Patch Tuesday Delivers Spectre Updates for AMD CPUs

Patch Tuesday Delivers Spectre Updates for AMD CPUs

We’ve discussed Intel’s fixes for Meltdown and Spectre many times over the past few months. AMD’s overall exposure to these specific flaws is known to be lower, but the smaller CPU manufacturer has taken more time to deliver certain fixes than Intel has. Today, solutions for AMD CPUs are also starting to roll out, courtesy of Microsoft’s Patch Tuesday.

First, a bit of primer. Variant 1 and Variant 2 apply to Spectre; the Variant 3 attack is classified as Meltdown and did not impact AMD CPUs. AMD has previously distributed patches for Variant 1 via Microsoft, but Variant 2 required a heavier lift for both Intel and AMD.

The update, KB4093112, contains a number of security fixes. Here’s the section relevant to AMD.

Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) within some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context (See AMD Architecture Guidelines around Indirect Branch Control and AMD Security Updates for more details). Follow instructions outlined in KB4073119 for Windows Client (IT Pro) guidance to enable usage of IBPB within some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.

AMD’s recommended fix for Spectre Variant 2 is to use its Indirect Branch Prediction Barrier (IBPB), described as follows:

This is a write only MSR that both GP faults when software reads it or if software tries to write any of the bits in 63:1. When bit zero is written, the processor guarantees that older indirect branches cannot influence predictions of indirect branches in the future. This applies to jmp indirects, call indirects and returns. As this restricts the processor from using all previous indirect branch information, it is intended to only be used by software when switching from one user context to another user context that requires protection, or from one guest to another guest.

Patch Tuesday Delivers Spectre Updates for AMD CPUs

Tech Report has done some quick spot checks on the performance impact of enabling these features and concluded the hit is less than 3 percent. AMD chips seem to be less impacted overall than Intel cores, though recent Intel chips took a relatively small hit in most workloads. The Variant 2 patch is available for motherboards dating back as far as the original Bulldozer in 2011; AMD has not stated if it will provide fixes for Phenom II or earlier cores. Like Intel, the company may have run into problems with motherboard manufacturer support.

As with Intel, just the Microsoft patch won’t fix this problem. You’ll also need a new UEFI or BIOS from your motherboard vendor. Keep an eye out for these updates; they’ll need to be applied for the patch to function. And the fun may just be starting — Spectre wasn’t one attack, or even two attacks. It represents an entire class of new attacks, all of which target the specific behavior of microprocessors to trick them into performing operations they shouldn’t. We could be cleaning up this mess for years to come.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility
Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility

Apple's new MacBooks and Mac mini have made waves, partly thanks to the new silicon inside of them. Apple's new ARM ecosystem, however, is not without its growing pains.

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.