• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

Joined
Apr 12, 2013
Messages
6,728 (1.68/day)
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
No, smeltdown was discovered by Google's project zero! In fact Intel (almost) paid researchers to not disclose similar vulnerabilities out in the open :shadedshu:

According to the VU, Intel tried to downplay the severity of the leak by officially paying $40,000 in reward and "$80,000" in addition. That offer was politely refused.

"If it were up to Intel, they would have wanted to wait another six months"
 
Joined
Jan 21, 2021
Messages
17 (0.01/day)
Location
Vulcan
With Intel’s Rocket Lake CPUs proving to be a big, fat, and underwhelming flop last week all of a sudden "vulnerabilities" are being found in Zen 3 which might be or could be exploited. Compare that to Intel CPUs in which exploits can and will be exploited and does put user’s data at risk, I don't think there's much to see here and AMD did find and report it themselves after so kudos to them. (Not an AMD fan boy by the way I been using Intel CPUs from 1996 to 2018).
 
Joined
Sep 26, 2012
Messages
856 (0.20/day)
Location
Australia
System Name ATHENA
Processor AMD 7950X
Motherboard ASUS Crosshair X670E Extreme
Cooling Noctua NH-D15S, 7 x Noctua NF-A14 industrialPPC IP67 2000RPM
Memory 2x32GB Trident Z RGB 6000Mhz CL30
Video Card(s) ASUS 4090 Strix
Storage 3 x Kingston Fury 4TB, 4 x Samsung 870 QVO
Display(s) Alienware AW3821DW, Wacom Cintiq Pro 15
Case Fractal Design Torrent
Audio Device(s) Topping A90/D90 MQA, Fluid FPX7 Fader Pro, Beyerdynamic T1 G2, Beyerdynamic MMX300
Power Supply ASUS THOR 1600T
Mouse Xtrfy MZ1 - Zy' Rail, Logitech MX Vertical, Logitech MX Master 3
Keyboard Logitech G915 TKL
VR HMD Oculus Quest 2
Software Windows 11 + OpenSUSE MicroOS
It should be noted that AMD disclosed the vulnerability AND provided effective mitigation strategies for it, both by disabling the function or by enabling things like Address space layout randomization and hardware privileged domains (which AMD's PSP is capable of) .

This is EXCELLENT by AMD to allow enterprise and end users choice in their risk profile versus shit like Intel hiding vulnerability's and providing no full mitigation strategies.
 

las

Joined
Nov 14, 2012
Messages
1,533 (0.37/day)
System Name Obsolete / Waiting for Zen 5 or Arrow Lake
Processor i9-9900K @ 5.2 GHz @ 1.35v / No AVX Offset
Motherboard AsRock Z390 Taichi
Cooling Custom Water
Memory 32GB G.Skill @ 4000/CL15
Video Card(s) Gainward RTX 4090 Phantom / Undervolt + OC
Storage Samsung 990 Pro 2TB + WD SN850X 1TB + 64TB NAS/Server
Display(s) 27" 1440p IPS @ 280 Hz + 77" QD-OLED @ 144 Hz VRR
Case Fractal Design Meshify C
Audio Device(s) Asus Essence STX / Upgraded Op-Amps
Power Supply Corsair RM1000x / Native 12VHPWR
Mouse Logitech G Pro Wireless Superlight
Keyboard Corsair K60 Pro / MX Low Profile Speed
Software Windows 10 Pro x64
Officially Intel has far more vulnerabilities than AMD. Any statement that AMD has more vulnerabilities because many of them have not yet been found is pure speculation. You say "Logic 101" but you are really making an assumption based on assumption. That's not logic.

Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.
 
Joined
Mar 18, 2008
Messages
5,398 (0.92/day)
Location
Australia
System Name Night Rider | Mini LAN PC | Workhorse
Processor AMD R7 5800X3D | Ryzen 1600X | i7 970
Motherboard MSi AM4 Pro Carbon | GA- | Gigabyte EX58-UD5
Cooling Noctua U9S Twin Fan| Stock Cooler, Copper Core)| Big shairkan B
Memory 2x8GB DDR4 G.Skill Ripjaws 3600MHz| 2x8GB Corsair 3000 | 6x2GB DDR3 1300 Corsair
Video Card(s) MSI AMD 6750XT | 6500XT | MSI RX 580 8GB
Storage 1TB WD Black NVME / 250GB SSD /2TB WD Black | 500GB SSD WD, 2x1TB, 1x750 | WD 500 SSD/Seagate 320
Display(s) LG 27" 1440P| Samsung 20" S20C300L/DELL 15" | 22" DELL/19"DELL
Case LIAN LI PC-18 | Mini ATX Case (custom) | Atrix C4 9001
Audio Device(s) Onboard | Onbaord | Onboard
Power Supply Silverstone 850 | Silverstone Mini 450W | Corsair CX-750
Mouse Coolermaster Pro | Rapoo V900 | Gigabyte 6850X
Keyboard MAX Keyboard Nighthawk X8 | Creative Fatal1ty eluminx | Some POS Logitech
Software Windows 10 Pro 64 | Windows 10 Pro 64 | Windows 7 Pro 64/Windows 10 Home
If I had a dollar for every anti Intel post in the News Forum alone on this site I'd have a new RTX 3080 with money to spare.
If I had a dollar for every anti AMD post in the News Forum alone on this site I'd have ALL the new RTX 3080s with money to spare.
 
