New security vulnerabilities in various modern AMD Ryzen and Epyc processors

A number of modern x86 processors of the current and latest generations have new vulnerabilities that could allow attackers to access sensitive information. As these four vulnerabilities, which are classified as either minor or moderately dangerous, were found by Microsoft as a preventative measure, they have apparently not been exploited to date. AMD has named the affected CPU models in the Athlon, Ryzen, and Epyc series, but whether Intel processors are affected remains to be seen.

Last month, AMD released updates against security leaks in the cryptocoprocessor and TPM of its processors and platforms, but these are high-risk security vulnerabilities. In contrast, AMD classifies the “Transient Scheduler Attacks” (TSA) that have now been found as only moderately dangerous (CVE-2024-36350 and CVE-2024-36357). So-called side-channel attacks could be used to access data from memory locations not reserved for the actual program or from the L1D cache, which could lead to sensitive information being leaked.

Patches only for moderately dangerous leaks

AMD gives the two other vulnerabilities (CVE-2024-36348 and CVE-2024-36349) a lower severity level, even though they could also lead to unauthorized data leakage. However, in these cases, processes would have to speculatively intervene in the control register or execute a specific command to read information, even though this was actually prevented. AMD is not patching these two cases because, according to the manufacturer, no sensitive information is affected. However, there are new firmware versions for the two aforementioned vulnerabilities, which AMD has made available to its partners for corresponding BIOS updates.

If operating system updates are also required, AMD refers to the relevant providers. The Linux community has already reacted and released a kernel patch against TSA, writes Phoronix. The vulnerabilities were discovered by Microsoft. The software company has developed a program to examine x86 processors for leaks in the microarchitecture. These four new leaks were discovered in the process. With this tool, Microsoft wants to offer preventive security checks in CPU designs instead of having to react to gaps with patches, as is often the case.

AMD CPUs with Zen 3 and 4 at risk

The AMD processors impacted by the two security vulnerabilities classified as medium risk are predominantly models with the Zen 3 and 4 architectures. However, not all CPUs with these microarchitectures are affected. According to AMD, only Epyc processors of the third (Milan) and fourth generation (Genoa, Bergamo, and Siena) are impacted, except for Epyc Gen.4 with the code name Raphael. The two previous Epyc generations (Naples and Rome) do not have these vulnerabilities, writes AMD.

The situation is similar for desktop and mobile processors. CPUs from the Ryzen 3000, Athlon 3000, and Ryzen 4000 series are not impacted by these two vulnerabilities; firmware updates are available for Ryzen 5000, 6000, 7000, and 8000. For AMD's high-end desktop and workstation CPUs, only the Ryzen Threadripper Pro 7000 WX series is impacted (codename: Storm Peak). AMD has exempted the Ryzen Threadripper 3000, Pro 3000WX, and Pro 5000WX processors from these vulnerabilities.

Intel has not yet commented on these vulnerabilities, so it is unclear whether Core and Xeon processors could also be affected. The latest list of security information on Intel products does not contain any information on these TSA vulnerabilities.

(fds)