• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.
Most people won't even need to turn this off. No one is going to bother running spectre v4 style attacks to get everyone's cat pictures lol. Maybe if its a server in a data center I can see some precaution.
 

r9

Joined
Jul 28, 2008
Messages
3,300 (0.55/day)
System Name Primary|Secondary|Poweredge r410|Dell XPS|SteamDeck
Processor i7 11700k|i7 9700k|2 x E5620 |i5 5500U|Zen 2 4c/8t
Memory 32GB DDR4|16GB DDR4|16GB DDR4|32GB ECC DDR3|8GB DDR4|16GB LPDDR5
Video Card(s) RX 7800xt|RX 6700xt |On-Board|On-Board|8 RDNA 2 CUs
Storage 2TB m.2|512GB SSD+1TB SSD|2x256GBSSD 2x2TBGB|256GB sata|512GB nvme
Display(s) 50" 4k TV | Dell 27" |22" |3.3"|7"
VR HMD Samsung Odyssey+ | Oculus Quest 2
Software Windows 11 Pro|Windows 10 Pro|Windows 10 Home| Server 2012 r2|Windows 10 Pro
It's simpler to patch into somebody's brain and get their password then exploiting this vulnerability.
 
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.
Why? There's not even a real exploit yet.
 

Space Lynx

Astronaut
Joined
Oct 17, 2014
Messages
17,417 (4.69/day)
Location
Kepler-186f
Processor 7800X3D -25 all core
Motherboard B650 Steel Legend
Cooling Frost Commander 140
Video Card(s) Merc 310 7900 XT @3100 core -.75v
Display(s) Agon 27" QD-OLED Glossy 240hz 1440p
Case NZXT H710 (Red/Black)
Audio Device(s) Asgard 2, Modi 3, HD58X
Power Supply Corsair RM850x Gold
Joined
Sep 28, 2012
Messages
981 (0.22/day)
System Name Poor Man's PC
Processor Ryzen 7 9800X3D
Motherboard MSI B650M Mortar WiFi
Cooling Thermalright Phantom Spirit 120 with Arctic P12 Max fan
Memory 32GB GSkill Flare X5 DDR5 6000Mhz
Video Card(s) XFX Merc 310 Radeon RX 7900 XT
Storage XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320
Display(s) Xiaomi G Pro 27i MiniLED
Case Asus A21 Case
Audio Device(s) MPow Air Wireless + Mi Soundbar
Power Supply Enermax Revolution DF 650W Gold
Mouse Logitech MX Anywhere 3
Keyboard Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers
VR HMD Meta Quest 2
Benchmark Scores Who need bench when everything already fast?
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.

Where's the button?
Ah yes only in Linux , and with patches.
Another funny thing, I couldn't find this Vulnerability on CVE list :rolleyes:
 
Joined
Feb 20, 2019
Messages
8,332 (3.91/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Then that's a product of bias, a bias which unfortunately has become widespread. I've not seen any evidence of Intel taking "security shortcuts".

A shortcut would imply a conscious decision, while the Spectre family is caused by an oversight, an oversight done by numerous companies implementing their own microarchitectures.
Not bias, I'm just presuming that AMD pass a minium low bar for common sense and business survival, the same low bar I'd apply to Intel, Nvidia, Microsoft, Apple, or Google.

If you understand Spec-ex attacks then you know it affects Intel because they skipped privilege checks on stuff that had passed checks earlier in the pipeline as implied trust, in order to speed up the pipeline. Call it a shortcut, call it an optimisation - it doesn't matter. AMD checks privileges at every stage rather than assuming implied trust. That's a gross oversimplification but the TL;DR is that Intel chose speed over security, and AMD chose security over speed.

AMD's decision to choose security over speed has been vindicated publicly and presumably ratified internally at AMD, possibly making them even more security-cautious than they were previously. That basic decision of security over speed saved their bacon and they got to see what might have happened if they'd made the same shortcut/optimisations as Intel. Call it a free lesson at Intel's expense. That's not bias, that's just how any competent company should be run.

So no, presuming AMD won't take shortcuts isn't pro-AMD bias. It's based on historic empirical data.
I am now assuming that everyone takes spec-ex and pipeline privilege checks more seriously, not just Intel.
 
Last edited:
Joined
Jul 13, 2016
Messages
3,321 (1.08/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.

