# AMD's turn for some side channel fun



## moproblems99 (Mar 7, 2020)

So, I haven't had a chance to read the whole thing but it looks possibly a variant of Spectre/meltdown.
It also looks like at least Zen and Zen+ are affected.

https://www.google.com/amp/s/www.to...l-attacks-discovered-impacts-zen-architecture



> Like we've seen with many of the recent attacks against modern processors, the two AMD vulnerabilities center on side-channel approaches, in this case a Spectre-based attack, that enable researchers to tease out what would normally be protected information.


----------



## xkm1948 (Mar 7, 2020)

Zen is still very young, plenty of time to find new security vulnerabilities. Nothing designed by human is perfect. Key is how fast it will take for AMD to patch the holes.

Also i hope amd fans take this one well. Just remember these are billion dollar for profit companies, not your bff


----------



## eidairaman1 (Mar 7, 2020)

moproblems99 said:


> So, I haven't had a chance to read the whole thing but it looks possibly a variant of Spectre/meltdown.
> It also looks like at least Zen and Zen+ are affected.
> 
> https://www.google.com/amp/s/www.to...l-attacks-discovered-impacts-zen-architecture



So are you goin back to intel then?


----------



## biffzinker (Mar 7, 2020)




----------



## mtcn77 (Mar 7, 2020)

moproblems99 said:


> So, I haven't had a chance to read the whole thing but it looks possibly a variant of Spectre/meltdown.


I have just 1 problem with that statement. Spectre is not a side channel attack, Meltdown is. Spectre is a branch prediction attack.


----------



## hat (Mar 7, 2020)

Disappointing, yet not particularly surprising. On that note, I've said many times before that I'll be interested to see Intel come up with a new architecture that's not full of holes like Skylake is (apparently that's supposed to be Rocket Lake, in.... uh, 2021?) but it's only a matter of time until they find the holes in that too.


----------



## Chomiq (Mar 7, 2020)

biffzinker said:


> View attachment 147407
> 
> View attachment 147408


HU is really stretching this. Both companies fund research into vulnerabilities, I recall recent Intel one where researchers thanked both Intel and AMD for their donations/gifts (it might have been the same group that discovered this one). It's a standard practice and as a researcher you're obligated to disclose this in your paper, otherwise your funding may be revoked, not to mention the impact on your credibility.
The "gifts" were probably hardware samples for testing, not yachts and speedboats.


----------



## steen (Mar 7, 2020)

mtcn77 said:


> I have just 1 problem with that statement. Spectre is not a side channel attack, Meltdown is. Spectre is a branch prediction attack.


Yep. A followup tweet from the author: "The attacks leak a few bit of meta-data. Meltdown and Zombieload leak tons of actual data." As others have said, it's a matter of time & resources before vulnerabilities are discovered in any piece of hw/sw.



Chomiq said:


> HU is really stretching this.


Agreed. The paper's authors are academics & have published their findings & detailed COI disclosure. Many IHVs fund genuine research. Intel is not the bad actor here. Pity they weren't as concerned over the DLSS 2.0=good/competitor products=bad story shopped by Nv PR since the beginning of the year.


----------



## Bill_Bright (Mar 7, 2020)

xkm1948 said:


> Key is how fast it will take for AMD to patch the holes.


Not just how fast, but IF patching is even possible, and IF it is, IF the patch does not impact performance. 



> Also i hope amd fans take this one well.


And, if applicable, how they treated and commented on Intel when the shoe was on the other foot!


----------



## john_ (Mar 7, 2020)

5 March. AMD Financial Day. Great success.
8 March. Tom's Hardware(who else?) comes out with this article. Coincidence?
Nothing is full proof, but the time of publication, considering that the whole research had Intel behind it, it's not a coincidence, in my opinion.
I do expect extra drama from certain tech press, about how AMD CPUs are as vulnerable as Intel CPUs (ignoring the fact that for every one AMD vulnerability discovered we hear about a dozen for Intel CPUs).


----------



## mtcn77 (Mar 7, 2020)

Spectre is more like the original hyperthreading logical core physical access isolation issue that got canned. I cannot quote on that, forgot the quote.


----------



## R-T-B (Mar 7, 2020)

eidairaman1 said:


> So are you goin back to intel then?



Depends on who is better bang for the buck at the time of purchase.  All you can really do.

I got a superduper deal on my present chip or I'd have went AMD again.  Both sides can and will have issues, decide on what you know at time of purchase.



mtcn77 said:


> Spectre is more like the original hyperthreading logical core physical access isolation issue that got canned. I cannot quote on that, forgot the quote.



Spectre is a general speculative execution bug, always affected AMD but not to this degree.  I think you are thinking of MDS bug family.


----------



## mtcn77 (Mar 7, 2020)

R-T-B said:


> Spectre is a general speculative execution bug, always affected AMD but not to this degree. I think you are thinking of MDS bug family.


Do you think that is how hyperthreading thread snooping worked in the previous instant?
I don't have the words to describe it.


