AMD x86 PREFETCH instruction related side-channels
AMD x86 PREFETCH instruction related side-channels
AMD x86 PREFETCH instruction related side-channels
Lenovo Security Advisory: LEN-65528
Potential Impact: Leaked kernel address space information
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2021-26318
Summary Description:
AMD reported a timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
Mitigation Strategy for Customers (what you should do to protect yourself):
AMD states the attacks discussed in the paper do not directly leak data across address space boundaries. As a result, AMD is not recommending any mitigations at this time.
AMD continues to recommend the following best practices to help mitigate against side-channel issues:
- Keep your operating system up-to-date by operating at the latest version of platform software and firmware which include existing mitigations for speculation-based vulnerabilities
- Follow secure coding methodologies
- Implement the latest patched versions of critical libraries, including those susceptible to side channel attacks
- Utilize safe computer practice and run antivirus software
References:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2021-10-12 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Your feedback helps to improve the overall experience