Wednesday, May 15th 2019

AMD Confirms its Processors are Unaffected by RIDL and Fallout Vulnerabilities

AMD in a statement confirmed that its processors are unaffected by the RIDL (Rogue In-Flight Data Load) and Fallout vulnerabilities. The company however worded its statement in CYA language, just to be safe. "...we believe our products are not susceptible to 'Fallout' or 'RIDL' because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so," reads the AMD statement put out late Tuesday (14th May).

AMD came to these conclusions on the basis of its own testing and discussions with the researchers who discovered RIDL. It's important to note here, that the "Fallout" vulnerability AMD is referring to in this statement is the one which is part of four MDS vulnerabilities Intel disclosed yesterday, and not the identically named "Fallout" vulnerability discovered by CTS Labs in 2018, allegedly affecting secure memory management of AMD "Zen" processors.
Source: AMD
Add your own comment

18 Comments on AMD Confirms its Processors are Unaffected by RIDL and Fallout Vulnerabilities

#1
Manoa
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
Posted on Reply
#2
Zubasa
Manoa, post: 4047668, member: 174695"
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
So, what if your processor is compromised and you compromise it further with the IME, how do you call that?
Posted on Reply
#3
Manoa
lel man sounds to me like the same thing :)
Posted on Reply
#4
Medallish
Manoa, post: 4047668, member: 174695"
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
lol at the attempt at obfuscation.

Intel CPU Dies should be round with the amount of corner cutting they have been doing.
Posted on Reply
#5
Crackong
Manoa, post: 4047668, member: 174695"
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
There is worst : your processors are affected by vulnerabilities and yet deliberately compromise it with a backdoor, then say these vulnerabilities can be avoided by lowering performance by 30%.
Posted on Reply
#6
IceShroom
Manoa, post: 4047668, member: 174695"
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
Are you forgetting Intel Management Engine???
Posted on Reply
#7
Xuper
Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x
Posted on Reply
#8
Camm
Xuper, post: 4047705, member: 83814"
Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x
Simultaneous Multithreading is the name of the technology

Hyper Threading is just branding.
Posted on Reply
#9
GlacierNine
Crackong, post: 4047688, member: 185495"
There is worst : your processors are affected by vulnerabilities and yet deliberately compromise it with a backdoor, then say these vulnerabilities can be avoided by lowering performance by 30%.
Please cite that 30% claim, and bear in mind that the performance impacts of the patches have REDUCED over time, restoring much of the lost performance.

Additionally, the worst performance regression I am aware of at ANY time, in any workload as a result of any Spectre/Meltdown patch was 24% impact - and that was specifically on one piece of software: postgres.

Since that time, there have been numerous new patches and revisions, and performance impact has been reduced in all cases, to either no impact at all (for most consumer tasks), or low single digit % hits for anything professional or datacentre.

Microsoft (not Intel) have also stated that their 1H-2019 Windows 10 patch will reduce the performance impact of all Spectre and Meltdown mitigations to "Noise level" - IE, low impact than could be explained by simple test variance, thus eliminating the issue related to those patches entirely. (Linux has had retpoline enabled for a few months now btw, so is also no longer significantly impacted by spectre patch performance regressions)

https://www.techpowerup.com/248714/windows-10-1h-2019-update-to-reduce-performance-impact-of-spectre-v2-mitigations
Posted on Reply
#10
ExV6k
Medallish, post: 4047674, member: 103253"
lol at the attempt at obfuscation.

Intel CPU Dies should be round with the amount of corner cutting they have been doing.
I genuinely love this answer :roll:
Posted on Reply
#11
prtskg
GlacierNine, post: 4047727, member: 174559"
Please cite that 30% claim, and bear in mind that the performance impacts of the patches have REDUCED over time, restoring much of the lost performance.

Additionally, the worst performance regression I am aware of at ANY time, in any workload as a result of any Spectre/Meltdown patch was 24% impact - and that was specifically on one piece of software: postgres.

Since that time, there have been numerous new patches and revisions, and performance impact has been reduced in all cases, to either no impact at all (for most consumer tasks), or low single digit % hits for anything professional or datacentre.

Microsoft (not Intel) have also stated that their 1H-2019 Windows 10 patch will reduce the performance impact of all Spectre and Meltdown mitigations to "Noise level" - IE, low impact than could be explained by simple test variance, thus eliminating the issue related to those patches entirely. (Linux has had retpoline enabled for a few months now btw, so is also no longer significantly impacted by spectre patch performance regressions)

https://www.techpowerup.com/248714/windows-10-1h-2019-update-to-reduce-performance-impact-of-spectre-v2-mitigations
I'm thinking he's talking about disabling hyperthreading suggestion Intel gave for 7th gen or older processors. Obviously this is just my guess.
Posted on Reply
#12
GoldenX
And I almost went for an i3 8100.
Posted on Reply
#13
tigger
I'm the only one
ExV6k, post: 4047749, member: 168246"
I genuinely love this answer :roll:
Cpu production wafers are round.
Posted on Reply
#14
Divide Overflow
Are ham handed MS updates forcing the patch for Intel vulnerabilities on AMD systems?
Posted on Reply
#15
GoldenX
Divide Overflow, post: 4047989, member: 69232"
Are ham handed MS updates forcing the patch for Intel vulnerabilities on AMD systems?
There's no way to confirm it, but that might be the case. Linus had a very heated discussion with Intel about the Linux kernel's mitigations during the first Spectre patches, he was screaming at Intel for trying to force the patch on all CPUs.
Posted on Reply
#17
Kamgusta
"We believe [...] . We have not been able to demonstrate [...]".
Well, its doesn't sound great, but it's good enough.
Posted on Reply
#18
R-T-B
Manoa, post: 4047668, member: 174695"
the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)
There is no more evidence the PSP is a backdoor than the Intel ME.

They both are just really bad ideas.

Crackong, post: 4048018, member: 185495"
(Edit) I am sorry, I was wrong, it should be 40%.
Mac Performance Drops Up to 40% With Intel Vulnerability Mitigations
Yeah, we aren't mac users but cool story bro.

GoldenX, post: 4048013, member: 160319"
There's no way to confirm it
Run MDS tool. You can confirm it and no, it looks like right now it needs a microcode command to enable mitigations. AMD is unlikely to release this command in it's AGESA since it does not appear to think it needs it. I believe them to be correct, but the world is crazy as of late.

Xuper, post: 4047705, member: 83814"
Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x
Probably looking at the Spectre flags. In which case: You probably are vulnerable. What AGESA?
Posted on Reply
Add your own comment