The so-called Inception vulnerability lets Zen chips “dream,” according to researchers at ETH Zürich. Hackers can exploit the flaw to make a compromised system leak data in a novel way. At stake are all products with a Zen architecture, from consumer Ryzen CPUs from 2020 to the latest Epyc server chips.
AMD has been informed in advance and has released patches to close the vulnerability in the Zen architecture. However, there will likely remain hundreds of thousands of PCs that never receive these updates, as users will rarely perform a BIOS flash. The researchers explained that the vulnerability leaves open an execution window that allows attackers to manipulate the chip’s processes.
Slow, but dangerous
The Inception vulnerability has been named CVE-2023-20569 at the U.S. security database NIST. Modern CPUs rely on what’s known as speculative execution, which means tasks are predicted and already calculated by one of the cores. Then, when that action actually occurs, it can be executed a lot faster than it otherwise would have been.
So the vulnerability is dangerous, but only if a system is already dealing with an intruder. Then the malicious party can inject a simple bit of programming code to send data. The CPU then “thinks” via a simple instruction that it has a recursive function and then leaks data through the prediction pipeline. It would involve a few bits per second, so data extraction is not very smooth.
AMD speaking out
AMD itself indicates that the vulnerability deserves the designation “Medium.” The chip manufacturer notes that Inception is very similar to Spectre, which a few years ago became known worldwide as an AMD significant threat. There is no known active exploitation in the real world.
Products with Zen 3 and Zen 4 architectures already have a BIOS update available. For older chips, such as the first two Ryzen series (1000 and 3000), a protection layer would have already been applied to the branch predictor. For Zen 2, the so-called Zenbleed bug recently came to light.
Also read: ‘Zenbleed’ bug can loot sensitive data from Zen 2 processors