CVE-2023-20569: 
vulnerability analysis and mitigation

A side channel vulnerability identified as CVE-2023-20569 (also known as INCEPTION or Speculative Return Stack Overflow) affects AMD CPUs. The vulnerability was discovered by researchers from ETH Zurich as an extension of their prior research on Branch Type Confusion (Retbleed). The issue affects all AMD Zen CPUs (Zen1 through Zen4 microarchitectures) and was disclosed in August 2023 (XEN Advisory, ETH Research).

The vulnerability exploits the Return Address Stack (RAS) in AMD CPUs. The RAS is updated when a CALL instruction is predicted, rather than at a later point in the pipeline. Due to its circular stack nature, an attacker can poison the branch type and target predictions to wrap around the entire RAS, overwriting correct return predictions with attacker-controlled ones. This manipulation allows the attacker to control RET speculation in a victim context. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (NVD).

When successfully exploited, this vulnerability allows an attacker to control speculative execution at an attacker-controlled address, potentially leading to information disclosure through speculative side-channels. An attacker might be able to infer the contents of memory belonging to other guests in virtualized environments (XEN Advisory).

AMD has released microcode updates for affected processors, particularly targeting Zen3 and Zen4 CPUs. For systems running Xen hypervisor, booting with 'spec-ctrl=ibpb-entry' parameter is recommended after applying the microcode update. On Zen2 and older CPUs, the existing mitigation of issuing an IBPB on entry to Xen is believed to be sufficient to protect against this vulnerability (XEN Advisory).