AMD Confirms its Processors are Unaffected by RIDL and Fallout Vulnerabilities

[btarunr]

AMD in a statement confirmed that its processors are unaffected by the RIDL (Rogue In-Flight Data Load) and Fallout vulnerabilities. The company however worded its statement in CYA language, just to be safe. "...we believe our products are not susceptible to 'Fallout' or 'RIDL' because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so," reads the AMD statement put out late Tuesday (14th May).

AMD came to these conclusions on the basis of its own testing and discussions with the researchers who discovered RIDL. It's important to note here, that the "Fallout" vulnerability AMD is referring to in this statement is the one which is part of four MDS vulnerabilities Intel disclosed yesterday, and not the identically named "Fallout" vulnerability discovered by CTS Labs in 2018, allegedly affecting secure memory management of AMD "Zen" processors.



View at TechPowerUp Main Site

 

[Manoa]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

 

[Zubasa]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

So, what if your processor is compromised and you compromise it further with the IME, how do you call that?

 

[Manoa]

lel man sounds to me like the same thing

 

[Medallish]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

lol at the attempt at obfuscation.

Intel CPU Dies should be round with the amount of corner cutting they have been doing.

 

[Crackong]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

There is worst : your processors are affected by vulnerabilities and yet deliberately compromise it with a backdoor, then say these vulnerabilities can be avoided by lowering performance by 30%.

 

[IceShroom]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

Are you forgetting Intel Management Engine???

 

[Xuper]

Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x

 

[Camm]

Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x

Simultaneous Multithreading is the name of the technology

Hyper Threading is just branding.

 

[GlacierNine]

There is worst : your processors are affected by vulnerabilities and yet deliberately compromise it with a backdoor, then say these vulnerabilities can be avoided by lowering performance by 30%.

Please cite that 30% claim, and bear in mind that the performance impacts of the patches have REDUCED over time, restoring much of the lost performance.

Additionally, the worst performance regression I am aware of at ANY time, in any workload as a result of any Spectre/Meltdown patch was 24% impact - and that was specifically on one piece of software: postgres.

Since that time, there have been numerous new patches and revisions, and performance impact has been reduced in all cases, to either no impact at all (for most consumer tasks), or low single digit % hits for anything professional or datacentre.

Microsoft (not Intel) have also stated that their 1H-2019 Windows 10 patch will reduce the performance impact of all Spectre and Meltdown mitigations to "Noise level" - IE, low impact than could be explained by simple test variance, thus eliminating the issue related to those patches entirely. (Linux has had retpoline enabled for a few months now btw, so is also no longer significantly impacted by spectre patch performance regressions)

Windows 10 1H-2019 Update to Reduce Performance Impact of Spectre V2 Mitigations

Microsoft is working to reduce the performance impact of "Spectre" V2 security vulnerability software mitigation with its next major update to Windows 10. The major update that's scheduled for the first half of 2019, will feature the "Retpoline" mitigation enabled on the operating system's...

www.techpowerup.com

 

[ExV6k]

lol at the attempt at obfuscation.

Intel CPU Dies should be round with the amount of corner cutting they have been doing.

I genuinely love this answer

 

[prtskg]

Please cite that 30% claim, and bear in mind that the performance impacts of the patches have REDUCED over time, restoring much of the lost performance.

Additionally, the worst performance regression I am aware of at ANY time, in any workload as a result of any Spectre/Meltdown patch was 24% impact - and that was specifically on one piece of software: postgres.

Since that time, there have been numerous new patches and revisions, and performance impact has been reduced in all cases, to either no impact at all (for most consumer tasks), or low single digit % hits for anything professional or datacentre.

Microsoft (not Intel) have also stated that their 1H-2019 Windows 10 patch will reduce the performance impact of all Spectre and Meltdown mitigations to "Noise level" - IE, low impact than could be explained by simple test variance, thus eliminating the issue related to those patches entirely. (Linux has had retpoline enabled for a few months now btw, so is also no longer significantly impacted by spectre patch performance regressions)

Windows 10 1H-2019 Update to Reduce Performance Impact of Spectre V2 Mitigations

Microsoft is working to reduce the performance impact of "Spectre" V2 security vulnerability software mitigation with its next major update to Windows 10. The major update that's scheduled for the first half of 2019, will feature the "Retpoline" mitigation enabled on the operating system's...

www.techpowerup.com

I'm thinking he's talking about disabling hyperthreading suggestion Intel gave for 7th gen or older processors. Obviously this is just my guess.

 

[GoldenX]

And I almost went for an i3 8100.

 

[Deleted member 24505]

I genuinely love this answer

Cpu production wafers are round.

 

[Divide Overflow]

Are ham handed MS updates forcing the patch for Intel vulnerabilities on AMD systems?

 

[GoldenX]

Are ham handed MS updates forcing the patch for Intel vulnerabilities on AMD systems?

There's no way to confirm it, but that might be the case. Linus had a very heated discussion with Intel about the Linux kernel's mitigations during the first Spectre patches, he was screaming at Intel for trying to force the patch on all CPUs.

 

[Crackong]

Please cite that 30% claim.

Please follow Intel's suggestion and disable HT in your i7 CPUs for maximum security, enjoy your 30% reduced performance and your newborn i5 CPU.


(Edit) I am sorry, I was wrong, it should be 40%.
Mac Performance Drops Up to 40% With Intel Vulnerability Mitigations

 

[Kamgusta]

"We believe [...] . We have not been able to demonstrate [...]".
Well, its doesn't sound great, but it's good enough.

 

[R-T-B]

the most mega LOL news ever: advertise that your processors are not affected by vulnerabilities and yet deliberately compromise it with a backdoor (PSP)

There is no more evidence the PSP is a backdoor than the Intel ME.

They both are just really bad ideas.

(Edit) I am sorry, I was wrong, it should be 40%.
Mac Performance Drops Up to 40% With Intel Vulnerability Mitigations

Yeah, we aren't mac users but cool story bro.

There's no way to confirm it

Run MDS tool. You can confirm it and no, it looks like right now it needs a microcode command to enable mitigations. AMD is unlikely to release this command in it's AGESA since it does not appear to think it needs it. I believe them to be correct, but the world is crazy as of late.

Why does MDS tool say SMT is vulnerable ? here Ryzen 1600x

Probably looking at the Spectre flags. In which case: You probably are vulnerable. What AGESA?