AMD takes security vulnerabilities very seriously and seeks to respond quickly and appropriately.
We regularly issue security bulletins to our partners. Such communications can include a description of the vulnerabilities and their potential issues, their severity based on our CVSS scores and attributions to reporters of those vulnerabilities
AMD recommends following the security best practices of keeping your operating system up-to-date, operating at the latest version revisions of platform software (BIOS, BMC/TSM, FW, etc)., utilizing safe computer practices and running antivirus software
Secure Encrypted Virtualization Invalid ECC Curve Points (CVE-2019-9836)
At AMD, security remains a top priority and we continue to work to identify any potential risks for our customers. Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior. AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk.
Researchers reported a new vulnerability called RamBleed that exploits the electrical interaction between close-packed DDR3 and DDR4 DRAM circuitry to potentially expose kernel privileges and confidential information. Based on our internal analysis, AMD believes the industry-known mitigations for RowHammer, in addition to AMD Secure Memory Encryption (SME) and AMD Secure Encrypted Virtualization (SEV), protect against RamBleed.
Previous RowHammer Guidance
The RowHammer issue identified in the Google release is an industry-wide DRAM issue that affects DRAMs manufactured on newer process technologies that are not designed to address this issue. AMD microprocessor products include memory controllers designed to meet industry-standard DDR specifications.
The possibility of this issue happening on a system depends on the DRAM in the system. Susceptibility to this issue varies by DRAM vendor, technology, and DRAM device. Contact your system vendor to see if you have susceptible DRAM.
- Upgrade the system BIOS to double the refresh rate to reduce the error rate; or
- Use memory manufactured on older and unaffected technologies or newer memory that has design fixes to address this problem and upgrade your BIOS to recognize the newer memory.
Fallout, Rogue In-Flight Data Load (RIDL), and ZombieLoad Attack (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)
At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.
For more information, see our new white paper, titled “Speculation Behavior in AMD Micro-Architectures.”
We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.
AMD is aware of the latest research published claiming new approaches to speculative execution attacks called SplitSpectre. AMD believes the mitigation is to implement our existing speculative execution recommendations.
AMD does not believe the PortSmash issue (https://seclists.org/oss-sec/2018/q4/123) is related to previously found speculative execution issues like Spectre. Instead, AMD believes the issues are related to any processor that uses simultaneous multithreading (SMT), including those from AMD, that is vulnerable to software that exposes the activity of one process to another running on the same processor. We believe this issue can be mitigated in software by using side-channel counter measures. For example, OpenSSL, which was used in the researcher’s proof of concept, has already been updated to address this type of attack.
AMD Response to Systematic Evaluations of Transient Execution Variants
AMD is aware of the latest research published claiming new speculative execution attacks. AMD believes it is not vulnerable to some of these attacks because of the hardware paging architecture protections in AMD devices and, for those that are not solved by our paging architecture protections, the mitigation is to implement our existing recommendations.
Specific recommendations by published description:
New Variants of Spectre v1 – AMD recommends implementing existing mitigations
- Pattern History Table - Cross Address - Out of Place (PHT-CA-OP)
- Pattern History Table - Cross Address - In Place (PHT-CA-IP)
- Pattern History Table - Same Address - Out of Place (PHT-SA-OP)
New Variants of Spectre v2 – AMD recommends implementing existing mitigations
- Branch Target Buffer - Same Address - In Place (BTB-SA-IP)
- Branch Target Buffer - Same Address - Out of Place (BTB-SA-OP)
New Variant of Meltdown
- Meltdown-BK – AMD believes this does not affect its platforms because AMD does not have this feature in its products
New Variant of Spectre v1 – referred by researchers as a Meltdown variant
- Meltdown-BD – AMD believes 32-bit systems using the BOUND instruction may be impacted and recommends implementing existing mitigations for Spectre v1 for such systems.
2018 Firmware TPM Updates
Earlier this year, AMD disclosed mitigations related to potential security vulnerabilities for AMD firmware Trusted Platform Module (fTPM) versions v.96, v1.22, and v1.37. AMD believes the fTPM vulnerabilities only apply to some of its client processors as fTPM is not enabled on AMD server, graphics and embedded products. AMD has delivered a patch to PC manufacturers to address the issue.
