CVE-2017-5715 flaw affects AMD processors

AMD Spectre Vulnerability
Earlier we mentioned that researchers found that Intel and ARM processors are still affected by speculative execution-related vulnerabilities. These vulnerabilities are mainly Spectre and Meltdown series, and the industry was actively responding to them in 2016-2017.
What the researchers found this time is that the Spectre variant can be reused through a side-channel attack. Essentially the vulnerability is the same, it’s just that researchers find new attack methods. And this attack affected Intel and ARM and can also use speculative execution technology to steal data.

AMD Spectre Vulnerability

It is worth noting that the researchers did not mention that AMD also has such side-channel attacks. However, Intel researchers found that AMD’s previous microcode updates for the Spectre series of vulnerabilities had long since expired, that is to say, although AMD processors are not affected by this new side-channel attack, attackers only need to use the previous method to launch the attack. AMD has also released a microcode update to fix the speculative execution series of vulnerabilities.

According to an advisory issued by AMD, the following products are affected by speculative execution-related vulnerabilities:

Server

  • 1st/2nd/3rd Gen AMD EPYC™ Processors

Desktop

  • AMD Ryzen™ 2000 series Desktop processor
  • AMD Ryzen™ 3000 Series Desktop processor
  • AMD Ryzen™ 5000 Series Desktop processor
  • AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Desktop processor with Radeon™ graphics

High End Desktop (HEDT)

  • 2nd Gen AMD Ryzen™ Threadripper™ processors
  • 3rd Gen AMD Ryzen™ Threadripper™ processors

Workstation

  • AMD Ryzen™ Threadripper™ PRO processors

Mobile

  • AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 2000 Series Mobile processor
  • AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile processor with Radeon™ graphics
  • AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics
  • AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Mobile processor with Radeon™ graphics

Chromebook

  • AMD Athlon™ 3000 Series Mobile processor with Radeon™ graphics
  • AMD Athlon™ Mobile processor with Radeon™ graphics
  • AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics

AMD recommends using other published mitigations for CVE-2017-5715, currently in Linux users can control which mitigations are used at boot time. Users can choose the generic retpoline at boot time by using the spectre_v2 Linux kernel command for turning on retpoline: spectre_v2=retpoline,generic. AMD has submitted code to the Linux kernel to mitigate this vulnerability, and if the user does not want to manually set it, upgrading the kernel directly can also alleviate the problem.

AMD didn’t mention it for Windows, but it should have incorporated fixes in the March 2022 cumulative update. Based on security considerations, it is recommended that security-conscious individual users and enterprises install patches as soon as possible.