Spectre v4, the vulnerability occurs when one of the processor’s security measures is bypassed by the incorrect speculation. In combination with other attacks; AMD uses Spectre v1 as an example, the incorrect prediction can result in data leakage. "This is similar to the security risk of other Spectre-type attacks," says AMD.

Programs that depend on software sandboxing for security are the most vulnerable to PSF attacks. Programs that use hardware isolation "may be considered safe" from PSF attacks because PSF speculation doesn’t occur across address spaces. It also doesn’t occur across privilege domains.

AMD has found that techniques like address space isolation are sufficient to stop PSF attacks, however, they’ve provided the means to disable PSF, even on a per-thread basis, if desired. But because the security risk is "low," and because "AMD is not currently aware of any code that would be considered vulnerable due to PSF behavior," they universally recommend leaving the PSF feature enabled as the default setting, even when protections aren’t available.

Permalink to story.

 

Lionvibez

Posts: 2,300   +1,810
Sounds like a disingenuous article here... does the hacker need to have physical access to the PC in order to hack it? What is the performance hit if you disable PSF?

AMD was quick to slam Intel over this... would like a LOT more information....

Agreed boss.

Based on what I saw on the phoronix website disabling the feature in linux is a 1% performance hit and with all these Spectre-style attacks you need physical access. so this is a big much ya do about nothing.
 

HardReset

Posts: 1,109   +688
1 percent performance penalty https://www.phoronix.com/scan.php?page=article&item=amd-zen3-psf&num=1

Also very hard to actually get anything useful using this vulnerability. AMD is right recommending leaving it on.

Agreed boss.

Based on what I saw on the phoronix website disabling the feature in linux is a 1% performance hit and with all these Spectre-style attacks you need physical access. so this is a big much ya do about nothing.
No. Spectre vulnerability could be exploited using software only. Physical access is not required.
 

hahahanoobs

Posts: 3,352   +1,511
Sounds like a disingenuous article here... does the hacker need to have physical access to the PC in order to hack it? What is the performance hit if you disable PSF?

AMD was quick to slam Intel over this... would like a LOT more information....
Disingenuous. No.
You can't blame one article for not having everything laid out for you. That's what Google and source links are for.

"Both scenarios can be triggered by malicious code as desired, at least theoretically."
 

Squid Surprise

Posts: 4,042   +3,172
Disingenuous. No.
You can't blame one article for not having everything laid out for you. That's what Google and source links are for.

"Both scenarios can be triggered by malicious code as desired, at least theoretically."
No! Responsible reporting shouldn’t force the reader to google for the pertinent information... that’s just lazy reporting!

And as you can read from the replies below mine, there IS information available - the author just couldn’t be bothered to include it.
 

ZedRM

Posts: 447   +251
does the hacker need to have physical access to the PC in order to hack it?
Yes and along with that Admin rights. This applies to all Spectre/Meltdown type vulnerabilities.
What is the performance hit if you disable PSF?
My advice, don't worry about it. The chances of someone actually pulling off a hack difficult enough to work are very, VERY slim. So unless you have something on your system that would be worth the extreme hassle needed to take advantage of this vulnerability, this is nothing sauce. Same goes for the Intel and ARM side of these types of vulnerabilities.

The fuss being made is not justified by the difficulty needed to make them a real problem. Much-ado-about-nothing.
 
Last edited:

summermick

Posts: 83   +114
So what? PC doesn't get virus that often anymore ever since windows comes with free antivirus. Also, hackers are busy making money in bitcoin frauds, don't really spend time and energy to code virus nowadays
 

HardReset

Posts: 1,109   +688
Somehow I get the feeling you would not have said that if it were Intel.
I always base my opinions on facts.

Yes and along with that Admin rights. This applies to all Spectre/Meltdown type vulnerabilities.
No. Spectre does not require physical access or admin rights. Meltdown should require admin rights. Both are software only attacks and will work remotely. When admin access is not required lack of it will probably limit severity.
 

kiwigraeme

Posts: 326   +260
I'm still waiting for everyone with old android or windows xp/7 to have their bank accounts drained.

There are vulnerabilities coming out every week in chips, OS, software etc - Yet when you do the sniff test - most attacks are based on getting people to d/l malware - social engineering phone calls .
Yes we have ransomware , servers hacked , nation state attacks .
Plus you need to clear those funds stolen offshore etc etc.
I'm saying it you have an old phone , do not install unproven apps ( only a few well known ) , leave nfc, BT off - only use data when out and about and not free wifi , keep physical access of your phone - you will be pretty safe ( unless you are in countries that make sim cloning , or number jacking easy ).
I have found a number of phones - surprisingly most had no password - easy to get their phones back as ring most contacted number .

