All AMD Zen Chips Are Vulnerable To The New Inception Attack, As Are Some Intel
But It’s Very Unlikely To Be Leveraged
Speculative branch attacks are getting to be all too common, with Inception adding yet another to the count. On the one hand it is quite worrisome as all Zen cores, from the original to the new generation of Zen 4 are theoretically vulnerable to it as well as a handful of Intel chips. If a system was infected it could allow the attacker to scoop passwords and RSA keys invisibly. The mitigation until the cores are patched would also have the same effect as prior speculative branch vulnerabilities, and no one wants to artificially slow the performance of their machine.
However there is good news about Inception as well, firstly that the attacker is required to already have significant control over the system to leverage the attack. This makes it almost redundant as the attacker would likely already have easier ways to grab that data with other more effective malware. The second piece of good news comes from AMD’s response to Bleeping Computers post, which is that Zen 1 and 2 are already immune to Inception and the patch for Zen 3 and 4 will be coming out as in a new AGESA update. The BIOS updates should then soon start to flow, with no impact on performance.
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models.