New Inception Vulnerability Impacts ALL AMD Zen CPUs Yikes

6
AMD EPYC 9004 Genoa De Lidded 9
AMD EPYC 9004 Genoa De Lidded 9

There is a new set of vulnerabilities being disclosed today. The first we are going to highlight, and AMD’s big one is called “Inception” found by a team at ETH Zurich (Daniël Trujillo, Johannes Wikner, and Kaveh Razavi.) This vulnerability allows an attacker who has compromised a system to start leaking data in a novel attack.

New Inception Vulnerability Impacts All AMD Zen CPUs

For a quick primer, speculative execution is a technique used by modern CPUs to execute instructions on a predictive basis to keep cores fed and caches full instead of waiting for every instruction to execute in a serial fashion. The new Inception vulnerability (CVE-2023-20569) relies on Phantom speculation (CVE-2022-23825) to start an execution window arbitrarily using this feature.

Inception allows an attacker to create a simple instruction that tricks the CPU into thinking it has a recursive function and injects instructions into the prediction pipeline to then leak data. Like most of these attacks, speeds are estimated in the B/s range, so this is not going to be something easy to use to dump a 1TB database quickly. On the other hand, things like security keys can take only a few seconds to dump which is the really scary part.

AMD EPYC 9684X Genoa X And EPYC 7773X Milan X 1
AMD EPYC 9684X Genoa X And EPYC 7773X Milan X 1

While this is a scary vulnerability impacting all Zen through Zen4 products (desktop, server, and embedded) one has to take at least a second to think about how wildly complex even finding something like this is. It takes a lot of creativity to find exploits these days that are hard to even simmer down to a high-level paragraph or two.

AMD’s summary is:

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.

AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time. (Source: AMD)

AMD sent us this statement on the vulnerability:

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. AMD believes ‘Inception’ is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.  AMD is not aware of any exploit of ‘Inception’ outside the research environment, at this time. 

AMD recommends customers apply a µcode patch or BIOS update as applicable for products based on “Zen 3” and “Zen 4” CPU architectures. No µcode patch or BIOS update is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor. 

AMD plans to release updated AGESA versions to Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers listed in the AMD security bulletin. Please refer to your OEM, ODM or motherboard manufacturer for a BIOS update specific to your product. (Source: AMD)

This is certainly a big one, and thanks to AMD for the statement. It sounds like they have been working on this for some time as the Windows patch went live last month.

Final Words

Consider this 1 of 2 that we are going to cover today. There is another big one coming very soon. One of the big challenges is the far-reaching impact of this. Some of the attacks Intel is also vulnerable to, but Intel has mitigations in place that make it harder to exploit on Intel platforms. To us, the bigger impact (by far) is on AMD platforms.

AMD EPYC 3451 Cover
AMD EPYC 3451 Cover

If this sounds exciting, just wait for the next one we will cover today.

If you want to learn more see AMD-SB-7005.

6 COMMENTS

  1. AMD says “no µcode patch or BIOS update is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor” so it seems that the vulnerability does no impact ALL zen cpus but “only” ZEN 3 and ZEN 4 architectures.

  2. @Mauro: This vulnerability requires OS patches (for all Zen) and in case of Zen 3 and Zen 4 uCode.
    @pete: SME wouldn’t help because it exploits data already in the processor register files – which is decrypted.

  3. @Kyle does that mean that this exploit could be used on an unpatched PS5 (zen2 CPU) to extract some DRM keys or jailbreak the ps5?

  4. @JCLOPES: It’s unlikely, but the cleverness of security researchers never ceases to amaze me so I might be wrong.

  5. Why so serious ?
    These things are INHERENT to the whole concept of modern CPU core in multitasking OS.
    IT IS KNOWN that whole LOT of information is leaking through cache access time and speculative execution.

    It is also no secret that all current “solutions” are like patching Swiss cheese.
    It is also obvious that for every disclosed vulnerability there must be several that are either found or have been revealed to NSA&Co and are exploited in secret.

    Given all the conttext, why are you still fapping on every published exploit ?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.