This vulnerability is very high fruit indeed - if you are writing banking software etc - take note but for you mum and dads carry on enjoying the day
 

ZedRM

Posts: 447   +251
No. Spectre does not require physical access or admin rights. Meltdown should require admin rights. Both are software only attacks and will work remotely. When admin access is not required lack of it will probably limit severity.
Incorrect. You are misinofrmed. Spectre/Meltdown type vulnerabilities REQUIRE both a physical presence AND admin/superuser rights to function in the beginning steps of any attack against these. NO ONE can start an attack against these vulnerabilities remotely as evidenced by the fact that no sucessful attacks have been documented in the wild. None. It has not happened and can not happen without someone physically at the target system.

Please review both whitepapers at the site below,
 
Last edited:

Squid Surprise

Posts: 4,042   +3,172
Incorrect. You are misinofrmed. Spectre/Meltdown type vulnerabilities REQUIRE both a physical presence AND admin/superuser rights to function in the beginning steps of any attack against these. NO ONE can start an attack against these vulnerabilities remotely as evidenced by the fact that no sucessful attacks have been documented in the wild. None. It has not happened and can not happen without someone physically at the target system.

Please review both whitepapers at the site below,
I always base my opinions on facts.
Perhaps your definition of “facts” and everyone else’s definition might be different?
 

mongeese

Posts: 492   +109
Staff member
Sounds like a disingenuous article here... does the hacker need to have physical access to the PC in order to hack it? What is the performance hit if you disable PSF?

AMD was quick to slam Intel over this... would like a LOT more information....
Agreed boss.

Based on what I saw on the phoronix website disabling the feature in linux is a 1% performance hit and with all these Spectre-style attacks you need physical access. so this is a big much ya do about nothing.
I'm not sure what you mean by disingenuous. In writing this article, I've taken the facts as presented by AMD and simplified them, then summarized them with concluding quotes. Of course, I have some bias - but I actually agree Lionvibez conclusion that it's not a big deal.

To answer your questions, the hacker doesn't need physical access to the PC to use this particular attack (AMD gives the example of a malicious webpage in their whitepaper). But this attack is the most powerful when it's combined with other spectre/meltdown vulnerabilities, the majority of which require physical access or admin rights, as other commenters have pointed out. As explained in the article, the risk is that this attack can be used to counteract sandbox security measures - which isn't the same the thing as outright extracting data.

The performance hit is going to vary a lot depending on the workload and probably the operating system. Phoronix has done an excellent job doing some preliminary benchmarks, and their conclusion is: "I'm still running some larger server workloads but with everything I've seen today and yesterday across multiple Zen 3 systems the PSF disabling isn't having any major impact... Will update if managing to find any configuration / large workloads where there is a meaningful difference from disabling PSF but at this stage looks to be of limited impact in toggling it at least for common test case scenarios."

And if you want a lot more information, you could read AMD's whitepaper - the only official source of information on the topic - which is linked at the top of the article.
 

zamroni111

Posts: 186   +129
Sounds like a disingenuous article here... does the hacker need to have physical access to the PC in order to hack it? What is the performance hit if you disable PSF?

AMD was quick to slam Intel over this... would like a LOT more information....
The hacker doesn't need physical access. Only privilege to run it's own software code, including cloud function services, e.g. Azure cloud function, aws lambda, etc.
 

HardReset

Posts: 1,109   +688
Incorrect. You are misinofrmed. Spectre/Meltdown type vulnerabilities REQUIRE both a physical presence AND admin/superuser rights to function in the beginning steps of any attack against these. NO ONE can start an attack against these vulnerabilities remotely as evidenced by the fact that no sucessful attacks have been documented in the wild. None. It has not happened and can not happen without someone physically at the target system.

Please review both whitepapers at the site below,
About physical access:
The hacker doesn't need physical access. Only privilege to run it's own software code, including cloud function services, e.g. Azure cloud function, aws lambda, etc.
Like that. For computer that is connected to network, any software-only vulnerability can be exposed without physical access. You'll need physical access for vulnerabilities that expose USB flaw or require access to BIOS. Or similar. Spectre or Meltdown requires neither.

For admin rights. Spectre could be used to extract data from certain running process. To run process you must have privileges to run it and not all processes require admin rights to run. That means admin rights are not needed for Spectre. However admin rights will help because it should allow Spectre to extract data from other processes too.
Perhaps your definition of “facts” and everyone else’s definition might be different?
Like I explain above, no.
 

Squid Surprise

Posts: 4,042   +3,172
I'm not sure what you mean by disingenuous. In writing this article, I've taken the facts as presented by AMD and simplified them, then summarized them with concluding quotes. Of course, I have some bias - but I actually agree Lionvibez conclusion that it's not a big deal.

To answer your questions, the hacker doesn't need physical access to the PC to use this particular attack (AMD gives the example of a malicious webpage in their whitepaper). But this attack is the most powerful when it's combined with other spectre/meltdown vulnerabilities, the majority of which require physical access or admin rights, as other commenters have pointed out. As explained in the article, the risk is that this attack can be used to counteract sandbox security measures - which isn't the same the thing as outright extracting data.

