AMD admits Ryzen 5000 CPU exploit could leave your PC


Spread the love

AMD’s Zen 3 CPU architecture may, according to AMD itself, include a feature that could be exploited by hackers in a Spectre-like side channel attack.

The speculative execution feature—which is a common feature in modern processors— is known as Predictive Store Forwarding (PSF) with Zen 3. Essentially its job is to guess which instruction is most likely to be sent next through the use of branch prediction algorithms, and fetch that command in anticipation. The point is to speed up the performance pipeline within the microprocessor but, as reported by TechPowerUp, the feature comes with its risks. 

In the case that a misprediction occurs, software like web browsers that utilise ‘sandboxing’ could leave your CPU vulnerable to side channel attacks. Just for a few ticks, but that’s all it takes. 

Sandboxing (isolation) is actually designed to prevent threats by putting suspicious code on the naughty step, while questioning its motives. But similarly to the Spectre vulnerabilities we’ve reported on previously, potential changes to the cache state in such instances could result in chunks of your personal data becoming accessible to hackers.

Web browsers don’t tend to rely on isolation processes as much nowadays, due to Spectre and Meltdown vulnerabilities, but there are still risks which AMD outlines forthrightly. A publicly available paper from AMD has this to say under the security analysis header: 

“A security concern arises if code exists that implements some kind of security control which can be bypassed when the CPU speculates incorrectly. This may occur if a program (such as a web browser) hosts pieces of untrusted code and the untrusted code is able to influence how the CPU speculates in other regions in a way that results in data leakage.

“If an attacker is able to run code within a target application, they may be able to influence speculation on other loads within the same application by purposely training the PSF predictor with malicious information.”

There is a way to stay safe against the features possible vulnerabilities though—just turn PSF off. 

AMD doesn’t recommend this as an option, as it has the potential to stunt performance. Meltdown and Spectre mitigations in Intel CPUs had also led to similar performance limitations in some cases.

Surprisingly though, tests show (via Phronix) CPU performance only takes a one percent hit with the feature turned off. 

If you’re concerned, switching it off may be the best option for now then. 

A short-term fix for those currently affected could come in the form of a firmware update, while a more long-term solution will likely have to come in the form of a change to the architecture itself. With previous exploits such as this we’ve seen most of the concern coming from major server providers, who will not want to leave a security hole unpatched.

View Original Article Source Here

Get Paid To Write App Reviews


Related articles

Capcom Fighting Collection Release Date Announced for PS4, Capcom Arcade

Capcom has officially announced that the Capcom Fighting Collection release date will be June 24, 2022 for PS4,...

Outlast 2: Full Game Walkthrough (4K 60fps)

Outlast 2 Game Movie. This is a full walkthrough of the entire game with no commentary on...

The best Tiny Tina’s Wonderlands builds

The Tiny Tina's Wonderlands build system will be pretty familiar to anyone who's played the numbered Borderlands entries...

Among Us Sees Off DDoS Imposters After A Weekend Offline

Image: InnerslothAmong Us servers appear to be back up and running after a weekend of disruption following a...
This Week On Xbox: April 08, 2022
Next Week on Xbox: February 28 to March 4
Road 96 Is Now Available
Roguelike Deckbuilder Roguebook Available Now for Xbox One and Xbox
Capcom Fighting Collection Release Date Announced for PS4, Capcom Arcade
SEGA’s Five Year Super Game Plan Includes AAA Games But
Roblox Job Listing Suggests It’s Finally Coming to PlayStation
Official PlayStation Podcast Episode 426: Returning
Among Us Sees Off DDoS Imposters After A Weekend Offline
Amazon US Launches Pokémon T-Shirt Subscription Service
Kirby And The Forgotten Land Bags The Franchise’s Biggest UK
Review: The Cruel King and the Great Hero (Nintendo Switch)
The best Tiny Tina’s Wonderlands builds
Where is Xur this week and what is he selling?
Dying Light 2 devs are working on new game difficulties,
Elden Ring’s bugged PvP shield spell is mightier than any
Outlast 2: Full Game Walkthrough (4K 60fps)
Donkey Kong 64
Video Game History | Mario, Minecraft & More!
Demon’s Souls (Remake – PS5)
Uncharted 3: Drake’s Deception
God of War: Ascension
Warcraft 3: Reforged – Cinematic Trailer
Battlefield 1 Official Turning Tides Trailer
Ratchet & Clank 60 FPS update live early
DokeV’s New Trailer Shows off Explosively Colorful Gameplay
Kingdom Hearts 4 and Missing Link Websites Now Open
Xbox back compat games added to xCloud streaming service