Tuesday, April 6th 2021

AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

AMD Ryzen 5000 series of processors feature the new Zen 3 core design, which uses many techniques to deliver the best possible performance. One of those techniques is called Predictive Store Forwarding (PSF). According to AMD, "PSF is a hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting dependencies between loads and stores." That means that PSF is another "prediction" feature put in a microprocessor that could be exploited. Just like Spectre, the feature could be exploited and it could result in a vulnerability in the new processors. Speculative execution has been a part of much bigger problems in CPU microarchitecture design, showing that each design choice has its flaws.

AMD's CPU architects have discovered that the software that relies upon isolation aka "sandboxing", is highly at risk. PSF predictions can sometimes miss, and it is exactly these applications that are at risk. It is reported that a mispredicted dependency between load and store can lead to a vulnerability similar to Spectre v4. So what a solution to it would be? You could simply turn it off and be safe. Phoronix conducted a suite of tests on Linux and concluded that turning the feature off is taking between half a percent to one percent hit, which is very low. You can see more of that testing here, and read AMD's whitepaper describing PSF.
Source: AMD Blog
Add your own comment

65 Comments on AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

#26
JB_Gamer
ExcuseMeWtf
Aka literally a "random test variance" amount of difference.

Yeah, nothing to fret about. Just turn it off and move on.
Yes, but how... - anyone?
Posted on Reply
#27
Camm
It should be noted that AMD disclosed the vulnerability AND provided effective mitigation strategies for it, both by disabling the function or by enabling things like Address space layout randomization and hardware privileged domains (which AMD's PSP is capable of) .

This is EXCELLENT by AMD to allow enterprise and end users choice in their risk profile versus shit like Intel hiding vulnerability's and providing no full mitigation strategies.
Posted on Reply
#28
las
evernessince
Officially Intel has far more vulnerabilities than AMD. Any statement that AMD has more vulnerabilities because many of them have not yet been found is pure speculation. You say "Logic 101" but you are really making an assumption based on assumption. That's not logic.
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.
Posted on Reply
#29
Melvis
Why_Me
If I had a dollar for every anti Intel post in the News Forum alone on this site I'd have a new RTX 3080 with money to spare.
If I had a dollar for every anti AMD post in the News Forum alone on this site I'd have ALL the new RTX 3080s with money to spare.
Posted on Reply
#30
Camm
las
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.
The history of recorded payouts vs the resources needed to discover most of these are pretty inverse. The original Spectre disclosure offered the University of the team who disclosed it something like $50k AND to shut the fuck up about it.
Posted on Reply
#31
mtcn77
las
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.
I bet headhunting is the wrong reference here. People have better pay elsewhere.
Posted on Reply
#32
Turmania
1% performance deficit is too much.
Posted on Reply
#33
R-T-B
Chrispy_
Well, presumably when it was originally enabled, it wasn't a known security risk.

Surely that's obvious? Is that really what you're asking?
It is. It was late though, doh! I assume you are correct.
Posted on Reply
#34
Aretak
las
This is the reason why most vulberabilies were found in Intel CPUs; www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; www.guru99.com/bug-bounty-programs.html
AMD already knew about this potential vulnerability when implementing the feature and pre-built a way to turn it off into the chip for enterprise customers who want to be extra cautious. And it's already been shown that turning it off has a within-margin-of-error effect on performance anyway. Bad day for the Intel fanboys who just read the headline and popped the cork on the champagne. :)
Posted on Reply
#35
Vanny
Once again, HenrySomeone is here, attempting to make another thread be about fanboyism within the first few replies.
Posted on Reply
#36
Metroid
I just bought a r9 5900x to replace a r5 3600 and now this ehhe
Posted on Reply
#37
R-T-B
Aretak
AMD already knew about this potential vulnerability when implementing the feature and pre-built a way to turn it off into the chip for enterprise customers who want to be extra cautious. And it's already been shown that turning it off has a within-margin-of-error effect on performance anyway. Bad day for the Intel fanboys who just read the headline and popped the cork on the champagne. :)
If that is the case it's outright irresponsible to leave it on.
Posted on Reply
#38
Vanny
Metroid
I just bought a r9 5900x to replace a r5 3600 and now this ehhe
Enjoy dominating every multicore benchmark.
Posted on Reply
#39
R-T-B
efikkan
The Spectre class of bugs don't really allow people to hack your computer.
Privilege escalation using leaked secrets is not hard.

