Last year in October cybersecurity researchers Christof Fetzer and Saidgani Musaev of the Dresden Technology University reported a Meltdown-Like vulnerability affecting both the Zen+ and Zen 2 microarchitectures in AMD processors, this vulnerability produced illegal data sequences between both the processor and the microarchitectures.
The process title was reported to be “Transient Execution of Non-canonical Accesses”, however during the time the cybersecurity team that reported this case did not divulge the information to give AMD the proper time frame to investigate and create a mitigating solution.
When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store them using only the lower 48 address bits potentially resulting in data leakage.
— AMD mitigation site for the Transient Execution of Non-canonical Accesses
However, after investigation, it was found that both AMD Zen+ and Zen 2 microarchitectures are not affected by MDS attacks, but they do suffer from “a new Meltdown-like vulnerability.” but it, not just AMD that suffers from this vulnerability as Intel processors that have any vulnerability to MDS attacks are also stated to be affected as well.
Although initial Meltdown vulnerabilities were patched out, there is still a series of new exploits that’s been discovered that can lead to significant performance hits.
After the discovery of the vulnerability in both their Zen CPUs, AMD suggests that any software developers that create codes for both microarchitectures to research their applications and add security measures to stop the vulnerability. AMD also recommends using LFENCE, or Load Fence, instructions or any current possible executive mitigations.
Last week AMD released the driver patches for the Ryzen series chips that support the two Zen microarchitectures however, it didn’t announce whether these patches were in conjunction with this new development.
