In cursory: AMD along with security researchers at the Dresden Technical University have disclosed a vulnerability in some AMD processors similar to the Meltdown and Spectre vulnerabilities for Intel CPUs that were first disclosed three years ago. AMD has already outlined multiple mitigation techniques to fight these vulnerabilities.

TU Dresden researchers Saidgani Musaev and Christof Fetzer notified AMD of the exploit in Zen+ and Zen ii processors which they call "Transient Execution of Non-Canonical Accesses," directly comparison them to Spectre and Meltdown. AMD'southward security bulletin refers to the vulnerability with the name CVE-2020-12965.

AMD says the principal take chances is that this could cause processors to leak information they aren't supposed to. "When combined with specific software sequences, AMD CPUs may transiently execute not-approved loads and store using just the lower 48 address $.25 potentially resulting in data leakage," it writes.

Musaev and Fetzer outlined the vulnerability in a research paper. AMD followed this up with its own review which it published on the bulletin. On the aforementioned page AMD also has a certificate outlining its mitigation techniques. "There are a variety of techniques software can use for managing processor speculation, each with different backdrop and merchandise-offs," AMD writes.

AMD recommends developers review their code running on the affected processors and insert an LFENCE, or apply one of the solutions outlined in the certificate. AMD says its later and future processors have more security features to defend against these kinds of vulnerabilities similar SMEP, SMAP, and IBC.

Meltdown and Spectre are hardware-level flaws for Intel CPUs that were disclosed in 2022 earlier being patched. If exploited, Meltdown could expose memory that should've been inaccessible, while Spectre could be used to execute malicious code. Patching the vulnerabilities initially caused hits to performance that were somewhen mitigated.

In March of concluding yr another vulnerability in Intel processors similarly based on a hardware flaw was found, chosen Load Value Injection (LVI). Like Meltdown, information technology can be exploited to leak data that should be protected.

Epitome credit Technical University of Dresden