Return Address Security Bulletin
Bulletin ID: AMD-SB-7005
Potential Impact: Data Confidentiality
Severity: Medium
Summary
AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.
AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time.
Refer to Glossary for explanation of terms
CVE Details
CVE-2023-20569
A side channel vulnerability in some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure.
Mitigation
AMD recommends customers apply either the standalone µcode patch or a BIOS update that incorporates the µcode patch, as applicable, for products based on “Zen 3” and “Zen 4” CPU architectures. AMD plans to release updated AGESA™ versions to Original Equipment Manufacturers (OEM), Original Design Manufacturers (ODM) and motherboard manufacturers (MB) on the target dates listed below. Please refer to your OEM, ODM, or MB for a BIOS update specific to your product, which will follow after the dates listed below, as applicable. No µcode patch or BIOS update, which includes the µcode patch, is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor.
Operating system (OS) configuration options may also be available to help mitigate certain aspects of this vulnerability. AMD recommends users evaluate their risk environment (including the risk of running untrusted local code) when deciding on OS mitigation options and refer to OS-specific documentation for guidance. “Zen 3” and “Zen 4” based systems will require the µcode patch, which is incorporated in the BIOS update, prior to enabling OS configuration options.
Datacenter
Apply either µcode patch or AGESA firmware. When released, the AGESA™ firmware will include the µcode patches.
Mitigation details |
1st Gen AMD EPYC™ Processors |
2nd Gen AMD EPYC™ Processors |
3rd Gen AMD EPYC™ |
4th Gen AMD EPYC™ |
AMD Instinct™ MI300A |
|---|---|---|---|---|---|
µcode |
Not applicable | Not applicable | Milan B0 – 0x0A001079 Milan B1 – 0x0A0011CF or 0x0A0011D1 Milan-X B2 – 0x0A001234 |
Genoa B1: 0x0A10113E Genoa-X B2: 0x0A10123E Bergamo A1: 0x0AA00116 Bergamo A2: 0x0AA00212 |
MI300 A1: 0x0A900101 |
SEV |
Not applicable | Not applicable | 01.01.37.08 | 01.01.37.16 | Not applicable |
AGESA™ Firmware |
Not applicable | Not applicable | MilanPI 1.0.0.C (2023-12-18) |
GenoaPI 1.0.0.9 (2023-07-28) |
MI300 SR5 PI0070 |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
Desktop
Mitigation details |
AMD Ryzen™ 3000 Series Desktop Processors |
AMD Ryzen™ 5000 Series Desktop Processors |
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics |
AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics |
AMD Ryzen™ 7000 Series Desktop Processors |
|---|---|---|---|---|---|
AGESA™ Firmware |
Not applicable | ComboAM4v2PI 1.2.0.B (2023-08-25) |
Not applicable | ComboAM4v2PI 1.2.0.B (2023-08-25) |
ComboAM5 1.0.8.0 (2023-08-25) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
High End Desktop (HEDT)
Mitigation details |
AMD Ryzen™ Threadripper™ 3000 Series Processors |
|---|---|
AGESA™ Firmware |
Not applicable |
OS Config Options |
Refer to your OS vendor |
Workstation
Mitigation details |
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors |
AMD Ryzen™ Threadripper™ PRO 5000WX Processors |
|---|---|---|
AGESA™ Firmware |
Not applicable | ChagallWSPI-sWRX8 1.0.0.7 (2024-01-11) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor |
Mobile – AMD Ryzen™ Series
Mitigation details |
AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics |
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
AMD Ryzen™ 7020 Series Mobile Processors with Radeon™ Graphics |
|---|---|---|---|---|---|
AGESA™ Firmware |
Not applicable | Not applicable | Not applicable | CezannePI-FP6 1.0.0.Fa (2023-08-22) |
Not applicable |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
Mitigation details |
AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics |
AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics |
AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics |
AMD Ryzen™ 7030 Series Processors with Radeon™ Graphics | AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics |
AMD Ryzen™ 7045 Series Processors |
|---|---|---|---|---|---|---|
AGESA™ Firmware |
RembrandtPI-FP7_1.0.0.9a (2023-08-31) |
RembrandtPI-FP7_1.0.0.9a (2023-08-31) |
CezannePI-FP6 1.0.0.Fa (2023-08-22) |
CezannePI-FP6 1.0.0.Fa (2023-08-22) |
PhoenixPI-FP8-FP7_1.0.0.2a (2023-08-23) |
DragonRangeFL1PI 1.0.0.3b (2023-08-30) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
Mobile – AMD Athlon™ Series
Mitigation details |
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics | AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics |
|---|---|---|
AGESA™ Firmware |
Not applicable | Not applicable |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor |
Embedded
Mitigation details |
AMD EPYC™ Embedded 3000 |
AMD EPYC™ Embedded 7002 |
AMD EPYC™ Embedded 7003 |
AMD EPYC™ Embedded 9003 |
|---|---|---|---|---|
AGESA™ Firmware |
Not applicable | Not applicable | EmbMilanPI-SP3 1.0.0.7 (2024-01-15) |
EmbGenoaPI-SP5 1.0.0.3 (2023-09-15) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
Mitigation details |
AMD Ryzen™ Embedded R1000 |
AMD Ryzen™ Embedded R2000 |
AMD Ryzen™ Embedded 5000 |
|---|---|---|---|
AGESA™ Firmware |
Not applicable | Not applicable | EmbAM4PI 1.0.0.4 (2023-09-15) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
Mitigation details |
AMD Ryzen™ Embedded R1000 |
AMD Ryzen™ Embedded R2000 |
AMD Ryzen™ Embedded V3000 |
|
|---|---|---|---|---|
| All V1000 OPNs excluding YE1500C4T4MFH |
YE1500C4T4MFH | |||
AGESA™ Firmware |
Not applicable | Not applicable | Not applicable | EmbeddedPI-FP7r2 1.0.0.6 (2024-01-15) |
OS Config Options |
Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor | Refer to your OS vendor |
References
Technical Update Regarding Speculative Return Stack Overflow
Linux Kernel Admin Guide, SRSO Documentation
Acknowledgement
AMD thanks Daniël Trujillo, Johannes Wikner, and Kaveh Razavi of ETH Zurich for reporting this issue and engaging in coordinated vulnerability disclosure.
Revisions
Revision Date |
Description |
05 Dec 2024 |
Added the Linux Kernel Admin Guide to the Reference section |
30 Apr 2024 |
Added AMD Instinct™ MI300A |
26 Feb 2024 |
AMD has updated the linked whitepaper, Technical Update Regarding Speculative Return Stack Overflow.pdf with new information about SRSO mitigation options that may be present in future AMD processors. |
24 Jan 2024 |
Corrected the Embedded PI version and date for AMD Ryzen™ Embedded V3000 |
16 Jan 2024 |
|
9 Sep 2023 |
The following fix versions are now available: AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics |
8 Aug 2023 |
Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, Athlon, EPYC, Radeon, Ryzen and combinations thereof are trademarks of Advanced Micro Devices, Inc. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD PARTY CONTENT.
© 2024 Advanced Micro Devices, Inc. All rights reserved.