Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
The Callisto Protocol: PC graphics benchmarks
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review

New Downloads
Corsair Utility Engine Download (iCUE) Download v4.33.138
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36


New Forum Topics
MSI Interrupt Steering Causing Input Lag Windows 10 Rumor: Further GeForce RTX 4090 Ti specs emerge 7940HS engineering sample benchmarks (true, not true?) Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. NVIDIA GeForce 528.24 WHQL driver download & Discussion Windows power plan settings explorer utility The Callisto Protocol: PC graphics performance benchmark analysis Nvidia Set to Unveil RTX 4060 and 4050 GPUs Ahead of Schedule? Resolution/DSR/DLDSR help Corsair Launches Innovative New RMx SHIFT ATX 3.0 PSUs




Guru3D.com » News » AMD Security Statement from CTO and SVP Mark Papermaster

AMD Security Statement from CTO and SVP Mark Papermaster

by Hilbert Hagedoorn on: 01/12/2018 03:30 PM | source: | 11 comment(s)
AMD Security Statement from CTO and SVP Mark Papermaster

AMD have updated their web page and clarified a bit more on speculative_execution vulnerabilities with some additional details on current state of affairs and AMD actions.

 

  

--- AMD --- 

An Update on AMD Processor Security

The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data.  These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.

  • Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.  
    • We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue.  
    • Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.
    • Linux vendors are also rolling out patches across AMD products now.
  • GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
    • While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat.  We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.  
    • AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements. 
    • Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.
  • GPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
    • We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

There have also been questions about GPU architectures.  AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats. 

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

Mark Papermaster, 
Senior Vice President and Chief Technology Officer







« Phison Demos Thunderbolt SSDs and second generation NVMe PS5012-E12 controllers · AMD Security Statement from CTO and SVP Mark Papermaster · ASRock introduces Quad M2 PCIe SSD add-in card (with active cooling) »

3 pages 1 2 3


Embra
Senior Member



Posts: 1397
Joined: 2014-11-19

#5510090 Posted on: 01/12/2018 03:52 PM
Thanks HH.

schmidtbag
Senior Member



Posts: 7152
Joined: 2012-11-10

#5510111 Posted on: 01/12/2018 04:46 PM
So basically just Variant 2 is noteworthy (but not necessarily crucial).

At least a high-up representative from AMD finally gave a solid answer. I was getting a bit tired of all the pussyfooting AMD was doing for the past couple weeks.

nevcairiel
Senior Member



Posts: 841
Joined: 2015-05-19

#5510288 Posted on: 01/13/2018 12:19 AM
Didn't AMD basically start with "We're not affected" when the news first broke? Long way to go from "not" to two variants actually being applicable. Sure, Meltdown is Intel only, but Spectre might be as bad or possibly even worse in the long run.

D3M1G0D
Senior Member



Posts: 2068
Joined: 2017-03-10

#5510289 Posted on: 01/13/2018 12:23 AM
Didn't AMD basically start with "We're not affected" when the news first broke? Long way to go from "not" to two variants actually being applicable. Sure, Meltdown is Intel only, but Spectre might be as bad or possibly even worse in the long run.

No, it isn't. Meltdown is by far the scariest CPU bug I have ever seen - Spectre comes nowhere close to it.

schmidtbag
Senior Member



Posts: 7152
Joined: 2012-11-10

#5510294 Posted on: 01/13/2018 12:34 AM
Didn't AMD basically start with "We're not affected" when the news first broke? Long way to go from "not" to two variants actually being applicable. Sure, Meltdown is Intel only, but Spectre might be as bad or possibly even worse in the long run.

I don't recall AMD saying they weren't affected, though as I mentioned in my last post, they seemed to be intentionally vague about all of this. What I remember is they were being dismissive of its severity. To be fair, they weren't totally wrong in doing so - from what I heard, you need physical access to the system to exploit the bug (on AMD), in which case the user would have bigger things to worry about. At least in Linux, they seem to add patches that would exclude them in some of the recent kernel bug fixes. It's all a bit difficult to keep track of, but at least today we finally have a more clear answer.

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023