AMD has confirmed that an architectural optimization of Zen 3 series processors can penetrate them through vulnerabilities similar to the old Specter method.
It was almost three years ago that Specter and Meltdown vulnerabilities caused a lot of noise in the processors of companies such as Intel. The problem with the holes was that fixing them had its own complexities, and the design of some parts of the processor had to be changed. Of course, some software solutions were also introduced that were associated with a significant reduction in processor performance. Processors released in the following years hardly solved this problem, but the new Zen 3 architecture of AMD processors continues to withstand attacks that use the same method. It is vulnerable.
AMD recently made an analytical report on the security of its products publish In which he explained the nature of this vulnerability and its complications. In short, the implementation of a feature called “PSF” (short for Predictive Store Forwarding) paves the way for attacks based on versions based on versions 1, 2 and 4 of Specter. According to AMD, PSF capability is a hardware optimization designed to improve code execution performance. The PSF uses the prediction of the relationship between the storage structure and the execution of the code for this purpose, but when a prediction is made incorrectly, the processor ignores the security measures and the vulnerability appears. This is exactly the same as the vulnerability in Spectrum version 4 on some processors.
Software-based applications running in isolated Sandbox isolation software environment are most vulnerable to PSF-based attacks, but programs that use hardware-based isolation are likely to be safe.
By disabling this process optimization feature, AMD says it is possible to prevent such attacks, but since AMD has not found any code that is vulnerable to PSF behavior, the risk of exploiting this problem is “low.” In addition, disabling this feature greatly reduces CPU performance, and AMD believes that users should keep it active; Even if they are not safe from vulnerability.