5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%
Bulletin ID: AMD-SB-1036 **Potential Impact:**Loss of Confidentiality **Severity:**Medium
AMD is providing an update for one recommended mitigation for CVE-2017-5715 previously known as Spectre Variant 2. The speculative execution window of AMD LFENCE/JMP mitigation (MITIGATION V2-2) may be large enough to be exploited on AMD CPUs.
As of the date of this disclosure, AMD is not aware of any active exploits in the wild of AMD products that use CVE-2017-5715.
CVE-2021-26401
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
Server
Desktop
High End Desktop (HEDT)
Workstation
Mobile
Chromebook
AMD recommends using one of the other published mitigations (V2-1 aka ‘generic retpoline’ or V2-4 aka ‘IBRS’) for CVE-2017-5715. Currently in Linux, users can control which mitigation is used at boot time. Users can choose the generic retpoline at boot time by using the spectre_v2 Linux kernel command for turning on retpoline: spectre_v2=retpoline,generic.
Alternatively, users can update their version of the Linux kernel that incorporates a patch provided by AMD to the Linux community. The patch includes using generic retpoline, if retpoline is enabled and not explicitly set to the AMD Retpoline (spectre_v2=retpoline,amd).
AMD has provided updated guidance in “Software Techniques for Managing Speculation on AMD Processors” located here: <https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf>
We continue to look for ways to make our products more secure, including working closely with partners, academics, researchers, and end users in the ecosystem.
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
10.7%