IBPB and Return Stack Buffer Interactions
Bulletin ID: AMD-SB-1040
Potential Impact: Information Disclosure
Severity: Medium
Summary
AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks based on RET predictions in cases where the OS relies on IBPB without the use of additional software mitigations, to flush the return address predictor.
CVE-2022-23824
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Affected Products
Desktop
AMD Athlon™ X4 processor
AMD Ryzen™ Threadripper™ PRO processor
AMD Ryzen™ PRO 5000 Series Desktop Processors
AMD Ryzen™ Threadripper™ 5000 Series Processors
2nd Gen AMD Ryzen™ Threadripper™ processors
3rd Gen AMD Ryzen™ Threadripper™ processors
7th Generation AMD A-Series APUs
AMD Ryzen™ 2000 Series Desktop processors
AMD Ryzen™ 3000 Series Desktop processors
AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Desktop Processor
Mobile
AMD Ryzen™ 2000 Series Mobile processor
AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ graphics
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ graphics
AMD Ryzen™ PRO 7030 Series Mobile Processors
AMD Ryzen™ PRO 5000 Series Mobile Processors
Chromebook
AMD Athlon™ Mobile processors with Radeon™ graphics
Server
1st Gen AMD EPYC™ processors
2nd Gen AMD EPYC™ processors
3rd Gen AMD EPYC™ processors
Mitigation
Mitigations are specific to each of the Hypervisor or OS vendors that are impacted. Not all Hypervisor or OS vendors may be impacted. If applicable, an OS update to address this CVE may be available. AMD recommends that you contact your OS partners for details.
AMD recommends that Hypervisor and OS vendors review their usages of IBPB. In addition to performing the IBPB, AMD recommends software follow guidance such as those described in Mitigation V2-3 of Software Techniques for Managing Speculation.pdf1
Acknowledgement
CVE-2022-23824: AMD thanks Alyssa Milburn, Ke Sun, Henrique Kawakami, Pawan Gupta, Thais Moreira Hamasaki, Lisa Aichele, and Emma Benoit for reporting this issue and engaging in coordinated vulnerability disclosure. This issue was subsequently reported by Pawel Wieczorkiewicz of Open Source Security, Inc.
References
Revisions
| Revision Date | Description |
| 12/6/2022 | Added “Zen 3” products |
| 11/8/2022 | Initial publication |