It's not only unfair, but completely ridiculous to blame Intel for everyone's mistakes. This of course doesn't diminish the severity of the problem, but makes them all sinners.
Some refers to these issues with speculative execution as "Meltdown" and "Spectre", Google divides it into three classes, and ARM divides it into "four". All modern x86 (both Intel and AMD), most ARM processors and even IBM Power are affect by one or more of these exploits. It's worth mentioning that these are not production errors or tapeout mistakes, these are all logical design errors. So why does very different designs have similar mistakes? Simply because engineers are prone to do similar mistakes and assumptions when tackling similar problems. This is why it's simple to find many new problems once we've discovered one new class of mistakes.
Something tells me there will be even more exploits found soon, with this many people exploring these new approaches and the embargo being lifted next Tuesday.
Most sites, including TPU, incorrectly refers to these bugs as VM related, but they're not. These bugs are related to leaking of
virtual memory, which is the method of separating the address space of each process and of course kernel memory. This is done in every modern operating system, and is one of the primary tasks of the OS kernel itself. The process involves something called "paging", which are small chunks of memory mapped into a continuous address space for each process, while it in reality are fragmented chunks spread throughout the physical address space.
A user space process is only allowed to access it's own memory, attempting to access memory outside this range will result in a
page fault. These new exploits involves techniques to make the CPU leak small parts of unaccessible kernel memory. It seems like you can only get a few bytes at the time, and Google achieved something like ~2kB/s, so it will take a while to dump all of the memory… But provided you can dump arbitrary memory this way, any single user space process can
in theory* dump the entire system memory, including memory of other processes and the kernel itself.
This is where Virtual Machines actually comes in, since VMs technically only is a process on a host machine. So if one process can access the memory of any other process, it would mean one VM can access the memory of another VM as well. This is a serious exploit vector since cloud providers make their living off allowing people to run their own VMs on the same host.
But as mentioned, the exploit itself has nothing to do with VMs.
Any specially crafted program with the right system calls executed on a machine will be able to do it. So going back to your question, does this apply to your desktop machine? Yes, if you run any executable which is not trusted. But, this is not limited to standalone programs, but also JIT programs like Java applets or Java apps on your phone, various scripts, etc. The big question remains if JavaScript in Web Browsers are able to execute this. I'm not sure yet if it's possible, but evidently both Google and
Mozilla thinks there might be a risk. If this turns out to be feasable, then these exploits become much worse than for VMs, since it will allow any web page to scan through system memory for things like encryption keys, passwords, etc. ,
and then it's really bad!
*) Why in theory? At this rate the memory is likely to change rapidly while dumping it, so making a complete dump will be hard.
These exploits is about leaking memory, not backdoors.
BTW, Windows has had a "service backdoor" since 95…
Because AMD is bug-free? Have you even followed this subject? AMD is affected as well.
AMD also incorporate a security processor like Intel, and it's not that many months ago that AMD refused to admit a serious stability issue which they dismissed as a "performance bug marginally affecting Linux", despite it having no relation to Linux nor performance. All of these vendors will always downplay or dismiss problems, even when they are fully aware.
Edit:
AMD PSP Affected By Remote Code Execution Vulnerability
Both Intel, AMD and ARM has been aware of these new bugs since last summer.
These performance numbers are referring to the performance in edge cases with Linux kernel KPTI patches which were made in a rush to circumvent the problem. It's very likely that better OS patches combined with firmware tweaks will reduce this slowdown. Many workloads, such as gaming and video encoding should not be affected.
You mean old 486 cpus from AMD, right? All modern AMD CPUs are affected.
This all depends on this being exploitable through JavaScript, which "everyone" executes happily. It's already known to be exploitable through JIT compiled stuff such as Android apps and Java applets. See my longer paragraph above.
