This week, AMD published a document detailing the vulnerability of the Zen 3 generation processors. It was revealed that one of the elements of the architecture was susceptible to so-called side-channel attacks, the prominent representatives of which were the Specter and Meltdown vulnerabilities of Intel processors. There were no such problems with AMD processors, but now they have appeared and hit the newest CPUs on the Zen 3 architecture. What happened?
According to AMD, one of the important elements to speed up the work of processors on the Zen 3 architecture is the Predictive Store Forwarding (PSF) prediction engine. As you might guess, this is a process of speculative execution of instructions, when the processor logic tries to predict the result of loading and starts executing instructions that are far in the queue in advance. Typically, the prediction accuracy is very high, explains AMD, which makes it possible to significantly increase computing performance.
However, since the data is processed with predictions in mind, the potential for errors remains. In such cases, the data must be discarded, but, as in the case of the Specter attacks, the malicious code opens up the possibility of gaining unauthorized access to intermediate results of calculations, even in a protected memory area. In particular, according to AMD, the attack on PSF is in many ways similar to the Specter V4 (Speculative Store Bypass) attack.
It should be said that the company’s specialists are not aware of any attacks on Zen 3 processors using a vulnerability in the PSF. Therefore, AMD considers the risk of this vulnerability to be low. For most users, the company does not recommend disabling the PSF function, because this will reduce system performance (it is not specified how much), but at the same time, the company is working on patches to conveniently disable Predictive Store Forwarding. It is claimed that a patch for Linux has already been created. There are likely to be patches for Windows. A PDF document detailing the vulnerability and mitigation options can be downloaded from the company’s website.
If you notice an error, select it with the mouse and press CTRL + ENTER.