AMD Warns Of Potential Spectre-Style Zen 3 Processor Security Vulnerability
The attack is similar in scope to Spectre and involves a feature introduced with Zen 3 called Predictive Store Forwarding (PSF). PSF, in effect, guesses the result of a load and uses speculative execution with subsequent commands. "In typical code, PSF provides a performance benefit by speculating on the load result and allowing later instructions to begin execution sooner than they otherwise would be able to," AMD explains.
"Most of the time, the PSF prediction is accurate. However, there are cases where the prediction may not be accurate and cause incorrect CPU speculation."
AMD outlines two cases where an incorrect PSF prediction can occur. The first is when either a store or load address changes while a program is executing. The second is when "a store/load pair which does have a dependency may alias in the predictor with another store/load pair which does not."
While AMD was able to escape most of the ill-effects of previous Spectre and Meltdown attacks, it explains that there is a possibility that malicious actors could use the PSF to carry out side-channel attacks on a Zen 3 system:
Because PSF speculation is limited to the current program context, the impact of bad PSF speculation is similar to that of speculative store bypass (e.g., Spectre v4). In both cases, a security concern arises if code exists that implements some kind of security control which can be bypassed when the CPU speculates incorrectly. This may occur if a program (such as a web browser) hosts pieces of untrusted code and the untrusted code is able to influence how the CPU speculates in other regions in a way that results in data leakage. This is similar to the security risk with other Spectre-type attacks.
AMD adds that programs relying on software-based sandboxing need to be concerned with the ill-effects of incorrect CPU speculation. Hardware isolation using separate address spaces should, in theory, be immune to these Spectre-patterned attacks.
At this time, AMD has provided instructions via a security bulletin [PDF] on how to disable PSF, as it is enabled by default on Zen 3 processors. The company has also proposed a Linux patch to enable/disable the functionality. We'd assume that AMD is working with Microsoft on patches for Windows-based operating systems as well.
However, since it has not yet seen any real-world attacks that have taken advantage of the PSF, AMD is recommending that most customers leave the feature enabled for now. We'd imagine that this could be due to a performance hit that might be realized when disabling the feature, but AMD didn't provide any guidance on that potential in its support document.