AMD has admitted that Zen 3 processors, such as the Ryzen 5000 CPU series, are vulnerable to a side-channel exploit that’s similar to the Spectre flaw that previously impacted a number of Intel processors.
The vulnerability relates to a new feature AMD introduced with Zen 3 called Predictive Store Forwarding (PSF), which is hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting dependencies between loads and stores.
“In typical code, PSF provides a performance benefit by speculating on the load result and allowing later instructions to begin execution sooner than they otherwise would be able to,” AMD explains.
While most of the time PSF predictions are calculated accurately, occasionally it may not be as accurate as it should. When a bad PSF speculation occurs, Zen 3-based processors can be targeted by side-channel attacks.
AMD explained two scenarios where an incorrect PSF prediction can occur: “First, it is possible that the store/load pair had a dependency for a while but later stops having a dependency. This can occur if the address of either the store or load changes during the execution of the program,” it said.
“The second source of incorrect PSF predictions can occur if there is an alias in the PSF predictor structure. The PSF predictor is designed to track stores/load pairs based on portions of their RIP.
“It is possible that a store/load pair which does have a dependency may alias in the predictor with another store/load pair which does not. This may result in incorrect speculation when the second store/load pair is executed.”
AMD has provided instructions on how to disable PSF as this feature comes enabled by default on Zen 3 processors, and the company has also proposed a Linux patch to enable/disable the functionality. AMD has yet to confirm whether a Windows patch is in the works.
However, AMD says that it has not yet seen any real-world attacks taking advantage of PSF, so it’s recommending that customers leave the feature enabled for now. This is likely because disabling PSF could result in a performance hit.