You fail to understand what an assumption is I see. You made the assumption that Intel has more known vulnerabilities and assumed that AMD has equal or more undisclosed ones based on the assumption that Intel's bug payment program encourages people to find more bugs. This is funny for two reasons:

1) Google Project Zero found Spectre and Meltdown, not someone encouraged by the bug program. They are employed by google to find zero day vulnerabilities regardless of the existence of a bug payout program. Therefore your initial assumption that your stacked house of assumptions is based on is in fact false. Again, you assumed but it's irrelevant as your unproven argument basis has already been disproven despite no requirement for me to do so as you failed to provide evidence to support it to begin with.

2) You provided no evidence to support the idea that AMD has an equal or greater amount of vulnerabilities as Intel, assumptions are not supporting evidence. You first make the assumption that Intel's bug bounty program is the reason they have so many vulnerabilities (disproven above) and again assume on top of that false logic that AMD has at least that many unknown vulnerabilities. AMD has 16, Intel has over 240. Think about that. You are in essence assuming AMD has 15 times the unkown vulnerabilities as known and assuming, without evidence, that they in fact exist. That's not something a bug bounty program alone is going to make up.
 
Last edited:
Joined
Jun 12, 2017
Messages
136 (0.05/day)
But they know this one individual feature constitutes a security risk. So I repeat the question.
No they don't.

Short version: to find a bug is a non-computable problem.

Long version: All security/correctness properties can only be proven under an assumption, and only works under that assumption, e.g., eventual correctness of execution result, etc. "Side channel attacks" just means they found some new ways of invalidating your assumptions and can thus only be handled on a case-by-case basis. Being in the same category does not mean they are the same bug. If you are not an omnipotent god, then you simply don't know it in advance.

Yes, you can have a vague sense of vulnerability based on your human instinct. But it takes engineering genuity to prove the vulnerability. (invulnerability, as I previous said, is not provable by any means).


A good example is the cache microtag generator for zen/zen+. For an outsider, that microtag generator design would freak them out because it may appears too insecure for an untrained engineer. But after all these years, no one actually found an attack vector for it. Proving invulnerability is impossible, but proving vulnerability is also hard.
 
Last edited:
Joined
Jul 21, 2016
Messages
103 (0.03/day)
Intel didn't take any shortcuts?

Spectre is a side-effect of out-of-order execution engines that might allow you to take a glimpse of code running on a computer, as long as you have sufficient privileges, only in-order CPUs are safe from it.

Meltdown was intel (and others) not doing any security checks which allowed kernel access.
Easily exploitable since you know what to look for(kernel), could be done blindly and massively through websites because everyone had the same kernel(windows)
The only things stopping it were kernel memory randomization and flushing caches for every kernel call which tanks performance.

Imagine the period before patches....and the researchers having the power to snoop around every pc on the internet that had "intel inside", without leaving any traces.

Yeah, zero shortcuts...and then there's Intel Management Engine, a webserver inside your cpu.
 
Joined
Feb 18, 2017
Messages
688 (0.24/day)
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
So you are simply LYING? AMD had plenty of vulnerabilities? Try to read up all the news about back to those days when they were found: most of them were Intel-related and affected more generations of Intel CPUs. Shame on you.

 
Last edited:

bogmali

In Orbe Terrum Non Visi
Joined
Mar 16, 2008
Messages
9,542 (1.56/day)
Location
Pacific Northwest
System Name Daily Driver/Part Time
Processor Core i7-13700K/Ryzen R5-7600
Motherboard ASUS ROG MAXIMUS Z790 APEX/Asrock B650 Pro RS Wi-Fi
Cooling Corsair H150i RGB PRO XT AIO/Deep Cool LS-520 White
Memory G-Skill Trident Z5 Silver 2x24GB DDR5-8200/XPG Lancer Blade 2X16GB DDR-5-6000
Video Card(s) MSI Ventus 3X OC RTX-4080 Super/Sapphire Radeon RX-7800XT
Storage Samsung 980 Pro M.2 NVMe 2TB/KingSpec XG 7000 4TB M.2 NVMe/Crucial P5 Plus 2TB M.2 NVMe
Display(s) Alienware AW3423DW
Case Corsair 5000d AirFlow/Asus AP201 White
Audio Device(s) AudioEngine D1 DAC/Onboard
Power Supply Seasonic Prime Ultra 1K Watt/Seagotep 750W
Mouse Corsair M65 RGB Elite
Keyboard Adata XPG Summoner
Software Win11 Pro 64
Benchmark Scores Xbox Live Gamertag=jondonken
If you cannot have a discussion without trolling and baiting, I suggest you refrain from posting. Thread bans issued
 
