• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Updates on AMD Processor Security Status

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
47,300 (7.53/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats. It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
  • The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
  • The described threat has not been seen in the public domain.

When AMD learned that researchers had discovered a new CPU attack targeting the speculative execution functionality used by multiple chip companies' products, we immediately engaged across the ecosystem to address the teams' findings. The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details (above).

As the security landscape continues to evolve, a collaborative effort of information sharing in the industry represents the strongest defense.

Total protection from all possible attacks remains an elusive goal and this latest example shows how effective industry collaboration can be.

As always, AMD strongly encourages its customers to consistently undertake safe computing practices, examples of which include: not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates.

View at TechPowerUp Main Site
 
D

Deleted member 172152

Guest
AMD is only vulnerable to variant 1, which is easily resolved with basically no performance hit. Nice!

Also, 3 flaws now, so the problem tripled! Variants 2 and 3 affect ARM and Intel it seems. Not nice!
 
Last edited by a moderator:
Joined
Apr 10, 2013
Messages
302 (0.07/day)
Location
Michigan, USA
Processor AMD 1700X
Motherboard Crosshair VI Hero
Memory F4-3200C14D-16GFX
Video Card(s) GTX 1070
Storage 960 Pro
Display(s) PG279Q
Case HAF X
Power Supply Silencer MK III 850
Mouse Logitech G700s
Keyboard Logitech G105
Software Windows 10
It is funny how on day1 the reports are Intel "and maybe others" suffer from the "variant 1" problem. Then in the middle of the night sites pickup most cpus including AMD are affected by variant one. Everyone gets the OS update with "negligible performance degradation". All over some potential exploit nearly none of us basic consumers would ever be vulnerable to. What is due here is a big thank you to google for working to keep computing safe for those that are too lazy to make sensible, responsible choices.
 

64K

Joined
Mar 13, 2014
Messages
6,773 (1.72/day)
Processor i7 7700k
Motherboard MSI Z270 SLI Plus
Cooling CM Hyper 212 EVO
Memory 2 x 8 GB Corsair Vengeance
Video Card(s) Temporary MSI RTX 4070 Super
Storage Samsung 850 EVO 250 GB and WD Black 4TB
Display(s) Temporary Viewsonic 4K 60 Hz
Case Corsair Obsidian 750D Airflow Edition
Audio Device(s) Onboard
Power Supply EVGA SuperNova 850 W Gold
Mouse Logitech G502
Keyboard Logitech G105
Software Windows 10
Plus IME has been hacked a while ago. No wonders Intel CEO sold most of Intel stocks.

It's going to be interesting to see how much shit sticks to Krzanich over that 24 million dollar sale. Intel is trying to claim that this was just a preplanned sale of his stock which happens from time to time automatically so that he can't be charged with insider trading but the fact that he put that plan into place months after Google informed Intel about their flaw is suspicious.

http://www.businessinsider.com/inte...fter-company-was-informed-of-chip-flaw-2018-1
 
Joined
Feb 19, 2009
Messages
1,162 (0.20/day)
Location
I live in Norway
Processor R9 5800x3d | R7 3900X | 4800H | 2x Xeon gold 6142
Motherboard Asrock X570M | AB350M Pro 4 | Asus Tuf A15
Cooling Air | Air | duh laptop
Memory 64gb G.skill SniperX @3600 CL16 | 128gb | 32GB | 192gb
Video Card(s) RTX 4080 |Quadro P5000 | RTX2060M
Storage Many drives
Display(s) AW3423dwf.
Case Jonsbo D41
Power Supply Corsair RM850x
Mouse g502 Lightspeed
Keyboard G913 tkl
Software win11, proxmox
It is funny how on day1 the reports are Intel "and maybe others" suffer from the "variant 1" problem. Then in the middle of the night sites pickup most cpus including AMD are affected by variant one. Everyone gets the OS update with "negligible performance degradation". All over some potential exploit nearly none of us basic consumers would ever be vulnerable to. What is due here is a big thank you to google for working to keep computing safe for those that are too lazy to make sensible, responsible choices.

this is not something that a manufacture does intentionally, but just maybe amd haven't designed in as many assumptions as intel it seems.
Assumptions that next code will be kinda deal.

