In its own investigation, Intel’s security team discovered a flaw in AMD’s year-old patch against Specter-based vulnerabilities, according to a report from Tom’s hardware† AMD has since issued an update to its security bulletin, in which it proposes to use an alternative mitigation option and has additional advice for software developers.
Specter is a type of security flaw that affects almost all modern Intel and AMD processors and can allow attackers to access sensitive data while going undetected. Last week, researchers found that Intel and Arm processors are susceptible to a new kind of Specter v2 attack — though it’s just a proof-of-concept — called Branch History Injection (BHI).
During Intel’s investigation into this new potential vulnerability, Intel examined AMD’s LFENCE/JMP Specter mitigation that the company has been using since 2018. Surprisingly, researchers found that it does not provide adequate protection against the threat. As noted in AMD’s security bulletin, the newly discovered vulnerability affects generations of AMD Ryzen processors on both laptop and desktop builds, and also affects second- and third-generation Threadrippers. The researchers who discovered the new flaw performed their exploit on a Linux system and recommended workarounds, including the Retpoline fixes and disabling unprivileged eBPF on Linux systems that have not yet disabled it. So far, there are no examples of using the exploit on other platforms such as Windows.
Patches for Spectre-related vulnerabilities are known to cause performance issues, especially on older hardware. The folks at benchmark platform Phoronix tested the impact of the first patches on both AMD and Intel chips in 2019 and found that, thanks to their patches, Intel chips are much more likely to get bogged down by performance issues, while AMD CPUs are much less affected.