Thursday, January 4th 2018

AMD Updates on AMD Processor Security Status

There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats. It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
  • The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
  • The described threat has not been seen in the public domain.
When AMD learned that researchers had discovered a new CPU attack targeting the speculative execution functionality used by multiple chip companies' products, we immediately engaged across the ecosystem to address the teams' findings. The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details (above).

As the security landscape continues to evolve, a collaborative effort of information sharing in the industry represents the strongest defense.

Total protection from all possible attacks remains an elusive goal and this latest example shows how effective industry collaboration can be.

As always, AMD strongly encourages its customers to consistently undertake safe computing practices, examples of which include: not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates.
Add your own comment

20 Comments on AMD Updates on AMD Processor Security Status

#1
Hugh Mungus
AMD is only vulnerable to variant 1, which is easily resolved with basically no performance hit. Nice!

Also, 3 flaws now, so the problem tripled! Variants 2 and 3 affect ARM and Intel it seems. Not nice!
Posted on Reply
#2
FYFI13
Hugh Mungus, post: 3778208, member: 172152"
AMD is only vulnerable to variant 1, which is easily resolved with basically no performance hit. Nice!

Also, 3 flaws now, so the problem tripled! Variants 2 and 3 affect ARM and Intel it seems. Not nice!
Plus IME has been hacked a while ago. No wonders Intel CEO sold most of Intel stocks.
Posted on Reply
#4
dj-electric
GenericAMDFan, post: 3778219, member: 174736"
It's a good time to upgrade to AMD
Can't tell if incredibly well made, sarcastic account, or just a genuine response.
Posted on Reply
#5
ssdpro
It is funny how on day1 the reports are Intel "and maybe others" suffer from the "variant 1" problem. Then in the middle of the night sites pickup most cpus including AMD are affected by variant one. Everyone gets the OS update with "negligible performance degradation". All over some potential exploit nearly none of us basic consumers would ever be vulnerable to. What is due here is a big thank you to google for working to keep computing safe for those that are too lazy to make sensible, responsible choices.
Posted on Reply
#6
64K
FYFI13, post: 3778217, member: 105256"
Plus IME has been hacked a while ago. No wonders Intel CEO sold most of Intel stocks.
It's going to be interesting to see how much shit sticks to Krzanich over that 24 million dollar sale. Intel is trying to claim that this was just a preplanned sale of his stock which happens from time to time automatically so that he can't be charged with insider trading but the fact that he put that plan into place months after Google informed Intel about their flaw is suspicious.

http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1
Posted on Reply
#7
Imsochobo
ssdpro, post: 3778280, member: 131037"
It is funny how on day1 the reports are Intel "and maybe others" suffer from the "variant 1" problem. Then in the middle of the night sites pickup most cpus including AMD are affected by variant one. Everyone gets the OS update with "negligible performance degradation". All over some potential exploit nearly none of us basic consumers would ever be vulnerable to. What is due here is a big thank you to google for working to keep computing safe for those that are too lazy to make sensible, responsible choices.
this is not something that a manufacture does intentionally, but just maybe amd haven't designed in as many assumptions as intel it seems.
Assumptions that next code will be kinda deal.

But the bad part is intel's downplay of the issue and calling out others to drag them down with them
Posted on Reply
#8
TheGuruStud
Buddy at fortune 500 says they have 23% perf impact on their virtuals. Riptel.

dj-electric, post: 3778225, member: 87186"
Can't tell if incredibly well made, sarcastic account, or just a genuine response.
Its is perfect in server space. Intel can't win in anything, now.
Posted on Reply
#9
lexluthermiester
Now that more details have surfaced, it seems AMD jumped the gun a bit. All CPU's are vulnerable regardless of architecture and OS platform, the sole exception being Apple's iOS. But even that is likely to have a certain level vulnerability as more details of this are discovered/uncovered.
Posted on Reply
#10
TheGuruStud
lexluthermiester, post: 3778627, member: 134537"
Now that more details have surfaced, it seems AMD jumped the gun a bit. All CPU's are vulnerable regardless of architecture and OS platform, the sole exception being Apple's iOS. But even that is likely to have a certain level vulnerability as more details of this are discovered/uncovered.
Not really, AMD is only vulnerable to the one type (there's 3) and the fix has a negligible perf impact.