But the bad part is intel's downplay of the issue and calling out others to drag them down with them
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Buddy at fortune 500 says they have 23% perf impact on their virtuals. Riptel.

Can't tell if incredibly well made, sarcastic account, or just a genuine response.
Its is perfect in server space. Intel can't win in anything, now.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Now that more details have surfaced, it seems AMD jumped the gun a bit. All CPU's are vulnerable regardless of architecture and OS platform, the sole exception being Apple's iOS. But even that is likely to have a certain level vulnerability as more details of this are discovered/uncovered.
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Now that more details have surfaced, it seems AMD jumped the gun a bit. All CPU's are vulnerable regardless of architecture and OS platform, the sole exception being Apple's iOS. But even that is likely to have a certain level vulnerability as more details of this are discovered/uncovered.

Not really, AMD is only vulnerable to the one type (there's 3) and the fix has a negligible perf impact.

Intel wants to pretend AMD is in the same boat.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Not really, AMD is only vulnerable to the one type (there's 3) and the fix has a negligible perf impact.

Intel wants to pretend AMD is in the same boat.
That would be incorrect.
https://isc.sans.edu/diary.html?utm...al&utm_source=twitter.com&utm_campaign=buffer
https://meltdownattack.com/
These vulnerabilities have been shown to affect every CPU with execution prediction on all OS platforms. Only Apple's iOS is relatively safe, but there are indications that it too has some susceptibilities.

This is NOT an Intel problem. It is VERY much an everyone problem.
(Sometimes I feel like a broken record..)
 
Last edited:
Joined
Apr 12, 2013
Messages
7,563 (1.77/day)
That would be incorrect.
https://isc.sans.edu/diary.html?utm...al&utm_source=twitter.com&utm_campaign=buffer
https://meltdownattack.com/
These vulnerabilities have been shown to affect every CPU with execution prediction on all OS platforms. Only Apple's iOS is relatively safe, but there are indications that it too has some susceptibilities.

This is NOT an Intel problem. It is VERY much an everyone problem.
(Sometimes I feel like a broken record..)
You can look at google's project zero - you know the ones who're actually responsible for the disclosure? AMD is not affected by meltdown, spectre (1 & 2) are in theory applicable for Ryzen but they've not shown any demonstrable exploit for it yet.
  1. A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries.
  2. A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU. On the Intel Haswell Xeon CPU, kernel virtual memory can be read at a rate of around 2000 bytes per second after around 4 seconds of startup time. [4]
  3. A PoC for variant 2 that, when running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific (now outdated) version of Debian's distro kernel [5] running on the host, can read host kernel memory at a rate of around 1500 bytes/second, with room for optimization. Before the attack can be performed, some initialization has to be performed that takes roughly between 10 and 30 minutes for a machine with 64GiB of RAM; the needed time should scale roughly linearly with the amount of host RAM. (If 2MB hugepages are available to the guest, the initialization should be much faster, but that hasn't been tested.)
  4. A PoC for variant 3 that, when running with normal user privileges, can read kernel memory on the Intel Haswell Xeon CPU under some precondition. We believe that this precondition is that the targeted kernel memory is present in the L1D cache.
 
Last edited:
D

Deleted member 172152

Guest
You can look at google's project zero - you know the ones who're actually responsible for the disclosure? AMD is not affected by meltdown, spectre (1 & 2) are in theory applicable for Ryzen but they've not shown any demonstrable exploit for it yet.
And Ryzen hasn't been tested, so the problem could be even smaller on AMD's side.

None of the bugs were used according to google, variant 2 is basically impossible to exploit on older AMD cpu's and variant 3 is applicable to Intel and ARM CPU's. So, AMD made a mistake, but may have fixed it with Ryzen, so I should be mad at AMD, but that issue is overshadowed by Intel's problems which actually can cause MAJOR performance hits! AMD's problem was/will be fixed without a performance hit and was(/is) significantly smaller than Intel's problem anyway!

