AMD has released information about the vulnerability codenamed Inception (CVE-2023-20569, AMD-SB-7005) discovered by researchers at ETH Zurich. It allows an attacker to steal sensitive data but offers very limited capabilities.
The vulnerability is related to speculative instruction execution, a resource optimization technique for modern processors that relies on branch prediction and allows you to keep the cores and cache loaded rather than waiting for each instruction to execute in sequence. With Inception, an attacker can create a simple instruction that fools the processor into thinking it’s loaded with a recursive function. This sends the instructions to the prediction engine and data theft is possible. The data leak rate is measured in bytes per second, i.e. a terabyte database dump cannot be stolen, however the attack works with short but important fragments, such as: B. Security keys.
The vulnerability is relevant for processors based on Zen 3 and Zen 4 architectures for desktop and server platforms and embedded systems. This is the vast majority of Ryzen 5000 and Ryzen 7000, Ryzen Threadripper 5000, EPYC 7003 and EPYC 9004 processors.
The inception scheme is similar to previously identified branch prediction vulnerabilities such as Specter v2 and Branch Type Confusion (BTC)/RetBleed, AMD said. It is restricted to the current address space and must be known by an attacker in order to be able to exploit it. This means that it can only operate in the event of a local attack, for example by malware, so protection is also implemented using antivirus programs. In addition, AMD has not yet received any information about the existence of inception exploits outside of the research environment. Owners of systems based on Zen 3 and Zen 4 processors are advised to update the firmware in their systems to patched versions or update the BIOS – AMD is currently working with motherboard and computer manufacturers on this issue. The corresponding patch for Windows was released in July.