AMD FP-DSS Security Bug For Zen 1 CPUs Made Public, Linux Kernel Patched
Made public today was the Floating Point Divider State Sampling bug (stylized as FP-DSS or FPDSS) affecting original AMD Zen 1 (and Zen 1+) processors. The Linux kernel is already to go with a security fix for those still relying on the very first Ryzen or EPYC processors.
Security researchers discovered a transient execution vulnerability that could lead to a user-privileged attacker to leak sensitive data via the floating point divisor units. This just affects local user access to the system and AMD believes risk of data loss is low especially with FP operations in privilege code not being too common. This affects just Zen 1 / Zen 1+ processors and not newer versions of Zen processors from more recent years.
The AMD security bulletin with the details on this FP-DSS/FPDSS security vulnerability can be found via AMD.com.
The Linux kernel has already landed a patch that contains the needed mitigation. In this case all that is needed at the OS level is setting bitβ―9 of MSR C001_1028 to 1. This patch is the simple mitigation now in Linux Git for Linux 7.1 while it will be back-ported to stable Linux kernel versions in the days ahead.
Security researchers discovered a transient execution vulnerability that could lead to a user-privileged attacker to leak sensitive data via the floating point divisor units. This just affects local user access to the system and AMD believes risk of data loss is low especially with FP operations in privilege code not being too common. This affects just Zen 1 / Zen 1+ processors and not newer versions of Zen processors from more recent years.
π AMD Ryzen 7 1800X Zen 1 CPU
The AMD security bulletin with the details on this FP-DSS/FPDSS security vulnerability can be found via AMD.com.
The Linux kernel has already landed a patch that contains the needed mitigation. In this case all that is needed at the OS level is setting bitβ―9 of MSR C001_1028 to 1. This patch is the simple mitigation now in Linux Git for Linux 7.1 while it will be back-ported to stable Linux kernel versions in the days ahead.