Microsoft yesterday released security patch updates for Windows 11, Windows 10, and Windows 8.1 and Windows 7.
According to reports, the latest November patch fixes a Spectre Variant 2 vulnerability, including AMD CPU vulnerability codenamed “CVE-2022-23824”, which affects almost all AMD Ryzen, EPYC and Athlon desktops and laptops and server processors, though Ryzen 7000-series chips are not affected.
In a report published earlier today, AMD described the new security flaw:
"Bulletin Number: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Moderate AMD is aware of a potential vulnerability affecting AMD CPUs in which the operating system relies on IBPB to flush the return address predictor. This could allow CVE-2017-5715 (formerly known as Spectre Variant 2) RET prediction-based attacks to flush the return address predictor if the OS relies on IBPB without using additional software mitigations. CVE-2022-23824 IBPB cannot prevent IBPB pre-branch target designation from returning branch predictions, leading to potential disclosure."
The affected products include:
desktop
AMD Athlon™ X4 Processor
AMD Ryzen™ Threadripper™ PRO processors
2nd Generation AMD Ryzen™ Threadripper™ Processors
3rd Generation AMD Ryzen™ Threadripper™ Processors
7th Gen AMD A-Series APUs
AMD Ryzen™ 2000 Series Desktop Processors
AMD Ryzen™ 3000 Series Desktop Processors
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
move
AMD Ryzen 2000 Series Mobile Processors
AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 3000 Series Mobile Processors or 2nd Generation AMD Ryzen™ Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
Chromebooks
AMD Athlon™ Mobile Processors with Radeon™ Graphics
server
1st Generation AMD EPYC Processor
2nd Generation AMD EPYC Processor
3rd Generation AMD EPYC Processors