Latest Patch Tuesday mends Spectre V2 vulnerability affecting AMD Ryzen Windows PCs

Last night was the second Tuesday of the month, which meant it was Patch Tuesday time. As such, Microsoft released the security update for Windows 11, Windows 10, as well as for Windows 8.1, and Windows 7.

Among others, the latest November Patch Tuesday fixes a Spectre Variant 2 like AMD CPU vulnerability tracked under ID "CVE-2022-23824" which affects almost all AMD Ryzen, EPYC, and Athlon desktop, notebook and server processor SKUs. The latest Zen 4-based Ryzen 7000 chips however are not affected.

In an advisory published earlier today, AMD has described the new security flaw:

AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 (previously known as Spectre Variant 2) attacks based on RET predictions in cases where the OS relies on IBPB without the use of additional software mitigations, to flush the return address predictor.

CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.

Hence, users running an AMD system, barring the latest Ryzen 7000 chips, are advised to update their Windows PCs. You can either use Windows Update in Settings to automatically download the update or manually grab the standalone updates from the Microsoft Update Catalog website. Find the links in the articles below:

Here are all the AMD CPU families affected:

Desktop

  • AMD Athlon™ X4 processor
  • AMD Ryzen™ Threadripper™ PRO processor
  • 2nd Gen AMD Ryzen™ Threadripper™ processors
  • 3rd Gen AMD Ryzen™ Threadripper™ processors
  • 7th Generation AMD A-Series APUs
  • AMD Ryzen™ 2000 Series Desktop processors
  • AMD Ryzen™ 3000 Series Desktop processors
  • AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics

Mobile

  • AMD Ryzen™ 2000 Series Mobile processor
  • AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 3000 Series Mobile processors or 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics

Chromebook

  • AMD Athlon™ Mobile processors with Radeon™ graphics

Server

  • 1st Gen AMD EPYC™ processors
  • 2nd Gen AMD EPYC™ processors
  • 3rd Gen AMD EPYC™ processors

Alongside the CPU vulnerability, AMD has also shared details about several security flaws affecting its graphics too. The company released graphics drivers and AGESA updates to fix the issue in its GPUs and integrated graphics, respectively.

In case of the Radeon RX 5000 and RX 6000 series GPUs, the issue is patched with the Radeon 22.5.2 driver. If you are already on a newer driver, you need not have to worry. For PRO series cards, you can grab the AMD Software: PRO Edition 22.Q2 or any newer driver. For AGESA firmware updates, you can head over to AMD"s official website to find more details.

Report a problem with article
Next Article

Save 93% off a lifetime subscription to piZap Pro - now just $39.99

Previous Article

Microsoft announces stretched clusters and more for Azure VMware Solution