Shortly: AMD has confirmed that a microarchitecture optimization in Zen 3 CPUs can be exploited in a similar way to the Specter vulnerabilities that affected Intel CPUs a few generations ago. Turning off optimization is possible, but it will cause performance degradation that AMD does not find useful for all but the most critical deployments of the processors.
In a recently published whitepaper entitled "AMD Predictive Memory Forwarding Security Analysis," AMD describes the nature of the vulnerability and explains the complications it entails. In simple terms, the implementation of Predictive Store Forwarding (PSF) reopens the lines of attack previously threatened by Specter v1, v2, and v4 due to their speculative nature.
AMD describes PSF as a hardware optimization "designed to improve code execution performance by predicting dependencies between loads and storage." Like branch prediction, a feature that made some previous Specter attacks possible, PSF makes predictions so that the processor can execute subsequent instructions faster. PSF creates a vulnerability when an incorrect prediction is made.
False predictions can be the result of two scenarios, AMD says. "First, it is possible that the store / load pair had a dependency for a while, but later no longer has a dependency." Of course, this happens when memory and loads change during the execution of a program. The second scenario occurs "when the PSF predictor structure contains an alias" and the alias is used when it does not. Both scenarios can, at least in theory, be triggered by malicious code as desired.
AMD writes: "Since PSF speculation is limited to the current program context, the effects of bad PSF speculation are similar to speculative memory bypass (Specter v4)."
As with Specter v4, the vulnerability occurs when one of the processor's security measures is circumvented through false speculation. In combination with other attacks; AMD uses Specter v1 as an example. The wrong prediction can lead to data leaks. "This is similar to the security risk of other Specter attacks," says AMD.
Programs that depend on software sandboxing for security are the most vulnerable to PSF attacks. Programs that use hardware isolation can be considered "safe" from PSF attacks because PSF speculations do not occur across address spaces. It also does not occur across authorization domains.
AMD has determined that techniques such as address space isolation are sufficient to stop PSF attacks. However, they do offer the option of deactivating PSF per thread if desired. However, since the security risk is "low" and "AMD does not currently have any code that is classified as vulnerable due to the PSF behavior", it is generally recommended that the PSF function be activated as the default setting, even if no protective measures are in place. t available.