Print this page
Published in News

Intel claims that AMD suffers from new Spectre BHB vulnerability

by on15 March 2022

 
Its patches have been borked since 2018

Intel has been claiming that AMD is not as safe as is claimed after news of a fresh Spectre BHB vulnerability that only impacts Intel and Arm processors emerged this week.

Intel's said as it started to dig around these new attack vectors it unearthed a problem with AMD Spectre patches.

According to Intel’s STORM security team one of the patches that AMD has used to fix the vulnerabilities has been broken since 2018.

In response, AMD has issued a security bulletin and updated its guidance to recommend using an alternative method to mitigate the Spectre vulnerabilities, thus repairing the issue again.

Intel's processors were recently found to still be susceptible to Spectre v2-based attacks via a new Branch History Injection variant, this despite the company's use of the Enhanced Indirect Branch Restricted Speculation (eIBRS) and/or Retpoline mitigations that were thought to prevent further attacks.

Since it needed a newer Spectre mitigation approach, Intel looked at alternative mitigation techniques. There are several other options, but all entail varying levels of performance tradeoffs.

It looked at AMD's LFENCE/JMP technique which has been used since 2018 to patch the Spectre vulnerabilities.

However, it found that the patch was not sufficient as the chips are still vulnerable. The issue impacts nearly every modern AMD processor spanning almost the entire Ryzen family for desktop PCs and laptops (second-gen to current-gen) and the EPYC family of datacentre chips.

AMD issued a security bulletin (AMD-SB-1026) that states it isn't aware of any currently active exploits using the method described in the paper. AMD instructs its customers to switch to using "one of the other published mitigations (V2-1 aka 'generic retpoline' or V2-4 aka 'IBRS')." The company also published updated Spectre mitigation guidance reflecting those changes.

 

Last modified on 15 March 2022
Rate this item
(2 votes)