CVE-2017-5715 flaw affects AMD processors
It is worth noting that the researchers did not mention that AMD also has such side-channel attacks. However, Intel researchers found that AMD’s previous microcode updates for the Spectre series of vulnerabilities had long since expired, that is to say, although AMD processors are not affected by this new side-channel attack, attackers only need to use the previous method to launch the attack. AMD has also released a microcode update to fix the speculative execution series of vulnerabilities.
Server
- 1st/2nd/3rd Gen AMD EPYC™ Processors
Desktop
- AMD Ryzen™ 2000 series Desktop processor
- AMD Ryzen™ 3000 Series Desktop processor
- AMD Ryzen™ 5000 Series Desktop processor
- AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
- AMD Ryzen™ 5000 Series Desktop processor with Radeon™ graphics
High End Desktop (HEDT)
- 2nd Gen AMD Ryzen™ Threadripper™ processors
- 3rd Gen AMD Ryzen™ Threadripper™ processors
Workstation
- AMD Ryzen™ Threadripper™ PRO processors
Mobile
- AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
- AMD Ryzen™ 2000 Series Mobile processor
- AMD Ryzen™ 3000 Series Mobile processor, 2nd Gen AMD Ryzen™ Mobile processor with Radeon™ graphics
- AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics
- AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
- AMD Ryzen™ 5000 Series Mobile processor with Radeon™ graphics
Chromebook
- AMD Athlon™ 3000 Series Mobile processor with Radeon™ graphics
- AMD Athlon™ Mobile processor with Radeon™ graphics
- AMD Ryzen™ 3000 Series Mobile processor with Radeon™ graphics
AMD recommends using other published mitigations for CVE-2017-5715, currently in Linux users can control which mitigations are used at boot time. Users can choose the generic retpoline at boot time by using the spectre_v2 Linux kernel command for turning on retpoline: spectre_v2=retpoline,generic. AMD has submitted code to the Linux kernel to mitigate this vulnerability, and if the user does not want to manually set it, upgrading the kernel directly can also alleviate the problem.
AMD didn’t mention it for Windows, but it should have incorporated fixes in the March 2022 cumulative update. Based on security considerations, it is recommended that security-conscious individual users and enterprises install patches as soon as possible.