AMD Transient Execution of Non-Canonical Accesses - Lenovo Support NL

**Lenovo Security Advisory:**LEN-63220

**Potential Impact:**Data leakage

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-12965

Summary Description:

AMD reported when combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.

Mitigation Strategy for Customers (what you should do to protect yourself):

AMD recommends that software vendors analyze their code for any potential vulnerabilities related to this type of transient execution. Potential vulnerabilities can be addressed by inserting an LFENCE or using existing speculation mitigation techniques as described here.

References:

<https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010&gt;

<https://developer.amd.com/wp-content/resources/90343-D_SoftwareTechniquesforManagingSpeculation_WP_9-20Update_R2.pdf&gt;

<https://www.amd.com/system/files/documents/security-whitepaper.pdf&gt;

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.