Home / Software & Gaming / Security / AMD Zen+ and Zen 2 CPUs affected by new Meltdown-like vulnerability

AMD Zen+ and Zen 2 CPUs affected by new Meltdown-like vulnerability

It has been a couple of years since the Meltdown bug was first discovered in CPUs and since then, similar bugs have also been found to affect older processors. This week, news of another Meltdown-type vulnerability made its way online, seemingly impacting AMD Zen+ and Zen 2 processors. 

Dresden Technology University discovered the vulnerability back in October 2020 and shared their findings with AMD. In a document published by the cybersecurity researchers, we learn that the vulnerability was studied on three processors – the Zen 2-based EPYC 7262 and the Zen+ Ryzen 7 2700X and the Ryzen Threadripper 2990WX. It is also said that this vulnerability impacts Intel processors as well.

The team of cybersecurity researchers is composed of Saidgani Musaev and Christof Fetzer, who both work at the Dresden Technology University. In an AMD Security Bulletin, the vulnerability is identified by the code “AMD-SB-1010”, and is rated with “medium” severity.

According to AMD's description, this vulnerability can be exploited by combining “specific software sequences” with AMD CPUs. Once executed, the CPUs “may transiently execute non-canonical loads and store using only the lower 48 address bits”, potentially causing data leakage. To mitigate the vulnerability, AMD recommends software vendors to look for any potential vulnerability in their code. If detected, they should insert an LFENCE or use any of the existing speculation mitigation techniques.

Discuss on our Facebook page, HERE.

KitGuru says: It looks like Meltdown-like vulnerabilities are here to stay, at least as long as we use older CPUs vulnerable to these flaws. Fortunately, newer CPU architectures already have protections in place to avoid these vulnerabilities. 

Become a Patron!

Check Also

Sony investigating claims of major security breach

This week, a ransomware group claimed to have breached "all of Sony's systems", putting the stolen data up for sale on the dark web. Sony has yet to confirm that an attack has taken place but the company is now investigating.