Microsoft and Google Project Zero researchers have identified a new category of speculative execution side-channel vulnerability they called “Speculative Store Bypass” or SSB. It is closely related to the previously disclosed GPZ/Spectre variant 1 (Spectre) vulnerabilities. Microsoft released an advisory on the vulnerability and mitigation plans.
Speculative Store Bypass/SSB (Assigned as CVE-2018-3639) Executive Summary
Read the full advisory from Microsoft here.
Affected AMD Systems
AMD recommended mitigations for SSB are being provided by operating system updates back to the Family 15 processors (“Bulldozer” products). Microsoft is completing final testing and validation of AMD-specific updates for Windows client and server operating systems, which are expected to be released through their standard update process. Similarly, Linux distributors are developing operating system updates for SSB. AMD recommends checking with your OS provider for specific guidance on schedules. For technical details, see the AMD whitepaper.
Based on the difficulty to exploit the vulnerability, AMD and its ecosystem partners currently recommend using the default setting that maintains support for memory disambiguation. AMD have not identified any AMD x86 products susceptible to the Variant 3a vulnerability in this analysis to-date. As a reminder against vulnerabilities, AMD highly recommends keeping OS and BIOS up-to-date whenever updates are available and to run an active antivirus software for security and defence.
Learn more about AMD processor security updates at https://www.amd.com/en/corporate/security-updates