Meltdown-like vulnerability in AMD Zen+ and Zen 2

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers have uncovered a vulnerability in AMD Zen+ and Zen 2 CPUs that is similar to the Meltdown vulnerability in Intel processors. AMD has created a mitigation guide for the vulnerability and published details on how the vulnerability works.


I became aware of the issue via the following tweet, which is explained in this article on Tom's Hardware. 

Meltdown-like vulnerability in AMD Zen+ & Zen 2

Saidgani Musaev and Christof Fetzer from the Technical University of Dresden have discovered the CVE-2020-12965 vulnerability in AMD Zen+ and Zen 2 processors. A report of the vulnerability was made to AMD in October 2020, giving the manufacturer enough time to develop a mitigation technique. AMD took the vulnerability from the official publication on Arxiv (PDF) and described it on the AMD security website. It states:

AMD has reviewed the CVE-2020-12965 Transient Execution of Non-Canonical Accesses vulnerability submitted by a researcher. In combination with certain software sequences, AMD CPUs can perform transient non-canonical load and store operations using only the lower 48 address bits, which can lead to data leaks.Lade- und Speicheroperationen durchführen, wobei nur die unteren 48 Adressbits verwendet werden, was zu Datenlecks führen kann.

AMD recommends software vendors analyze their code for potential vulnerabilities related to this type of transient execution. Potential vulnerabilities can be addressed by inserting an LFENCE or by using existing speculation mitigation techniques as described here.

Tom's Hardware mentions here that AMD released driver patches for Ryzen chipsets supporting the Zen+ and Zen 2 architectures last week. It wasn't explicitly stated there what was fixed. However, AMD did indicate that the patches fix an issue in the Platform Security Processor. However, AMD told Toms Hardware that these patches are not related to the Transient Execution Bug. 


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *