New Inception Vulnerability Impacts ALL AMD Zen CPUs Yikes

Aug 26, 2023

There is a new set of vulnerabilities being disclosed today. The first we are going to highlight, and AMD’s big one is called “Inception” found by a team at ETH Zurich (Daniël Trujillo, Johannes Wikner, and Kaveh Razavi.) This vulnerability allows an attacker who has compromised a system to start leaking data in a novel attack.

For a quick primer, speculative execution is a technique used by modern CPUs to execute instructions on a predictive basis to keep cores fed and caches full instead of waiting for every instruction to execute in a serial fashion. The new Inception vulnerability (CVE-2023-20569) relies on Phantom speculation (CVE-2022-23825) to start an execution window arbitrarily using this feature.

Inception allows an attacker to create a simple instruction that tricks the CPU into thinking it has a recursive function and injects instructions into the prediction pipeline to then leak data. Like most of these attacks, speeds are estimated in the B/s range, so this is not going to be something easy to use to dump a 1TB database quickly. On the other hand, things like security keys can take only a few seconds to dump which is the really scary part.

While this is a scary vulnerability impacting all Zen through Zen4 products (desktop, server, and embedded) one has to take at least a second to think about how wildly complex even finding something like this is. It takes a lot of creativity to find exploits these days that are hard to even simmer down to a high-level paragraph or two.

AMD’s summary is:

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. The attack can result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. This attack is similar to previous branch prediction-based attacks like Spectrev2 and Branch Type Confusion (BTC)/RetBleed. As with similar attacks, speculation is constrained within the current address space and to exploit, an attacker must have knowledge of the address space and control of sufficient registers at the time of RET (return from procedure) speculation. Hence, AMD believes this vulnerability is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools.

AMD is not aware of any exploit of ‘Inception’ outside the research environment at this time. (Source: AMD)

AMD sent us this statement on the vulnerability:

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. AMD believes ‘Inception’ is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools. AMD is not aware of any exploit of ‘Inception’ outside the research environment, at this time.

AMD recommends customers apply a µcode patch or BIOS update as applicable for products based on “Zen 3” and “Zen 4” CPU architectures. No µcode patch or BIOS update is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor.

AMD plans to release updated AGESA versions to Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers listed in the AMD security bulletin. Please refer to your OEM, ODM or motherboard manufacturer for a BIOS update specific to your product. (Source: AMD)

This is certainly a big one, and thanks to AMD for the statement. It sounds like they have been working on this for some time as the Windows patch went live last month.

Consider this 1 of 2 that we are going to cover today. There is another big one coming very soon. One of the big challenges is the far-reaching impact of this. Some of the attacks Intel is also vulnerable to, but Intel has mitigations in place that make it harder to exploit on Intel platforms. To us, the bigger impact (by far) is on AMD platforms.

If this sounds exciting, just wait for the next one we will cover today.

If you want to learn more see AMD-SB-7005.