AMD Policy for Specter V2 Vulnerability Rated as “Inadequate”, Up to 54% CPU Performance Decline

Intel and Arm processors were hit last week by the Specter V2 vulnerability, the Branch History Injection, or BHI. The Specter exploit was born several years ago, but this new line of mitigation has had a significant effect on both chipmakers. AMD has a very different design of their chips, allowing them to avoid damage this week. However, three Intel security researchers recently wrote a white paper describing AMD’s chipset with code exposures. In review, AMD has now issued a new security bulletin to reflect the new efficiency in ensuring the security of its product.

AMD is moving forward with a “generic” Retpoline approach to fix insufficient procedures to address BHI vulnerability

The initial Specter and Meltdown flaws discovered in December 2017 describe issues with Intel’s chip designs, which were discovered by four separate research teams and reported to the leading company around the same time. Intel’s plans opened a loophole where proof-of-concept code could be introduced into the computer’s kernel, opening up information that should be inaccessible. The flaw in Intel chips was present as early as 1993.

Intel’s third Xe-HPG-powered DG2 GPU spotted: DG2-256 ‘SOC3’ with 256 EU, 2048 ALU

Specter and Meltdown simultaneously affected Intel, Arm and AMD chips when the first results of the attack were located. When the initial attacks were mitigated, security measures were put in place for the chip giants. Yet they were discovered as a quick fix to a problem that would take years to fix.

Over the past few weeks, the BHI has come forward, once again opening up the Specter exploit. Intel and Arm were reported to be the most significant vulnerability effect. However, AMD representatives said that the initial patches from several years ago were still rolling out to their chipset and the company could avoid the attack – or so it was thought.

The VUSec group at the Vrije Universiteit Amsterdam described the AMD strategy for mitigating Specter V2, using the Retpoline strategy. In their findings, the research team notes that AMD’s LFENCE/JMP-founded Retpoline code is considered inadequate. AMD says the approach used by the company works better on company hardware than Retpoline codes which are considered “generic” by the company, which they claim “cause RET on indirect branches” . The default process modifies the indirect branches to the LFENCE/JMP, allowing the AMD chipset to ward off any Specter V2 attack.

Phoronix performance results show up to 54% lower CPU performance as shown below:

Although AMD’s chips weren’t directly affected by the Specter BHB/BHI vulnerabilities, the company was made aware of the exploit’s handling approach, which caused greater issues for Zen CPUs. AMD. Now, the company is initializing the “generic” Retpoline directive recommended to effectively handle the Specter V2 exploit.

AMD to Unveil Radeon RX 6950 XT, RX 6750 XT, RX 6650 XT RDNA 2 Refresh Graphics Cards on April 20: 18 Gbps, Black Edition Reference Designs

The AMD retpoline may be subject to speculation. The speculation execution window for incorrect indirect branch prediction using the LFENCE/JMP sequence can potentially be large enough to allow exploitation using Specter V2. By default, don’t use retpoline,lfence on AMD. Use the generic retpoline instead.


AMD’s security bulletin describes their changes and references Intel’s IPAS STORM team, consisting of Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki. Their article, “You Can’t Always Win the Race: Analyzing LFENCE/JMP Mitigation for Branch Target Injection,” written by Milburn, Sun, and Kawakami, describes AMD’s flaw in more detail and highlights updated previous articles with new information revealed and submitted to AMD. .

LFENCE/JMP is an existing software mitigation option for Branch Target Injection (BTI) and similar transient execution attacks from indirect branch predictions, which are commonly used on AMD processors. However, the effectiveness of this mitigation can be compromised by the inherent race condition between the speculative execution of the predicted target and the architectural resolution of the predicted target, as this can create a window in which code can still be executed from transitory way. This work investigates potential sources of latency that may contribute to such a speculative window. We show that an attacker can “win the race”, and thus this window may still be sufficient to allow exploitation of BTI-like attacks on a variety of different x86 processors, despite the presence of the LFENCE/ JMP.

While it may seem that Intel wants to tarnish AMD’s reputation and appear at the top of the market, that’s hardly the case. Intel notes that the team is reviewing potential security risks. Suppose their product or the products of any other company pose a threat of this magnitude. In this case, it is more beneficial to share and work together to eliminate these important threats, allowing everyone to benefit from all the risks.

Source: AMD, VUSec, Cornell University