Joined
Oct 15, 2011
Messages
2,469 (0.51/day)
Location
Springfield, Vermont
System Name KHR-1
Processor Ryzen 9 5900X
Motherboard ASRock B550 PG Velocita (UEFI-BIOS P3.40)
Memory 32 GB G.Skill RipJawsV F4-3200C16D-32GVR
Video Card(s) Sparkle Titan Arc A770 16 GB
Storage Western Digital Black SN850 1 TB NVMe SSD
Display(s) Alienware AW3423DWF OLED-ASRock PG27Q15R2A (backup)
Case Corsair 275R
Audio Device(s) Technics SA-EX140 receiver with Polk VT60 speakers
Power Supply eVGA Supernova G3 750W
Mouse Logitech G Pro (Hero)
Software Windows 11 Pro x64 23H2
Honestly looks like nothing to panic about, as a Ryzen user. I'm going on with business-as-usual.
 

freeagent

Moderator
Staff member
Joined
Sep 16, 2018
Messages
8,814 (3.86/day)
Location
Winnipeg, Canada
Processor AMD R7 5800X3D
Motherboard Asus Crosshair VIII Dark Hero
Cooling Thermalright Frozen Edge 360, 3x TL-B12 V2, 2x TL-B12 V1
Memory 2x8 G.Skill Trident Z Royal 3200C14, 2x8GB G.Skill Trident Z Black and White 3200 C14
Video Card(s) Zotac 4070 Ti Trinity OC
Storage WD SN850 1TB, SN850X 2TB, SN770 1TB
Display(s) LG 50UP7100
Case Fractal Torrent Compact
Audio Device(s) JBL Bar 700
Power Supply Seasonic Vertex GX-1000, Monster HDP1800
Mouse Logitech G502 Hero
Keyboard Logitech G213
VR HMD Oculus 3
Software Yes
Benchmark Scores Yes
*Swivels head to look at Band-Aid covered Intel rigs*

Wake me when its serious.
 

las

Joined
Nov 14, 2012
Messages
1,693 (0.38/day)
System Name Meh
Processor 7800X3D
Motherboard MSI X670E Tomahawk
Cooling Thermalright Phantom Spirit
Memory 32GB G.Skill @ 6000/CL30
Video Card(s) Gainward RTX 4090 Phantom / Undervolt + OC
Storage Samsung 990 Pro 2TB + WD SN850X 1TB + 64TB NAS/Server
Display(s) 27" 1440p IPS @ 360 Hz + 32" 4K/UHD QD-OLED @ 240 Hz + 77" 4K/UHD QD-OLED @ 144 Hz VRR
Case Fractal Design North XL
Audio Device(s) FiiO DAC
Power Supply Corsair RM1000x / Native 12VHPWR
Mouse Logitech G Pro Wireless Superlight + Razer Deathadder V3 Pro
Keyboard Corsair K60 Pro / MX Low Profile Speed
Software Windows 10 Pro x64
So you are simply LYING? AMD had plenty of vulnerabilities? Try to read up all the news about back to those days when they were found: most of them were Intel-related and affected more generations of Intel CPUs. Shame on you.

Lying? Haha. AMD had many vulnerabilies, feel free to Google, YET no bug bounty program to make people even wanna go look for them.

If Intel did not have their bug bounty program, you can be sure that many of the vulnerabilies were never found to begin with. STILL Intel continue to have it.
 
Last edited:
Joined
Jun 10, 2014
Messages
2,987 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
If Intel did not have their bug bounty program, you can be sure that many of the vulnerabilies were never found to begin with. STILL Intel continue to have it.
The bug bounty program certainly contributes, but the main reason is Intel's close collaboration with researchers and data-center customers. Ice Lake-SP which launched the other day, has been deployed as engineering samples with partners at least since 2017, and has over the past year shipped over 100.000 units of the final product prior to the "public launch", so when it finally launched it was a very mature product. Their next-gen Sapphire Rapids (presumably launching sometime next year or so), has had engineering samples for over a year already. A lot of errors are found and resolved long before the general public gets their hands on the products, and helps avoid problems like waiting for months for stable BIOSes, or failing to boot Linux, or compile correctly with GCC etc. Bugs like Meltdown and Spectre which were found long after product launches are rare exceptions.

AMD would be well served by allowing their partners access to engineering samples much earlier, and probably extending their development cycle by at least 6-12 months.
 
Last edited:
Top