Researchers at ETH Zürich have found vulnerabilities in AMD’s Zen 3 and Zen 4 architecture, affecting CPUs across the board (including laptop, desktop, and data center chips). AMD has promptly acknowledged this attack and has addressed how they will be working on the mitigation process. So, let me explain what is the ‘Inception’ vulnerability affecting AMD processors and whether you should be worried about sensitive data leaks.
AMD Inception Vulnerability Explained
The Inception vulnerability is described as a side-channel attack. Researchers recently discovered that the mitigations implemented by AMD to prevent attackers from altering the state of microarchitectural buffers do not work effectively. This is true even though there are hardware & software mitigations in place, which remove harmful data within an information container such as a file, known as sanitization of the data. By the way, this attack is similar to the ‘Spectre’ vulnerabilities found in Intel CPUs.
Daniël Trujillo, a security researcher focusing on microarchitectures, said the following in relation to the Inception attack, “It looked as though we could make the CPUs manufactured by AMD believe that they had seen certain instructions before, whereas in reality that had never happened.”
AMD’s report states that if newly downloaded malware could be utilizing these vulnerabilities, it can access sensitive and confidential data on your computer. Hence, users with Zen 3 and Zen 4 CPUs are recommended to update their systems timely and keep malware-detection tools active.
The mitigation process is in the pipeline. AMD is not aware of any exploits out in the public utilizing ‘Inception’ vulnerabilities, apart from the research environment. Since the mitigation process has begun anyway, Zen 3/ Zen 4 CPU users will be safe as long as they ensure to patch their systems with AMD’s upcoming AGESA Firmware update for the BIOS, or the µcode patch. You can read more about the Inception attack via the report available here (PDF).
Check If Your AMD CPU is Affected by Inception Attack
In the report linked above, AMD mentions that Zen 3 and Zen 4-based processors will require a µcode patch or an AGESA firmware update for the BIOS to patch the vulnerabilities being exploited by the Inception attack.
Please refer to the list below to check whether your AMD Ryzen CPU is affected by the Inception vulnerability or not. We have detailed both the desktop and laptop processor lineups, which fall under the Zen 3 & Zen 4 architectures below for your reference.
In the desktop CPU lineup (including Workstation):
- 3rd & 4th Gen AMD EPYC CPUs
- Ryzen 5000 & 4000 Series Desktop Processors (including CPUs like Ryzen 5 5600G or Ryzen 7 4700G APUs)
- Ryzen 7000 Series Desktop Processors
- Ryzen Threadripper PRO 5000WX Series Processors
In the laptop (mobile) CPU lineup:
- Ryzen 5000 Series Mobile Processors
- Ryzen 6000 Series Processors (with Radeon Graphics)
- Ryzen 7035 Series Processors (with Radeon Graphics)
- Ryzen 7030 Series Processors (with Radeon Graphics)
- Ryzen 7040 Series Processors (with Radeon Graphics)
- Ryzen 7045 Series Processors
What Steps Should You Take?
AMD talks about the potential impact of the Inception attack on data confidentiality. Hence, it’s imperative for all users to upgrade their BIOS or apply the standalone vulnerability patch, as recommended by AMD. Our BIOS update guide can help you with this. It will also show you how to get to the motherboard manufacturer’s support page to get the standalone patch if needed. Users need to upgrade to the August 2023 AGESA firmware when it rolls out. We will make sure to update you when the patch to fix the vulnerability rolls out.