Microsoft Windows users can verify their fTPM version and find instructions to clear the TPM at: https://docs.microsoft.com/en-us/windows/device-security/tpm/initialize-and-configure-ownership-of-the-tpm
AMD has recommended that PC manufacturers qualify and release an updated BIOS integrating the fTPM patch, as appropriate, into production at the next available opportunity and provide guidance to end users to apply fixes as defined based on the product. For fTPM v1.37, AMD has notified PC manufacturers that they should consider updating the system BIOS ahead of clearing the fTPM to help protect generated platform-level keys.
AMD recommends users contact their PC manufacturer for platform-specific instructions as a part of following best security practices to keep devices up-to-date with the latest patches.
Foreshadow (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
8/14/18 – Updated
As in the case with Meltdown, we believe our processors are not susceptible to these new speculative execution attack variants: L1 Terminal Fault – SGX (also known as Foreshadow) CVE 2018-3615, L1 Terminal Fault – OS/SMM (also known as Foreshadow-NG) CVE 2018-3620, and L1 Terminal Fault – VMM (also known as Foreshadow-NG) CVE 2018-3646, due to our hardware paging architecture protections. We are advising customers running AMD EPYC™ processors in their data centers, including in virtualized environments, to not implement Foreshadow-related software mitigations for their AMD platforms.
Spectre Mitigation Update
This week, a sub-variant of the original, Google Project (GPZ) variant 1 / Spectre security vulnerability was disclosed by MIT. Consistent with variant 1, we believe this threat can be mitigated through the operating system (OS). AMD is working with the software ecosystem to mitigate variant 1.1 through operating system updates where necessary. We have not identified any AMD x86 products susceptible to the Variant 1.2 vulnerability in our analysis to-date. Please check with your OS provider for the latest information.
AMD has also updated related portions of the Software Techniques for Managing Speculation on AMD Processors white paper.
Based on our analysis to date we have not identified any AMD products that are vulnerable to TLBleed side channel attack identified by researchers. Security remains a top priority and we will continue to work to identify any potential risks for our customers and, if needed, potential mitigations.
Based on our analysis to date, because of our unique processor implementation we currently do not believe our products are susceptible to the resent security vulnerability identified around lazy FPU switching
“Speculative Store Bypass” Vulnerability Mitigations for AMD Platforms
Today, Microsoft and Google Project Zero researchers have identified a new category of speculative execution side channel vulnerability (Speculative Store Bypass or SSB) that is closely related to the previously disclosed GPZ/Spectre variant 1 vulnerabilities. Microsoft has released an advisory on the vulnerability and mitigation plans.
AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). For technical details, please see the AMD white paper. Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules.
Based on the difficulty to exploit the vulnerability, AMD and our ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation.
We have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in our analysis to-date.
As a reminder, security best practices of keeping your operating system and BIOS up-to-date, utilizing safe computer practices and running antivirus software are always the first line of defense in maintaining device security.
Spectre Mitigation Update
4/10/18 (Updated 5/8/18 to reflect Microsoft release of Windows Server 2016)
Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.
As a reminder, GPZ Variant 1 (Spectre) mitigation is provided through operating system updates that were made available previously by AMD ecosystem partners. GPZ Variant 3 (Meltdown) does not apply to AMD because of our processor design.
While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk. A white paper detailing the AMD recommended mitigation for Windows is available, as well as links to ecosystem resources for the latest updates.
Operating System Updates for GPZ Variant 2/Spectre
Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing. (Note: May 8, 2018 Microsoft released an operating system update for Windows Server 2016.)
AMD Microcode Updates for GPZ Variant 2/Spectre
In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first “Bulldozer” core products introduced in 2011.
AMD customers will be able to install the microcode by downloading BIOS updates provided by PC and server manufacturers and motherboard providers. Please check with your provider for the latest updates.
We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop solutions to protect users from security threats.
The AMD Product Security Incident Response Process
To protect our customers and their data, AMD is committed to developing products and services with high security standards. Reports of potential vulnerabilities are addressed by the AMD Product Security Incident Response Team (PSIRT). This team is responsible for investigating potential vulnerabilities and providing information about potential vulnerabilities to our customers.