- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
But that's a hardware fix only for one series of Intel CPU's, not for all that are vulnerable.
-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
Meltdown-like Vulnerability Affects AMD Zen+ and Zen2 Processors
- Thread starter btarunr
- Start date
- Joined
- Jul 9, 2015
- Messages
- 3,413 (1.00/day)
| System Name | M3401 notebook |
|---|---|
| Processor | 5600H |
| Motherboard | NA |
| Memory | 16GB |
| Video Card(s) | 3050 |
| Storage | 500GB SSD |
| Display(s) | 14" OLED screen of the laptop |
| Software | Windows 10 |
| Benchmark Scores | 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling. |
I'm puzzled why did you conclude that, could you elaborate?
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
Have you read the pdf? Please do if you haven't and if you don't find it, I'll do my best to help you out.
- Joined
- Jul 9, 2015
- Messages
- 3,413 (1.00/day)
| System Name | M3401 notebook |
|---|---|
| Processor | 5600H |
| Motherboard | NA |
| Memory | 16GB |
| Video Card(s) | 3050 |
| Storage | 500GB SSD |
| Display(s) | 14" OLED screen of the laptop |
| Software | Windows 10 |
| Benchmark Scores | 3050 scores good 15-20% lower than average, despite ASUS's claims that it has uber cooling. |
Could you share the link to the specific PDF you mean please? The one in your post is an html page with 2 PDFs.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
That's easy to say but when you have a old software application that's not being updated it just means you are screwed.
I'm pretty sure the decades old court reporter record reading software we run won't see such an update.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
You're failing to understand how this vulnerability works. Old software, of any kind, is not an entry vector of attack. Like Meltdown, a software package has to be delivered to the target system and run by a user physically attending the system.
See above.
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
Oh, so the old software already includes an LFFENCE to prevent it being used for priviledge escalation?
I'm starting to think you don't really understand this. I mean that with no offense intended. It's tough material.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
And how would an attacker do that? Hmm? Are they going to wave an Elder wand?
Likewise, and as AMD has already made a statement on the matter after months of research....
Seemingly so..
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
A dumb end user. You can't trust them all but you can fence them off. At least, you can on certain cpus.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
So what you are saying is that...
...is required. At that point older software is not relevant as you still need to deliver a software payload to initiate the attack.
So how am I failing to understand?
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
You can't priviledge escalate a bug that does not exist. Even if the user downloads something via social engineering. That's why a microcode approach is more reliable.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
Ah, I see now...
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
Yeah. It's not a big hole but it's there. Requires a lot of human failure
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
My sarcasm might have been a bit too subtle there..
While this vulnerability is real, exploiting it(much like Spectre, Meltdown and all of that ilk) is so crazy difficult that it isn't worth worrying about unless you have something worth stealing and people know you have something worth stealing. So AMD's response is appropriate, as is mine. It's very, very nearly nothing-sauce.
- Joined
- Aug 20, 2007
- Messages
- 21,453 (3.40/day)
| System Name | Pioneer |
|---|---|
| Processor | Ryzen R9 9950X |
| Motherboard | GIGABYTE Aorus Elite X670 AX |
| Cooling | Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans... |
| Memory | 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30 |
| Video Card(s) | XFX RX 7900 XTX Speedster Merc 310 |
| Storage | Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs |
| Display(s) | 55" LG 55" B9 OLED 4K Display |
| Case | Thermaltake Core X31 |
| Audio Device(s) | TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED |
| Power Supply | FSP Hydro Ti Pro 850W |
| Mouse | Logitech G305 Lightspeed Wireless |
| Keyboard | WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps |
| Software | Gentoo Linux x64 / Windows 11 Enterprise IoT 2024 |
and I'll profesionally disagree with you.
It's nothing-sauce for the average home user, but not everyone of AMDs clients is the average home user.
I for one am glad there are no Zen/Zen 2 cpus in my org, as I'd have to treat them special, and thats just extra headache for me.
I know you have your opinions on this. I am curious if they'd be the same if you had to sign the same contracts I do, but that's really beyond where we should go for this topic. I respect your right to disagree, regardless.
- Joined
- Jul 5, 2013
- Messages
- 27,734 (6.67/day)
Fully agree with you there.
That only requires a risk assessment analysis. However, that difficulty can not be understated for some organizations.
For business/industrial/corp/gov entities there needs to be serious consideration on a case by case basis. But once again, not all situations warrant concern for potential attack. I am governed by regulations and those guidelines require due diligence. While risk assessment will be done, my earlier statements are based on previous similar vulnerabilities analysis.