The performance hit is going to vary a lot depending on the workload and probably the operating system. Phoronix has done an excellent job doing some preliminary benchmarks, and their conclusion is: "I'm still running some larger server workloads but with everything I've seen today and yesterday across multiple Zen 3 systems the PSF disabling isn't having any major impact... Will update if managing to find any configuration / large workloads where there is a meaningful difference from disabling PSF but at this stage looks to be of limited impact in toggling it at least for common test case scenarios."

And if you want a lot more information, you could read AMD's whitepaper - the only official source of information on the topic - which is linked at the top of the article.
That's exactly what you should have included in your article :)
It shouldn't have taken my (and other) post to make it happen....
 

ZedRM

Posts: 447   +251
Like that.
You completely misunderstand what that means. You need an injection point for the exploit to render an access vector. On cloud service(which includes VMs) servers remote access is possible but ONLY if the server administrators grant administrative remote access to the hardware(again, physical access). While that practice was once somewhat available, it has been restricted by ALL cloud service providers. This has the result of making remote exploitation impossible without an actor who has physical access to the target system.

Exploitation of standard workstations and desktop/laptop PCs also REQUIRES physical access.

Reading the whitepapers and understanding the context of them is required to build a picture of the very complex nature of these vulnerabilities. This is why so many people misunderstand these problems. They CAN be severe only IF physical access(including remote direct hardware access) exists to begin the attack. Without that access, exploitation is NOT possible!

Common businesses and home/personal users need not worry about it because for those users, worrying is as effective as trying to put C3PO back together with bubble-gum. Not using fixes, or disabling them, will have no adverse effects for 95% of users in the wild.
 

jpuroila

Posts: 332   +183
You completely misunderstand what that means. You need an injection point for the exploit to render an access vector. On cloud service(which includes VMs) servers remote access is possible but ONLY if the server administrators grant administrative remote access to the hardware(again, physical access). While that practice was once somewhat available, it has been restricted by ALL cloud service providers. This has the result of making remote exploitation impossible without an actor who has physical access to the target system.

Exploitation of standard workstations and desktop/laptop PCs also REQUIRES physical access.

Reading the whitepapers and understanding the context of them is required to build a picture of the very complex nature of these vulnerabilities. This is why so many people misunderstand these problems. They CAN be severe only IF physical access(including remote direct hardware access) exists to begin the attack. Without that access, exploitation is NOT possible!

Common businesses and home/personal users need not worry about it because for those users, worrying is as effective as trying to put C3PO back together with bubble-gum. Not using fixes, or disabling them, will have no adverse effects for 95% of users in the wild.
"Physical access" means that you're standing right there next to the actual hardware. Remote direct access is NOT physical access.
 

ypsylon

Posts: 351   +270
Modern CPUs are vast complex designs which for the most part are always prone to some kind of exploits.

Difference between AMD now and Intel then is that AMD up front acknowledge the issue while Intel vulnerabilities were first in the wild and then Intel grudgingly acknowledged their existence.

Another factor. Difference in performance with implemented mitigation. On Gen3 Zen 1%, on Intel various CPUs prone to Spectre - up to 20% in server load. And let's not forget Intel decided to ignore some older designs with fixes.
 

Nobina

Posts: 3,053   +2,848
False. And Windows Defender is pain. It's always getting in the way, throwing false positives and being a nuisance.

Also false.
Can't remember the last time Windows Defender threw up a false positive. It usually happens if you download cracks for games and certain activators and similar software from questionable source. If Windows improved in one area, this would be it. Windows getting viruses all the time is a meme.
 

HardReset

Posts: 1,109   +688
You completely misunderstand what that means. You need an injection point for the exploit to render an access vector. On cloud service(which includes VMs) servers remote access is possible but ONLY if the server administrators grant administrative remote access to the hardware(again, physical access). While that practice was once somewhat available, it has been restricted by ALL cloud service providers. This has the result of making remote exploitation impossible without an actor who has physical access to the target system.

Exploitation of standard workstations and desktop/laptop PCs also REQUIRES physical access.

Reading the whitepapers and understanding the context of them is required to build a picture of the very complex nature of these vulnerabilities. This is why so many people misunderstand these problems. They CAN be severe only IF physical access(including remote direct hardware access) exists to begin the attack. Without that access, exploitation is NOT possible!

Common businesses and home/personal users need not worry about it because for those users, worrying is as effective as trying to put C3PO back together with bubble-gum. Not using fixes, or disabling them, will have no adverse effects for 95% of users in the wild.

"Physical access" means that you're standing right there next to the actual hardware. Remote direct access is NOT physical access.
Right. A web server I had physical access (I touched it, I rebooted it pressing button, I used keyboard attached directly into it) was hacked via internet. I almost could guarantee hacker didn't have physical access to it like I had.

When it comes to Spectre and admin rights. Spectre does not need to break boundaries like Meltdown. One example, POC Spectre working on web browser using Javascript https://leaky.page/

Spectre works without admin rights, just like is should according to whitepaper.