AMD "INCEPTION" vulnerability on EPYC and Ryzen CPU ( Zen 3, Zen 4)

AMD has received an external report titled ‘INCEPTION’, describing a new speculative side channel attack. AMD believes ‘Inception’ is only potentially exploitable locally, such as via downloaded malware, and recommends customers employ security best practices, including running up-to-date software and malware detection tools. AMD is not aware of any exploit of ‘Inception’ outside the research environment, at this time.

AMD recommends customers apply a µcode patch or BIOS update as applicable for products based on “Zen 3” and “Zen 4” CPU architectures. No µcode patch or BIOS update is necessary for products based on “Zen” or “Zen 2” CPU architectures because these architectures are already designed to flush branch type predictions from the branch predictor.

AMD plans to release updated AGESA™ versions to Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers listed in the AMD security bulletin. Please refer to your OEM, ODM or motherboard manufacturer for a BIOS update specific to your product.


So Ryzen 8000’s good next year, right…? Right…? Hopefully mitigations aren’t performance-killers for some workloads as they were with Intel.

Yeah…We’ll see.

NO, absolutely not.

Every processor out since after and including Ryzen 6000 have Micro$oft Pluton, which is chip-to-cloud “security” inside your CPU. Read as proprietary backdoor, which is 100 times worse than Intel ME or AMD PSP because you can’t do anything about it. Same goes for Intel CPUs and even Qualcomm.

Literally our only hope is RISC-V open-source hardware architecture, other than that future is…this.

1 Like

It’ll be interesting to see what Matthew Garrett says once some further reviews have been done, but I’m comfortable with his initial assessment.

1 Like

I very much doubt you will be able to actually control something that is so hardcore in it’s determination to destroy privacy and security on inside-the-cpu hardware level.

Still a good read!

P.S. aaah…maybe not so good :rofl:

In March 2021, Garrett, who had served on the Free Software Foundation’s board of directors, signed an open letter to the FSF calling for the removal of its entire board and for Richard Stallman to be removed from all leadership positions.

1 Like

His whole blog is full of some really interesting pieces, both for AMD and Intel, as well as other Linux-centric pieces. For anyone else jumping into this, this is his most recent assessment of Pluton :

waiting for benchmark amd from phoronix

Here you go, some benchmark numbers

MariaDB and PostgreSQL looks really bad :frowning_face:

1 Like

I’ve been running mitigations=off since forever, I doubt there are many sophisticated malwares out there capable of exploiting these ‘exploits’. I’m pretty sure I wasn’t hacked, I wouldn’t turn off mitigations on windows, but I trust the penguin to keep me safe if I’m not too stupid.

1 Like

Same, but recently i’ve changed my mind :joy:

why? did they come up with some AI bytestream analyzer or something?

I mean…I’m getting progressively more paranoid through years of :clown_face: :earth_africa: and other circumstances.

And yeah…AI ain’t joke i’m sure, this latest vulnerabilities although in technically the same class, but are pretty impressive in terms of how relatively easy it is to abuse those compared to classical spectre-meltdowns.

20-40% performance hit in MariaDB ?
Ngix more than 10% ?

It seems that the average user won’t feel much…

Average user don’t even know that vulnerabilities exist :rofl:

I wonder if the AGESA to be released will be better than the kernel option, perhaps less performance hit ?

Usually in time they perfect ducttaped solutions, i think they will in time.

Here’s the paper, I understand like 10%, but they talk about training something for the exploit, just what I thought with the older exploits, that you will need some AI to exploit these kinds of vulnerablilities.

In essence, the CPU trains the RSB autonomously with a non-existent control flow. PHANTOMCALLS manipulate the RSB regardless of execution of the target, bypassing AMD’s hardware mitigations such as Zen 2’s chicken bit and the brand-new Automatic IBRS feature for Zen 4.

Idk what this means,

Anyway I don’t see how can this be done from a browser, without some local access or priviledge escalation. Same thing with the older speculative attacks, I didn’t hear any exploits for these in the wild. These are not traditional vulnerabilities, you need some really sophisticated code for getting anything useful out of these.

There were always a few vulnerabilities where you run an innocent looking bash script and you have root. But these are different, afaik you get a bunch of random data and if you lucky and run it long enough you might get something out of it.

1 Like

Well…There are many different ways of RATting out that small script through browser and other means, personally i’m done with taking those chances. :clown_face: