CVE-2017-5715 flaw affects AMD processors

by do son · Published March 13, 2022 · Updated November 28, 2022

Earlier we mentioned that researchers found that Intel and ARM processors are still affected by speculative execution-related vulnerabilities. These vulnerabilities are mainly Spectre and Meltdown series, and the industry was actively responding to them in 2016-2017.

What the researchers found this time is that the Spectre variant can be reused through a side-channel attack. Essentially the vulnerability is the same, it’s just that researchers find new attack methods. And this attack affected Intel and ARM and can also use speculative execution technology to steal data.

It is worth noting that the researchers did not mention that AMD also has such side-channel attacks. However, Intel researchers found that AMD’s previous microcode updates for the Spectre series of vulnerabilities had long since expired, that is to say, although AMD processors are not affected by this new side-channel attack, attackers only need to use the previous method to launch the attack. AMD has also released a microcode update to fix the speculative execution series of vulnerabilities.

According to an advisory issued by AMD, the following products are affected by speculative execution-related vulnerabilities:

Server

1^st/2^nd/3^rd Gen AMD EPYC™ Processors

Desktop

AMD Ryzen™ 2000 series Desktop processor

AMD Ryzen™ 3000 Series Desktop processor

AMD Ryzen™ 5000 Series Desktop processor

AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics

AMD Ryzen™ 5000 Series Desktop processor with Radeon™ graphics

High End Desktop (HEDT)

2nd Gen AMD Ryzen™ Threadripper™ processors

3rd Gen AMD Ryzen™ Threadripper™ processors

Workstation

AMD Ryzen™ Threadripper™ PRO processors

Mobile

AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics

AMD Ryzen™ 2000 Series Mobile processor

AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile processor with Radeon™ graphics

AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics

AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics

AMD Ryzen™ 5000 Series Mobile processor with Radeon™ graphics

Chromebook

AMD Athlon™ 3000 Series Mobile processor with Radeon™ graphics

AMD Athlon™ Mobile processor with Radeon™ graphics

AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics

AMD recommends using other published mitigations for CVE-2017-5715, currently in Linux users can control which mitigations are used at boot time. Users can choose the generic retpoline at boot time by using the spectre_v2 Linux kernel command for turning on retpoline: spectre_v2=retpoline,generic. AMD has submitted code to the Linux kernel to mitigate this vulnerability, and if the user does not want to manually set it, upgrading the kernel directly can also alleviate the problem.

AMD didn’t mention it for Windows, but it should have incorporated fixes in the March 2022 cumulative update. Based on security considerations, it is recommended that security-conscious individual users and enterprises install patches as soon as possible.

CVE-2017-5715 flaw affects AMD processors

Search

Brilliantly

Content & Links