Intel wants to pretend AMD is in the same boat.
Posted on Reply
#11
lexluthermiester
TheGuruStud, post: 3778649, member: 42692"
Not really, AMD is only vulnerable to the one type (there's 3) and the fix has a negligible perf impact.

Intel wants to pretend AMD is in the same boat.
That would be incorrect.
https://isc.sans.edu/diary.html?utm_content=bufferbb5f4&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
https://meltdownattack.com/
These vulnerabilities have been shown to affect every CPU with execution prediction on all OS platforms. Only Apple's iOS is relatively safe, but there are indications that it too has some susceptibilities.

This is NOT an Intel problem. It is VERY much an everyone problem.
(Sometimes I feel like a broken record..)
Posted on Reply
#12
R0H1T
lexluthermiester, post: 3778650, member: 134537"
That would be incorrect.
https://isc.sans.edu/diary.html?utm_content=bufferbb5f4&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
https://meltdownattack.com/
These vulnerabilities have been shown to affect every CPU with execution prediction on all OS platforms. Only Apple's iOS is relatively safe, but there are indications that it too has some susceptibilities.

This is NOT an Intel problem. It is VERY much an everyone problem.
(Sometimes I feel like a broken record..)
You can look at google's project zero - you know the ones who're actually responsible for the disclosure? AMD is not affected by meltdown, spectre (1 & 2) are in theory applicable for Ryzen but they've not shown any demonstrable exploit for it yet.
  1. A PoC that demonstrates the basic principles behind variant 1 in userspace on the tested Intel Haswell Xeon CPU, the AMD FX CPU, the AMD PRO CPU and an ARM Cortex A57 [2]. This PoC only tests for the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries.
  2. A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU. On the Intel Haswell Xeon CPU, kernel virtual memory can be read at a rate of around 2000 bytes per second after around 4 seconds of startup time. [4]
  3. A PoC for variant 2 that, when running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific (now outdated) version of Debian's distro kernel [5] running on the host, can read host kernel memory at a rate of around 1500 bytes/second, with room for optimization. Before the attack can be performed, some initialization has to be performed that takes roughly between 10 and 30 minutes for a machine with 64GiB of RAM; the needed time should scale roughly linearly with the amount of host RAM. (If 2MB hugepages are available to the guest, the initialization should be much faster, but that hasn't been tested.)
  4. A PoC for variant 3 that, when running with normal user privileges, can read kernel memory on the Intel Haswell Xeon CPU under some precondition. We believe that this precondition is that the targeted kernel memory is present in the L1D cache.
Posted on Reply
#13
Hugh Mungus
R0H1T, post: 3778651, member: 131092"
You can look at google's project zero - you know the ones who're actually responsible for the disclosure? AMD is not affected by meltdown, spectre (1 & 2) are in theory applicable for Ryzen but they've not shown any demonstrable exploit for it yet.
And Ryzen hasn't been tested, so the problem could be even smaller on AMD's side.

None of the bugs were used according to google, variant 2 is basically impossible to exploit on older AMD cpu's and variant 3 is applicable to Intel and ARM CPU's. So, AMD made a mistake, but may have fixed it with Ryzen, so I should be mad at AMD, but that issue is overshadowed by Intel's problems which actually can cause MAJOR performance hits! AMD's problem was/will be fixed without a performance hit and was(/is) significantly smaller than Intel's problem anyway!

Basically old AMD was rubbish, new AMD is amazing and Intel is still the irresponsible, whining rich kid!
Posted on Reply
#14
lexluthermiester
You two need to actually read the documentation instead of making lazy assumptions or cherry-picking selective information that fits your limited, agenda focused narrative. The knowledge of these problems are a working progression. ALL CPU's are affected by these vulnerabilities equally. All, as in every CPU made in the past 20 years. Why do you think whole governments are scrambling to implement preventive measures? This is NOT an AMD vs Intel problem. It affects everyone, everywhere on all devices with a working CPU.
Hugh Mungus, post: 3778772, member: 172152"
Basically old AMD was rubbish, new AMD is amazing and Intel is still the irresponsible, whining rich kid!
So does that make ARM equally irresponsible? Or does it mean that these things have caught everyone in the industry by surprise? Which do you think is more likely? Hmm?
Posted on Reply
#15
Hugh Mungus
lexluthermiester, post: 3778871, member: 134537"
You two need to actually read the documentation instead of making lazy assumptions or cherry-picking selective information that fits your limited, agenda focused narrative. The knowledge of these problems are a working progression. ALL CPU's are affected by these vulnerabilities equally. All, as in every CPU made in the past 20 years. Why do you think whole governments are scrambling to implement preventive measures? This is NOT an AMD vs Intel problem. It affects everyone, everywhere on all devices with a working CPU.

