Side-channels Related to the x86 PREFETCH Instruction

Bulletin ID: AMD-SB-1017 **Potential Impact:**Leaked kernel address space information **Severity:**Medium

Summary

Researchers from Graz University of Technology with CISPA Helmholtz Center for Information Security have demonstrated timing and power-based side channel attacks leveraging the x86 PREFETCH instructions on some AMD CPUs. The attacks discussed in the paper do not directly leak data across address space boundaries. As a result, AMD is not recommending any mitigations at this time.

CVE Details

CVE-2021-26318

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.

Affected Products

All AMD CPUs

Mitigation

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

• Keep your operating system up-to-date by operating at the latest version of platform software and firmware which include existing mitigations for speculation-based vulnerabilities
• Follow secure coding methodologies
• Implement the latest patched versions of critical libraries, including those susceptible to side channel attacks
• Utilize safe computer practice and run antivirus software