Update, 8/31/2021 7:30am PT: Updated article and title to clarify that the vulnerability applies to all AMD processors, not just the Zen 2 and Zen+ models listed in the research paper.
Original article:
According to security researchers and AMD, the company's Zen 2 and Zen+ processors suffer from a new Meltdown-like vulnerability, but the problem appears to be far more wide-ranging. AMD has prepared a guide on mitigating the vulnerability and published details about how the vulnerability works, but the company's security bulletin also notes that all AMD CPUs are vulnerable. Called "Transient Execution of Non-canonical Accesses," this vulnerability acts very similarly to the already-disclosed Meltdown vulnerability that only impacts Intel CPUs.
Saidgani Musaev and Christof Fetzer, researchers from Dresden Technology University, discovered the vulnerabilities in AMD Zen+ and Zen 2 processors. The researchers disclosed the CVE-2020-12965 vulnerability to AMD in October 2020, giving the company enough time to develop a mitigation technique that AMD has addressed in the official paper on Arxiv (PDF) and AMD's security website.
The Transient Execution of Non-canonical Accesses vulnerability works by simply combining specific software sequences, where AMD CPUs "may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage." This data leakage is later exploited to access possible secrets stored in the computer, leading to a security problem.
AMD recommends that all software vendors that ship code for its platforms revisit their programs and add mitigations. For example, the company recommends using LFENCE (Load Fence) instructions in the software or any of the existing speculative execution mitigations disclosed in the software manuals here (opens in new tab).
Last week, AMD issued driver patches for Ryzen chipsets that support the Zen+ and Zen 2 architecture without explicitly stating what was fixed. However, the company did note that the patches address an issue in the Platform Security Processor. AMD tells us that those patches aren't related to the Transient Execution bug.