So does that make ARM equally irresponsible? Or does it mean that these things have caught everyone in the industry by surprise? Which do you think is more likely? Hmm?
Try reading my comment. We KNOW Intel knew about the vulnerability quite some time BEFORE releasing Coffee Lake and basically changed nothing. AMD on the other hand likely only knew two months befpre releasing Ryzen there was a vulnerability AND likely isn't at risk. That makes a HUGE differemce in my eyes! O, and ARM doesn't seems to have the same level of performance hits if any (Apple already fixed their processors in the december updates) and ARM is rarely, if at all used in giant servers like Intel CPU's are, if at all. Intel still has the most crap on its plate which isn't entirely their fault, but is the only company trying to push this off on other companies and has the biggest performance hits!
Posted on Reply
#16
lexluthermiester
Hugh Mungus, post: 3778936, member: 172152"
Try reading my comment.
Hmm..
Hugh Mungus, post: 3778936, member: 172152"
We KNOW Intel knew about the vulnerability quite some time BEFORE releasing Coffee Lake and basically changed nothing.
lexluthermiester, post: 3778938, member: 134537"
Yes, but they did act on it and started fixes for it. You can't expect a company to halt a major product release over a vulnerability that was, and is still, not completely understood and has no known exploits.
Hugh Mungus, post: 3778936, member: 172152"
AMD on the other hand likely only knew two months befpre releasing Ryzen there was a vulnerability AND likely isn't at risk.
Citation please.
Hugh Mungus, post: 3778936, member: 172152"
That makes a HUGE differemce in my eyes!
Oh, of course it would..
Hugh Mungus, post: 3778936, member: 172152"
O, and ARM doesn't seems to have the same level of performance hits if any
Citation please.
Hugh Mungus, post: 3778936, member: 172152"
Intel still has the most crap on its plate which isn't entirely their fault
At least we agree on something..
Hugh Mungus, post: 3778936, member: 172152"
but is the only company trying to push this off on other companies and has the biggest performance hits!
That's an assumption not backed by merit.

https://meltdownattack.com/
Read
Posted on Reply
#17
Hugh Mungus
lexluthermiester, post: 3778955, member: 134537"
Hmm..
I hmmm... Your hmmm... XD
lexluthermiester, post: 3778955, member: 134537"
Citation please.
No need. Common knowledge that the Project Zero people found out about these bugs in January last year, two months Ryzen was released. Intel had longer and really should have properly redesigned their CPU's a LOOOONNGG time ago! Maybe then, like Ryzen, the problem potentially could have been fixed.
lexluthermiester, post: 3778955, member: 134537"
Oh, of course it would..
If Intel's lazy approach to CPU design and AMD's recent (and past) enthousiastic efforts to conquer The Beast of Incremental Upgrades seem pretty much the same to you, you're not even an Intel fanboy, just a hater.
lexluthermiester, post: 3778955, member: 134537"
Citation please.
Look, an article: https://www.macrumors.com/2018/01/04/apple-meltdown-spectre-vulnerability-fixes/

Now go watch some iOS 11.2 and 11.2.1 vs iOS whatever videos. No unusual discrepancies.
lexluthermiester, post: 3778955, member: 134537"
That's an assumption not backed by merit.
"That's an assumption not backed by merit." It is pretty much common knowledge that Intel is the only one pushing their problems off on others. They started blabbing on all the others and everyone else gave statements that yes, there are vulnerabilities, but they are fixing/have fixed the problem to some extent and warn not to download malicious apps that could exploit the vulnerabilities. To make it more understandable for some people, it's basically the difference between a toddler's response (They did it too!!!) and a grown-up's response (There is something wrong, but we're working on fixing it. Just don't do this ... or this .... and you'll be fine.).

Go read the other statements.
Posted on Reply
#18
lexluthermiester
Hugh Mungus, post: 3779053, member: 172152"
Your post
So all you needed to say was, "No, I don't understand the context of these problems, nor understand how they apply to the real world". Yup that all you had to say.
Posted on Reply
#20
lexluthermiester
TheGuruStud, post: 3779065, member: 42692"
keep shillin
Irony..
Posted on Reply
Add your own comment