New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays
Click here to post a comment for New AMD Side Channel Vulnerabilities found - AMD Reacts and Downplays on our message forum
sverek
anticupidon
Good to see that security folks are ever vigilant. Now, AMD is having its share of vulnerabilities.
Let's see how this will pan out.
fantaskarsef
Well, everybody gets a security problem for free with speculative execution. Maybe that's a generally dangerous way of creating CPU architectures... I wonder if they will be searching for an alternative route down the way.
While I agree with you as usual, the full paragraph tells more than the first line:
Kaarme
It's pretty hard to take seriously an Intel funded study on AMD CPUs, but it's not like we wouldn't have known AMD's CPUs have their own vulnerabilites. They are just far less numerous than Intel's.
skimike
Everything I have seen about this vulnerability since it popped up last Friday suggests that it leaks metadata rather than actual data. Has anyone read anything to the contrary?
Dribble
I do wonder if AMD have less vulnerabilities because (a) they tried to be more secure then Intel (b) they just got lucky or (c) no one has really tried to attack them yet?
barbacot
Yes, the study is made with Intel funds but only for the purpose of scientific development - Intel gives this kind of grants regularly: https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/intel-2019-product-security-report.pdf
It's their "Bug Bounty program" so nothing unfair or conspiracy here...
I think that with the market gains that AMD makes today they will get more and more attention and who knows...maybe more bugs discovered and fixed.
It's crazy to think that AMD CPU's are "perfect" or "flawless" compared to Intel related to security - today CPU's are incredibly complex architectures and things get overlooked - Intel, AMD makes no difference, the important thing is for these flaws to be discovered and patched up quickly.
Kool64
Inserting obligatory "I don't care about security" quote.
Denial
fantaskarsef
schmidtbag
I'd deem this problem worth concerning over, though I'm curious what the fix is and the performance impact as a result.
H83
So very piece of hardware has vulnerabilities... Not sure if this is assuring or concerning...
D3M1G0D
I don't think this is anything to worry about. AMD's statement indicates that these are not new side-channel attacks but relies on known and mitigated side-channel attacks (bolded):
As such, if you've already applied patches for those known side-channel attacks then it should also protect you from this. The only thing needed is to keep your system up-to-date and fully patched, as AMD recommends.
JamesSneed
I would downplay it as well. They had to modify the kernel to pull this off. Meaning this is already fixed with patches. Academically they are new vulnerabilities but back in the real world these are already fixed so are not really new threats.
SbbKbb
I find it very funny at anyone with Windows 10 being worried about security of they processor 🙂 On the other hand anyone that remembers the history more than one week cant bee surprised with Intels shortcuts(read speed over security) and they malversation and bribery, sorry lobbying 🙂
And no, i am not an AMD fanboy. I am to old for this nor iv ever been hostage of an corporation but i remember history. Zx Spectrum,C64,Cyrix,AMD,VIA,Intel,Nvidia,ATI. Iv had them all in some point of time wen they had a good product.
And for the moment i believe AMD till proven otherwise.
Kool64
If we are to believe the reports AMD is including this in the Spectre/Meltdown side channel attacks. Thus the issue was resolved years ago.
jbscotchman
I won't lose any sleep over this.
Turanis
From what I know from Wiki: Zen 2 (e.g. R5 3600,R7 3700,etc) includes hardware mitigations against the Spectre V4 speculative store bypass vulnerability.
This side speculations are not very very horrorific with new Ryzen as some cpus from other side. 🙂
JamesSneed
Turanis
The drama will be if Intel will do not much more in the next cpu architecture. 😉