It's been a rough few weeks for CPU vendors as far as security vulnerabilities go. Just days ago, I wrote about the Downfall vulnerability that affects Intel's 6th through to 11th Generation chips, and just as importantly how a patch can dramatically affect performance. Now it's AMD's turn to take some pain.
AMD's Zen 3 and Zen 4 CPUs are affected by what is known as the 'Inception' vulnerability. Like many recent attacks, this one is a side channel attack that can lead to the exposure of otherwise secure data. AMD says its Zen 1 and Zen 2 generations are unaffected.
Our sister site Tom's Hardware wrote about Inception a few days back. Essentially, the exploit is similar to the more well known Spectre attack. It allows a malicious actor to access data stored in memory by taking advantage of the branch prediction features of modern CPUs. This includes things like passwords and security keys.
AMD says malware would be needed to take advantage of the exploit, which it says for now has not happened outside of research circles. Nevertheless, mitigating patches are coming.
Users will have the option of applying a microcode patch or a full AGESA BIOS update. On the consumer side of things, BIOS' for mobile and desktop processors are set to roll out this month.
Much like it did after the Downfall patches were released for Intel processors, Phoronix tested Linux kernel and microcode mitigations. The results are very much workload dependent. In the worst case, MariaDB lost over 50% of performance. However, more consumer oriented apps like 7zip and Firefox fared better, though 7zip still lost upwards of 13%.
There's a bit of good news for gamers. Phoronix ran the 3DMark Wildlife Extreme benchmark which showed an insignificant drop in performance. That bodes well for gaming. We'll have to wait until patches are rolled out for consumer motherboards before knowing what effects mitigations will have in the Windows ecosystem, but for now it seems as though compute intensive professional and enterprise level software is most affected.
As I said last week when talking about Downfall, there's no need to panic. It will be well worth keeping an eye on your motherboard's product page, and you should update your BIOS when or if the vendor recommends you to do so. It goes without saying that you should also be vigilant at all times and not click dodgy links or run non trusted apps.
I just hope the cures for these vulnerabilities aren't worse than the problems themselves.