AMD forced to fix Spectre patch after Intel reveals flaws

Spectre
(Image credit: Future)

Intel has revealed several apparent shortcoming in some of the security protections offered by its great rival AMD.

The company had recently discovered new Spectre-like vulnerabilities affecting both its chips, as well as those produced by ARM. AMD’s devices were reportedly immune, but while Intel was investigating its rival's previous patches to try and find a way to mitigate the new flaws, it found them to be broken.

AMD was immediately notified, and the company quickly pushed a new security bulletin, updating its guidance, and recommending an alternative solution to the Spectre problem. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

AMD issued the flawed solution back in 2018, and now it would seem that almost every modern AMD processor, including Ryzen and EPYC families, is affected. 

No known exploits

In its security bulletin, AMD acknowledges the problem, but adds that there is no evidence of the flaw being abused on any endpoints in the wild. 

Last week, news broke of a new variant of the dreaded Spectre vulnerability being discovered, albeit in a proof-of-concept. However, the sheer promise of its destructive power prompted all major chipmakers into action.

Researchers from Intel and VUSec discovered the flaw in both Intel and ARM devices, and have dubbed it Branch History Injection (BHI). 

It bypasses Intel’s eIBRS, as well as Arm’s CSV2 mitigations, enabling cross-privilege Spectre-v2 exploits, and kernel-to-kernel exploits. It also allows threat actors to inject predictor entries into the global branch prediction history, essentially leaking sensitive data, such as passwords.

The list of affected chips is quite extensive, covering all of Intel’s processors, from Haswell (2013) onwards (to Ice Lake-SP and Alder Lake) are reportedly affected, as well as various ARM chips (Cortex A15, A57, A72, Neoverse V1, N1, N2).

Fortunately, this is also just a proof-of-concept vulnerability that is already being mitigated by both companies, which means its use on laptops or computers in the wild should be relatively limited. However, previous fixes all affected the performance of the chips, a problem that might rear its ugly head, once again.

Spectre, along with Meltdown, are two extremely severe hardware vulnerabilities that affect Intel, IBM POWER, and some ARM-based processors. While Intel has since implemented hardware mitigations for the vulnerability in newer processors, older ones have to rely on software fixes that come with a performance penalty.

A detailed breakdown of the vulnerability, and its exploit (which seems to be relatively more complex than its early-days predecessor), can be found on this link.

Via: Tom's Hardware

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.