----------



## phill (Mar 7, 2020)

I've personally made my bed and I'm enjoying it (well, so to speak )  

AMD have been an utter winner for me, so that's now where my money will go..  Until such time things change or I feel like a change


----------



## R-T-B (Mar 8, 2020)

mtcn77 said:


> Do you think that is how hyperthreading thread snooping worked in the previous instant?
> I don't have the words to describe it.



I'm saying hyperthreading-thread snooping is not a spectre class vulnerability and thus offtopic.  It is in the MDS-category, which is in itself a speculative execution bug but generally considered seperately for it's different attack vector.

This is literlly what I do for a living, FYI.  I'm a full-time employed security consultant.


----------



## Vya Domus (Mar 8, 2020)

john_ said:


> 5 March. AMD Financial Day. Great success.
> 8 March. Tom's Hardware(who else?) comes out with this article. Coincidence?
> Nothing is full proof, but the time of publication, considering that the whole research had Intel behind it, it's not a coincidence, in my opinion.
> I do expect extra drama from certain tech press, about how AMD CPUs are as vulnerable as Intel CPUs (ignoring the fact that for every one AMD vulnerability discovered we hear about a dozen for Intel CPUs).



I noticed they went as far as testing this on ancient K8 processors, that's pretty ridiculous, we're talking about CPUs from 2003. Clearly they were digging deep everywhere they could to find something. 

You know what's funny though, because of the colossal amount of vulnerabilities found in Intel's architecture everyone has become numb to these things, they could uncover a million more and no one would really care.


----------



## R-T-B (Mar 8, 2020)

Vya Domus said:


> I noticed they went as far as testing this on ancient K8 processors, that's pretty ridiculous, we're talking about CPUs from 2003. Clearly they were digging deep everywhere they could to find something.



No, that's standard practice when hardware vulnerabity testing.  It helps you understand future architectures to understand the ancestry, is how I'd describe it to the layman.

I believe meltdown was tested down to Pentium II class chips, as an example.



Vya Domus said:


> You know what's funny though, because of the colossal amount of vulnerabilities found in Intel's architecture everyone has become numb to these things, they could uncover a million more and no one would really care.



The layman may not care.  But some of us in the know watch this stuff with a career on the line.


----------



## Vya Domus (Mar 8, 2020)

R-T-B said:


> The layman may not care.  But some of us in the know watch this stuff with a career on the line.



Well tell me how many careers have been on the line because of these things then. Come on, this is overly dramatic to say the the least, I haven't heard about a single business or service that has been endangered due to any of these vulnerabilities. I'd go as far as to bet most aren't even aware of them and they're probably never going to be.


----------



## R-T-B (Mar 8, 2020)

Vya Domus said:


> Well tell me how many careers have been on the line because of these things then. Come on, this is overly dramatic to say the the least, I haven't heard about a single business or service that has been endangered due to any of these vulnerabilities.



*I don't know why everyone is worried about getting sick.  Every sickness I have ever had, I survived!

Survivership bias.  It only takes one bad one.

At any rate, cloud hosting has been impacted by this in a big way.  Not much else yet, but if you're the one who'll be fired when they find "the one" you do subscribe to the issue in general.  Believe me it's not just me watching.

Nothing dramatic about that, just my reality.


----------



## Vya Domus (Mar 8, 2020)

R-T-B said:


> At any rate, cloud hosting has been impacted by this in a big way.



In what way ?


----------



## R-T-B (Mar 8, 2020)

Vya Domus said:


> In what way ?



Performance or cross-vm exploitation.  There were articles at some point on the performance impact.  The other?  You probably won't find any.

You don't hear about it because these exploitation issues are usually settled privately in the cloud.  No one likes hurting their parent companies share price when they can just bribe a customer and retroactively patch/fire somebody.

Heck, to be a host for certain cloud services, they literally audit your microcode version and bios settings now.  So yeah, you run into it.


----------



## Vya Domus (Mar 8, 2020)

R-T-B said:


> You don't hear about it because these exploitation issues are usually settled privately in the cloud.



And/or nothing major occurred, you're not really going to tell me everything is in shambles but somehow they're keeping this frail facade up.


----------



## R-T-B (Mar 8, 2020)

Vya Domus said:


> And/or nothing major occurred, you're not really going to tell me everything is in shambles but somehow they're keeping this frail facade up.



It's not.  Most providers patched microcode and/or settled it within weeks with some retroactive firings and patchings.  There was some bios-update downtime but nothing unmanageable.  Maybe some money lost for the careless, but few if anything significant enough to make news.  That wasn't really my point.

My point was more personal: If you were fired, it was probably dramatic and life altering and you probably sucked at your job by not keeping your ears to the ground.

I don't mean to come across as rude, but what's so hard to believe about that?  If you work this field, you care?


----------



## thesmokingman (Mar 8, 2020)

Yea, paid for generously at that by Intel.

This is some ridiculous shit. They even had to resort to using a modified kernel.


