IT Home November 10th, Microsoft released security patch updates for Windows 11, Windows 10, Windows 8.1 and Windows 7 yesterday.
According to reports, the latest November patch fixes a Spectre Variant 2 vulnerability, including an AMD CPU vulnerability codenamed "CVE-2022-23824", which affects almost all AMD Ryzen, EPYC and Athlon desktops, laptops and server processors, but the Ryzen 7000 series chips are not affected.
In a report released earlier today, AMD described this new security vulnerability:
Announcement number: AMD-SB-1040
Potential impact: Disclosure
Severity: Moderate
AMD Aware of a potential vulnerability affecting the AMD CPU, where the operating system relies on IBPB to refresh the return address predictor. This may allow CVE-2017-5715 (formerly known as Spectre Variant 2) to refresh the return address predictor if the operating system relies on IBPB without using additional software mitigation.
cve - 2022 - 23824
IBPB cannot prevent the front branch target of IBPB from returning branch prediction, resulting in potential disclosure.
IT Home learned that the affected products include:
desktop
AMD Athlon™ X4 processor
AMD Ryzen™ Threadripper™ PRO processor
2nd generation AMD Ryzen™ Threadripper™ Processor
3rd generation AMD Ryzen™ Threadripper™ Processor
7th generation AMD A Series APU
AMD Ryzen™ 2000 Series Desktop Processor
AMD Ryzen™ 3000 Series Desktop Processor
AMD Ryzen™ 4000 Series Desktop Processor
Mobile
AMD Ryzen 2000 Series Mobile
AMD Athlon™ 3000 with Radeon™ Graphics Card Series Mobile Processors
AMD Ryzen™ 3000 Series Mobile Processors or 2nd Generation AMD Ryzen™ Mobile Processors
AMD Ryzen™ 4000 Series Mobile Processors
AMD Ryzen™ 5000 Series Mobile Processors
Chromebook
AMD Athlon™ with Radeon™ Graphics Mobile processor
server
first generation AMD EPYC (Xiaolong) processor
second generation AMD EPYC (Xiaolong) processor
third generation AMD EPYC (Xiaolong) processor
