AMD admits it is vulnerable to both versions of Spectre

Status
Not open for further replies.

vissarix

Senior member
Jun 12, 2015
292
93
101
So much for saying that the second one was low risk

After days of saying that there was a "near zero" chance of its chips being hit by the two Spectre bugs, AMD has finally admitted it's vulnerable to both of them.

In a subsequent statement Thursday, AMD said there was “no change” to its position on the susceptibility of its chips to Spectre, but shares fell as much as 4.0 percent after the first AMD announcement.

For those who came in late, security researchers disclosed a set of flaws that could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel

But investors believed AMD’s chips were at less risk, and the outfit's shares surged. AMD’s shares have gained nearly 20 percent since the flaws were made public on Jan. 3 as investors speculated that it could wrest market share from Intel, which is most exposed to the flaws because it is vulnerable to all three variants.

AMD shares dropped as much as 4 percent to $11.65 in after-hours trading after the company’s announcement Thursday. By late afternoon they had recovered to $11.80, a drop of 2.9 percent.

AMD said that its chips were vulnerable to one variant of the Spectre bug, but there was “near zero risks” from the second Spectre variant and vulnerability to the second variant “has not been demonstrated on AMD processors to date.”

AMD said the second Spectre variant “applies to AMD” processors and that it would issue patches for its Ryzen and EPYC processors starting this week and older chips in the coming weeks.

"While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat," Chief Technology Officer Mark Papermaster wrote in a blog post on Thursday wrote.

http://www.fudzilla.com/news/processors/45370-amd-admits-it-is-vulnerable-to-both-versions-of-spectre
 

tamz_msc

Diamond Member
Jan 5, 2017
3,118
2,873
136
This has already been posted in the other thread. The headline seems to have been written to give this a negative spin even though AMD's blog post was no-nonsense and to-the-point.
 

vissarix

Senior member
Jun 12, 2015
292
93
101
This has already been posted in the other thread. The headline seems to have been written to give this a negative spin even though AMD's blog post was no-nonsense and to-the-point.
The other thread is about Intel bugs and has nothing to do with Amd bugs, information would be lost on that thread so a proper thread related to Amd bugs might help..
 

tamz_msc

Diamond Member
Jan 5, 2017
3,118
2,873
136
The other thread is about Intel bugs and has nothing to do with Amd bugs, information would be lost on that thread so a proper thread related to Amd bugs might help..
That thread is evolving, and someone already posted this there. It's a general thing that affects everybody - and that thread is no longer Intel-specific.

If we're going to make a thread for AMD's bugs in relation to those vulnerabilities, why not an ARM thread as well?
 

Dribble

Golden Member
Aug 9, 2005
1,946
481
136
This has already been posted in the other thread. The headline seems to have been written to give this a negative spin even though AMD's blog post was no-nonsense and to-the-point.
It's fudzilla, they get page clicks by getting fanboys to argue. At the end of the day all that really matters to us enthusiasts is the performance hit. Hence the news that AMD is patching too is important as the patch will hit performance. It also brings into doubt AMD's assessment of the situation - if they go from completely safe to patching today, there's a greater chance that they'll suddenly announce they need more patches in the future.
 
  • Like
Reactions: Reinvented and IEC

coercitiv

Diamond Member
Jan 24, 2014
4,883
7,136
136
Excerpts from a recent ArsTechnica article.
AMD's response last week suggested that there was little need to do anything on systems using the company's processors. That turns out to be not quite true, and the company is said to be issuing microcode updates accordingly. On its current processors using its Zen core—Ryzen, Threadripper, and Epyc—new microcode provides equivalents to IPBP and STIBP. On prior generation processors using the Bulldozer family, microcode has added IBRS and IBPB.
Why no IBRS on Zen? AMD argues that Zen's new branch predictor isn't vulnerable to attack in the same way. Most branch predictors have their own special cache called a branch target buffer (BTB) that's used to record whether past branches were taken or not. BTBs on other chips (including older AMD parts, Intel chips, ARM's designs, and Apple's chips) don't record the precise addresses of each branch. Instead, just like the processor's cache, they have some mapping from memory addresses to slots in the BTB. Intel's Ivy Bridge and Haswell chips, for example, are measured at storing information about 4,096 branches, with each branch address mapping to one of four possible locations in the BTB.
Zen's branch predictor, however, is a bit different. AMD says that its predictor always uses the full address of the branch; there's no flattening of multiple branch addresses onto one entry in the BTB. This means that the branch predictor can only be trained by using the victim's real branch address. This seems to be a product of good fortune; AMD switched to a different kind of branch predictor in Zen (like Samsung in its Exynos ARM processors, AMD is using simple neural network components called perceptrons), and the company happened to pick a design that was protected against this problem.
I agree with @vissarix. Let's discuss how AMD's latest CPU design is inherently more resilient to vulnerabilities outlined by the Spectre variants.

PS: we will also need a separate thread for ARM, Apple and IBM respectively. /s
 
  • Like
Reactions: mattiasnyc and IEC

IEC

Elite Member
Super Moderator
Jun 10, 2004
14,025
3,844
136
AMD appears to have added a new entry/update to their page and left their initial assessment intact so you can see any changes for yourself.
https://www.amd.com/en/corporate/speculative-execution

While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.
 
  • Like
Reactions: coercitiv

rainy

Senior member
Jul 17, 2013
476
330
136
The other thread is about Intel bugs and has nothing to do with Amd bugs, information would be lost on that thread so a proper thread related to Amd bugs might help..
Because I remember well your trolling/bashing posts about AMD from last year, I have no doubt as to the intentions of having created this thread.
 
  • Like
Reactions: mattiasnyc

IEC

Elite Member
Super Moderator
Jun 10, 2004
14,025
3,844
136
Thread has been locked for moderator discussion.

AnandTech Moderator IEC
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
E CPUs and Overclocking 7

ASK THE COMMUNITY