Return Address Security Bulletin

Bulletin ID: AMD-SB-7005
Potential Impact: Data Confidentiality
Severity: Medium

Summary

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.

AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time.

Refer to Glossary for explanation of terms

CVE Details

CVE-2023-20569

A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.

Mitigation

AMD recommends customers apply either the standalone µcode patch or a BIOS update that incorporates the µcode patch, as applicable, for products based on “Zen 3” and “Zen 4” CPU architectures. AMD plans to release updated AGESA™ versions to Original Equipment Manufacturers (OEM), Original Design Manufacturers (ODM) and motherboard manufacturers (MB) on the target dates listed below. Please refer to your OEM, ODM, or MB for a BIOS update specific to your product, which will follow after the dates listed below, as applicable. No µcode patch or BIOS update, which includes the µcode patch, is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor.

Operating system (OS) configuration options may also be available to help mitigate certain aspects of this vulnerability. AMD recommends users evaluate their risk environment (including the risk of running untrusted local code) when deciding on OS mitigation options and refer to OS-specific documentation for guidance. “Zen 3” and “Zen 4” based systems will require the µcode patch, which is incorporated in the BIOS update, prior to enabling OS configuration options.