__ https://twitter.com/i/web/status/1236333792358531074
Then AMD's take... lolol.



> *3/7/20*
> 
> We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. *AMD believes these are not new speculation-based attacks.*
> 
> ...


----------



## R-T-B (Mar 8, 2020)

thesmokingman said:


> This is some ridiculous shit. They even had to resort to using a modified kernel.



I mean, if you're going to attack a VM hypervisor, a modified kernel is a given.  You don't exactly expect the bad guys to apply their own mitigations, do you?


----------



## john_ (Mar 8, 2020)

R-T-B said:


> But some of us in the know watch this stuff with a career on the line.


Career on the line? Yes, but I don't think that you mean what someone else will read in that comment. 
AMD is gaining in retail, but not so much in OEM and business markets. They move pretty slow there, which in my opinion means that, professionals who setup hundred or thousands of systems for employees, still bet their job on the big name, Intel, no matter how many vulnerabilities will go public. They prefer to install 20 patches and do 5 firmware upgrades and have the excuse "I choose Intel for the company, I choose systems with CPUs from the bigger brand in the world" than going with an AMD option. So, I don't think that we have reach the crossroad where professionals will really, I mean REALLY consider changing Intel because of all those security concerns. I think people who watch this staff are still choosing to ignore this stuff because the other option, going to AMD, still looks unknown and dangerous in other ways.
But that is just a personal opinion.


----------



## Khonjel (Mar 8, 2020)

> For example, an Intel bug that was patched last year was revealed earlier this week to be much worse than previously thought. However, even if the bug impacts more products and can leak more data than previously thought, exploiting it requires jumping through a series of hoops that limit its applicability in the real world.
> The Collide+Probe and Load+Reload are not that kind of attack, at least, according to researchers. *These attacks can be exploited in real-world scenarios, and with rather ease, without needing physical access, special equipment, or to break apart computer cases to connect to hidden ports -- like many past CPU attacks have required.*
> The research team said it managed to exploit the two AMD vulnerabilities *via JavaScript and in a cloud computing environment* -- making the two attacks a palpable danger for real-world deployments of AMD processors.


AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet

So is it worse than Intel flaws? I hear it leaks meta-data but not actually data, whatever that means.


----------



## Vya Domus (Mar 8, 2020)

R-T-B said:


> My point was more personal: If you were fired, it was probably dramatic and life altering and you probably sucked at your job by not keeping your ears to the ground.



People get fired all the time for a million reasons, this is nothing special.


----------



## R-T-B (Mar 8, 2020)

Vya Domus said:


> People get fired all the time for a million reasons, this is nothing special.



It's always special when it involves you.  Don't know about you, but I like to avoid being "not special" and try to avoid being fired for doing a shitty job.  *shrugs*



john_ said:


> Career on the line? Yes, but I don't think that you mean what someone else will read in that comment.



I think I could've worded it better given the confusion, yes.


----------



## moproblems99 (Mar 9, 2020)

eidairaman1 said:


> So are you goin back to intel then?



All depends, if AMD is better, I'll go with whoever has my fancy at the time.  As RTB pointed out, everyone is going to have their own problems. Until someone has a vuln that can leak actually worrisome data on a consistent basis, I am not worried by these class of flaws.

These classes of flaws concern me in the manner that my data sits in data centers that will be the targets.


----------



## Bill_Bright (Mar 9, 2020)

Vya Domus said:


> People get fired all the time for a million reasons, this is nothing special.


I've never been fired in my 50 plus years of working, but I did survive 4 rounds of lay-offs while I worked at a major software development company. And I can tell you it didn't matter how special or not special you were. It was all about the position you filled and the money saved if that position was eliminated. I saw some very good people "let go" and some mediocre people stay, just because of their current salaries. 

And FTR, while there may be a million reasons to get "fired", in most jurisdictions these days, there has to be "just cause". I would rather be fired for "just cause" than having to wait around worried and wondering if I will next to get laid off. Just the thought that lay-offs might be coming creates an extremely stressful and even toxic environment. It will immediately turn a great, supportive and fun place to work into a back-stabbing, everyone out for themselves, hostile place to work. No fun at all. 

In fact, after the forth round of lay-offs at my company, I gave my two-weeks notice and opened my own custom computers, IT consulting and computer repair shop. And even with all the stress factors involved in owning your own business, my blood pressure dropped, and receding hairline stopped receding. 

I now return control of this way-off topic back to the OP.


----------



## rvalencia (Jan 17, 2021)

Khonjel said:


> AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
> 
> So is it worse than Intel flaws? I hear it leaks meta-data but not actually data, whatever that means.




__ https://twitter.com/i/web/status/1236218121704239104
Intel's side-channel issues are worst than AMD's.


----------



## R-T-B (Jan 27, 2021)

rvalencia said:


> __ https://twitter.com/i/web/status/1236218121704239104
> Intel's side-channel issues are worst than AMD's.


Major necropost for old news dude.


----------

