It has been a couple of years since the Meltdown bug was first discovered in CPUs and since then, similar bugs have also been found to affect older processors. This week, news of another Meltdown-type vulnerability made its way online, seemingly impacting AMD Zen+ and Zen 2 processors.
Dresden Technology University discovered the vulnerability back in October 2020 and shared their findings with AMD. In a document published by the cybersecurity researchers, we learn that the vulnerability was studied on three processors – the Zen 2-based EPYC 7262 and the Zen+ Ryzen 7 2700X and the Ryzen Threadripper 2990WX. It is also said that this vulnerability impacts Intel processors as well.
The team of cybersecurity researchers is composed of Saidgani Musaev and Christof Fetzer, who both work at the Dresden Technology University. In an AMD Security Bulletin, the vulnerability is identified by the code “AMD-SB-1010”, and is rated with “medium” severity.
According to AMD's description, this vulnerability can be exploited by combining “specific software sequences” with AMD CPUs. Once executed, the CPUs “may transiently execute non-canonical loads and store using only the lower 48 address bits”, potentially causing data leakage. To mitigate the vulnerability, AMD recommends software vendors to look for any potential vulnerability in their code. If detected, they should insert an LFENCE or use any of the existing speculation mitigation techniques.
Discuss on our Facebook page, HERE.
KitGuru says: It looks like Meltdown-like vulnerabilities are here to stay, at least as long as we use older CPUs vulnerable to these flaws. Fortunately, newer CPU architectures already have protections in place to avoid these vulnerabilities.