Basically old AMD was rubbish, new AMD is amazing and Intel is still the irresponsible, whining rich kid!
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
You two need to actually read the documentation instead of making lazy assumptions or cherry-picking selective information that fits your limited, agenda focused narrative. The knowledge of these problems are a working progression. ALL CPU's are affected by these vulnerabilities equally. All, as in every CPU made in the past 20 years. Why do you think whole governments are scrambling to implement preventive measures? This is NOT an AMD vs Intel problem. It affects everyone, everywhere on all devices with a working CPU.
Basically old AMD was rubbish, new AMD is amazing and Intel is still the irresponsible, whining rich kid!
So does that make ARM equally irresponsible? Or does it mean that these things have caught everyone in the industry by surprise? Which do you think is more likely? Hmm?
 
Last edited:
D

Deleted member 172152

Guest
You two need to actually read the documentation instead of making lazy assumptions or cherry-picking selective information that fits your limited, agenda focused narrative. The knowledge of these problems are a working progression. ALL CPU's are affected by these vulnerabilities equally. All, as in every CPU made in the past 20 years. Why do you think whole governments are scrambling to implement preventive measures? This is NOT an AMD vs Intel problem. It affects everyone, everywhere on all devices with a working CPU.

So does that make ARM equally irresponsible? Or does it mean that these things have caught everyone in the industry by surprise? Which do you think is more likely? Hmm?
Try reading my comment. We KNOW Intel knew about the vulnerability quite some time BEFORE releasing Coffee Lake and basically changed nothing. AMD on the other hand likely only knew two months befpre releasing Ryzen there was a vulnerability AND likely isn't at risk. That makes a HUGE differemce in my eyes! O, and ARM doesn't seems to have the same level of performance hits if any (Apple already fixed their processors in the december updates) and ARM is rarely, if at all used in giant servers like Intel CPU's are, if at all. Intel still has the most crap on its plate which isn't entirely their fault, but is the only company trying to push this off on other companies and has the biggest performance hits!
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Try reading my comment.
Hmm..
We KNOW Intel knew about the vulnerability quite some time BEFORE releasing Coffee Lake and basically changed nothing.
Yes, but they did act on it and started fixes for it. You can't expect a company to halt a major product release over a vulnerability that was, and is still, not completely understood and has no known exploits.
AMD on the other hand likely only knew two months befpre releasing Ryzen there was a vulnerability AND likely isn't at risk.
Citation please.
That makes a HUGE differemce in my eyes!
Oh, of course it would..
O, and ARM doesn't seems to have the same level of performance hits if any
Citation please.
Intel still has the most crap on its plate which isn't entirely their fault
At least we agree on something..
but is the only company trying to push this off on other companies and has the biggest performance hits!
That's an assumption not backed by merit.

https://meltdownattack.com/
Read
 
D

Deleted member 172152

Guest
I hmmm... Your hmmm... XD
Citation please.
No need. Common knowledge that the Project Zero people found out about these bugs in January last year, two months Ryzen was released. Intel had longer and really should have properly redesigned their CPU's a LOOOONNGG time ago! Maybe then, like Ryzen, the problem potentially could have been fixed.
Oh, of course it would..
If Intel's lazy approach to CPU design and AMD's recent (and past) enthousiastic efforts to conquer The Beast of Incremental Upgrades seem pretty much the same to you, you're not even an Intel fanboy, just a hater.
Citation please.
Look, an article: https://www.macrumors.com/2018/01/04/apple-meltdown-spectre-vulnerability-fixes/

Now go watch some iOS 11.2 and 11.2.1 vs iOS whatever videos. No unusual discrepancies.
That's an assumption not backed by merit.
"That's an assumption not backed by merit." It is pretty much common knowledge that Intel is the only one pushing their problems off on others. They started blabbing on all the others and everyone else gave statements that yes, there are vulnerabilities, but they are fixing/have fixed the problem to some extent and warn not to download malicious apps that could exploit the vulnerabilities. To make it more understandable for some people, it's basically the difference between a toddler's response (They did it too!!!) and a grown-up's response (There is something wrong, but we're working on fixing it. Just don't do this ... or this .... and you'll be fine.).

Go read the other statements.
 
Joined
Sep 15, 2007
Messages
3,946 (0.63/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
keep shillin
 
Top