Amd.comAMD-SB-1040IBPB and Return Stack Buffer Interactions
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
23.1%
Bulletin ID: AMD-SB-1040 **Potential Impact:**Information Disclosure **Severity:**Medium
Summary
AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks based on RET predictions in cases where the OS relies on IBPB without the use of additional software mitigations, to flush the return address predictor.
CVE-2022-23824
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Affected Products
Desktop
AMD Athlon™ X4 processor
AMD Ryzen™ Threadripper™ PRO processor
AMD Ryzen™ PRO 5000 Series Desktop Processors
AMD Ryzen™ Threadripper™ 5000 Series Processors
2nd Gen AMD Ryzen™ Threadripper™ processors
3rd Gen AMD Ryzen™ Threadripper™ processors
7th Generation AMD A-Series APUs
AMD Ryzen™ 2000 Series Desktop processors
AMD Ryzen™ 3000 Series Desktop processors
AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Desktop Processor
Mobile
AMD Ryzen™ 2000 Series Mobile processor
AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics
AMD Ryzen™ 6000 Series Mobile Processors with Radeon™ graphics
AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ graphics
AMD Ryzen™ PRO 7030 Series Mobile Processors
AMD Ryzen™ PRO 5000 Series Mobile Processors
Chromebook
AMD Athlon™ Mobile processors with Radeon™ graphics
Server
1st Gen AMD EPYC™ processors
2nd Gen AMD EPYC™ processors
3rd Gen AMD EPYC™ processors
Mitigation
Mitigations are specific to each of the Hypervisor or OS vendors that are impacted. Not all Hypervisor or OS vendors may be impacted. If applicable, an OS update to address this CVE may be available. AMD recommends that you contact your OS partners for details.
AMD recommends that Hypervisor and OS vendors review their usages of IBPB. In addition to performing the IBPB, AMD recommends software follow guidance such as those described in Mitigation V2-3 of Software Techniques for Managing Speculation.pdf1
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
23.1%