AMD and Intel Processor Advisory
AMD and Intel Processor Advisory
AMD and Intel Processor Advisory
Lenovo Security Advisory: LEN-79451
Potential Impact: Information disclosure
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2022-0001, CVE-2022-0002, CVE-2021-26401, CVE-2017-5715
Summary Description:
AMD and Intel have reported potential security vulnerabilities in some AMD and Intel Processors that may allow information disclosure against the Linux kernel. AMD and Intel are releasing prescriptive guidance to address these potential vulnerabilities.
Mitigation Strategy for Customers (what you should do to protect yourself):
AMD recommends using one of the other published mitigations (V2-1 aka ‘generic retpoline’ or V2-4 aka ‘IBRS’) for CVE-2017-5715. Currently in Linux, users can control which mitigation is used at boot time. Users can choose the generic retpoline at boot time by using the spectre_v2 Linux kernel command for turning on retpoline: spectre_v2=retpoline,generic.
Alternatively, users can update their version of the Linux kernel that incorporates a patch provided by AMD to the Linux community. The patch includes using generic retpoline, if retpoline is enabled and not explicitly set to the AMD Retpoline (spectre_v2=retpoline,amd).
AMD has provided updated guidance in “Software Techniques for Managing Speculation on AMD Processors” located here: https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf
Intel recommends that affected Intel Processors disable access to managed runtimes in privileged modes to help prevent managed runtimes from being used as disclosure gadgets, such as unprivileged Extended Berkeley packet filter (eBPF) in kernel mode. Intel has worked with the Linux community to make this option available to all Linux users beginning in the Linux Kernel 5.16 stable version. This option is already available in some Linux distributions. Systems administrators and end users should check with their Linux vendor to determine the status of the operating system version they are using. Additional technical details from Intel can be found here.
References:
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2022-03-08 | Initial release |
Your feedback helps to improve the overall experience