AMD CPU Branch Type Confusion

Bulletin ID: AMD-SB-1037 **Potential Impact:**Information disclosure, arbitrary speculative code execution **Severity:**Medium

Summary

This security bulletin addresses two issues related to CVE-2017-5715 previously known as Spectre Variant 2. As part of our efforts to continue improving security features, AMD has investigated additional issues related to CVE-2017-5715. This security bulletin addresses subsequent potential issues.

CVE Details

CVE-2022-23825 (Branch Type Confusion_)_

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

CVE-2022-29900 (RETbleed) (aka CVE-2022-23816)

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Affected Products

Desktop

• AMD Athlon™ X4 processor
• AMD Ryzen™ Threadripper™ PRO processor
• 2nd Gen AMD Ryzen™ Threadripper™ processors
• 3rd Gen AMD Ryzen™ Threadripper™ processors
• 7th Generation AMD A-Series APUs
• AMD Ryzen™ 2000 Series Desktop processors
• AMD Ryzen™ 3000 Series Desktop processors
• AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics

Mobile

• AMD Ryzen™ 2000 Series Mobile processor
• AMD Athlon™ 3000 Series Mobile processors with Radeon™

Graphics

• AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
• AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
• AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

Chromebook

• AMD Athlon™ Mobile processors with Radeon™ graphics

Server

• 1st Gen AMD EPYC™ processors
• 2nd Gen AMD EPYC™ processors

Mitigation

AMD is recommending the software community follow the guidance found in our Technical Guidance for Mitigating Branch Type Confusion1

As of the date of this disclosure, AMD is not aware of any active exploits in the wild of AMD products relating to CVE-2017-5715.