leaky.page/

A livedemo example of how easy it is to leak data on affected hardware (older spectre class, not this).
Posted on Reply
#40
Metroid
Alexa
Enjoy dominating every multicore benchmark.
Final overclock is 4.4ghz 1.11v, amd overclocking msi b450 gaming plus, everything is very much stable, temperature full load is 75c, dual 120mm fans aka 240mm aio setup, i need a 360mm aio setup. What I'm sad about is that at auto it gets up to 4.9ghz on 3 threads which is very good, however I'm using 20 threads for AI and I just cant use the auto, so no 4.9ghz single core for me unless I stop using the AI workloads I'm doing, sad. I really wanted to use 4.9ghz on things while I could use 4.4 for other things but at 1.11v and that is not possible, to be able to use 4.9ghz I will need at least 1.4v on auto and manual not sure, did not try it yet but 4.9ghz all all threads, not sure if is safe, i mean, multiplier on bios 45x gives a red connotation which means warning/dangerous, so for them up to 44 x 100mhz is all right more than 4400mhz is dangerous.
Posted on Reply
#41
mechtech
Chrispy_
Spectre did actually hurt us in the datacenter; We tend to plan servers on 3 or 5 year lifespans for budget and ROI reasons. We had a lot of Xeon and very little Epyc and after the first round of updates we jumped from about half capacity to about 70% capacity with a trickle less capacity every time more patches were added. Since those hosts were running VMs with access to financial data and confidential data under NDA it would have been irresponsible to leave hyperthreading on too - so within 6 months of the first patches our half-capacity became almost maxed out and some of these servers had several years left on the clock before being budgeted for replacment.

The only reason things aren't as dire as they could have been is that COVID-19 has reduced the server loads these last 13 months. Under normal circumstances, the loss of performance from applying mitigation steps and patches would have f***ed us over, hard, and expensively.
Yikes. Scary stuff.

We have yoga 370 notebooks for work and over the past 3 years with bios updates and windows updates it’s noticeably slower then it was at day 1.
Posted on Reply
#42
Chrispy_
R-T-B
It is. It was late though, doh! I assume you are correct.
LOL.
I also assume, I haven't bothered doing the research to check :)

Presumably AMD wouldn't intentionally take security shortcuts like Intel, as they were using their "we're not affected by Spectre" as a pretty big selling point in the server world. Maybe they're just lying asshats and all megacorps are pure evil. Nothing would surprise me or bother me really, we buy stuff because we have to, not because we want to....
Posted on Reply
#43
R-T-B
R0H1T
No, smeltdown was discovered by Google's project zero! In fact Intel (almost) paid researchers to not disclose similar vulnerabilities out in the open :shadedshu:


www.nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208
Correct. However, google Project zero still accepted the initial standard bounty. It's standard practice to not investigate something without a chance of return in most cases.
Posted on Reply
#44
Chrispy_
mechtech
Yikes. Scary stuff.

We have yoga 370 notebooks for work and over the past 3 years with bios updates and windows updates it’s noticeably slower then it was at day 1.
Absolutely - the Core M-5y71 laptops we have are unusable now. They were barely fast enough in the first place so when you add patch bloat slowdown to Spec-ex mitigations it's dire :P
Posted on Reply
#45
R-T-B
Chrispy_
Presumably AMD wouldn't intentionally take security shortcuts like Intel,
Honestly, speculative execution is the shortcut, and all complex chip vendors use it. Some just have had less research done, but the origin is the same.
Posted on Reply
#46
efikkan
Chrispy_
Presumably AMD wouldn't intentionally take security shortcuts like Intel…
Then that's a product of bias, a bias which unfortunately has become widespread. I've not seen any evidence of Intel taking "security shortcuts".

A shortcut would imply a conscious decision, while the Spectre family is caused by an oversight, an oversight done by numerous companies implementing their own microarchitectures.
Posted on Reply
#47
HD64G
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.
Posted on Reply
#48
Makaveli
HD64G
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.
Most people won't even need to turn this off. No one is going to bother running spectre v4 style attacks to get everyone's cat pictures lol. Maybe if its a server in a data center I can see some precaution.
Posted on Reply
#49
r9
It's simpler to patch into somebody's brain and get their password then exploiting this vulnerability.
Posted on Reply
#50
Vanny
Mr.Mopar392
Once again techpowerup home of the amd haterz and intel though failing lovers.
Wish it could be the home of tech lovers and that's it, nobody should have stockholm syndrome for any company.
Posted on Reply
Add your own comment