Intel’s AMD bug find proves Specter still looms above us

In its own investigation, Intel’s security team discovered a flaw in AMD’s year-old patch against Specter-based vulnerabilities, according to a report from Tom’s hardware† AMD has since issued an update to its security bulletin, in which it proposes to use an alternative mitigation option and has additional advice for software developers.

Specter is a type of security flaw that affects almost all modern Intel and AMD processors and can allow attackers to access sensitive data while going undetected. Last week, researchers found that Intel and Arm processors are susceptible to a new kind of Specter v2 attack — though it’s just a proof-of-concept — called Branch History Injection (BHI).

During Intel’s investigation into this new potential vulnerability, Intel examined AMD’s LFENCE/JMP Specter mitigation that the company has been using since 2018. Surprisingly, researchers found that it does not provide adequate protection against the threat. As noted in AMD’s security bulletin, the newly discovered vulnerability affects generations of AMD Ryzen processors on both laptop and desktop builds, and also affects second- and third-generation Threadrippers. The researchers who discovered the new flaw performed their exploit on a Linux system and recommended workarounds, including the Retpoline fixes and disabling unprivileged eBPF on Linux systems that have not yet disabled it. So far, there are no examples of using the exploit on other platforms such as Windows.

Patches for Spectre-related vulnerabilities are known to cause performance issues, especially on older hardware. The folks at benchmark platform Phoronix tested the impact of the first patches on both AMD and Intel chips in 2019 and found that, thanks to their patches, Intel chips are much more likely to get bogged down by performance issues, while AMD CPUs are much less affected.

Frank Broholm had acquired considerable experience in writing and editing publications before recruited by The Media Today Chronicle News portal as Editorial Manager. His key task is to conduct effective business reviews based on the most recent business…