Joined
Sep 26, 2012
Messages
856 (0.20/day)
Location
Australia
System Name ATHENA
Processor AMD 7950X
Motherboard ASUS Crosshair X670E Extreme
Cooling Noctua NH-D15S, 7 x Noctua NF-A14 industrialPPC IP67 2000RPM
Memory 2x32GB Trident Z RGB 6000Mhz CL30
Video Card(s) ASUS 4090 Strix
Storage 3 x Kingston Fury 4TB, 4 x Samsung 870 QVO
Display(s) Alienware AW3821DW, Wacom Cintiq Pro 15
Case Fractal Design Torrent
Audio Device(s) Topping A90/D90 MQA, Fluid FPX7 Fader Pro, Beyerdynamic T1 G2, Beyerdynamic MMX300
Power Supply ASUS THOR 1600T
Mouse Xtrfy MZ1 - Zy' Rail, Logitech MX Vertical, Logitech MX Master 3
Keyboard Logitech G915 TKL
VR HMD Oculus Quest 2
Software Windows 11 + OpenSUSE MicroOS
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.

The history of recorded payouts vs the resources needed to discover most of these are pretty inverse. The original Spectre disclosure offered the University of the team who disclosed it something like $50k AND to shut the fuck up about it.
 
Joined
Jun 3, 2010
Messages
2,540 (0.50/day)
Yes, because people actually cared about finding them. So they can collect money. Logic, yeah.
I bet headhunting is the wrong reference here. People have better pay elsewhere.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Well, presumably when it was originally enabled, it wasn't a known security risk.

Surely that's obvious? Is that really what you're asking?
It is. It was late though, doh! I assume you are correct.
 
Joined
Mar 18, 2015
Messages
177 (0.05/day)
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
AMD already knew about this potential vulnerability when implementing the feature and pre-built a way to turn it off into the chip for enterprise customers who want to be extra cautious. And it's already been shown that turning it off has a within-margin-of-error effect on performance anyway. Bad day for the Intel fanboys who just read the headline and popped the cork on the champagne. :)
 
D

Deleted member 205776

Guest
Once again, HenrySomeone is here, attempting to make another thread be about fanboyism within the first few replies.
 
Joined
May 8, 2018
Messages
1,495 (0.70/day)
Location
London, UK
I just bought a r9 5900x to replace a r5 3600 and now this ehhe
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
AMD already knew about this potential vulnerability when implementing the feature and pre-built a way to turn it off into the chip for enterprise customers who want to be extra cautious. And it's already been shown that turning it off has a within-margin-of-error effect on performance anyway. Bad day for the Intel fanboys who just read the headline and popped the cork on the champagne. :)
If that is the case it's outright irresponsible to leave it on.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The Spectre class of bugs don't really allow people to hack your computer.
Privilege escalation using leaked secrets is not hard.


A livedemo example of how easy it is to leak data on affected hardware (older spectre class, not this).
 
Joined
May 8, 2018
Messages
1,495 (0.70/day)
Location
London, UK
Enjoy dominating every multicore benchmark.

Final overclock is 4.4ghz 1.11v, amd overclocking msi b450 gaming plus, everything is very much stable, temperature full load is 75c, dual 120mm fans aka 240mm aio setup, i need a 360mm aio setup. What I'm sad about is that at auto it gets up to 4.9ghz on 3 threads which is very good, however I'm using 20 threads for AI and I just cant use the auto, so no 4.9ghz single core for me unless I stop using the AI workloads I'm doing, sad. I really wanted to use 4.9ghz on things while I could use 4.4 for other things but at 1.11v and that is not possible, to be able to use 4.9ghz I will need at least 1.4v on auto and manual not sure, did not try it yet but 4.9ghz all all threads, not sure if is safe, i mean, multiplier on bios 45x gives a red connotation which means warning/dangerous, so for them up to 44 x 100mhz is all right more than 4400mhz is dangerous.
 
Last edited:
Joined
Dec 26, 2006
Messages
3,470 (0.55/day)
Location
Northern Ontario Canada
Processor Ryzen 5700x
Motherboard Gigabyte X570S Aero G R1.1 BiosF5g
Cooling Noctua NH-C12P SE14 w/ NF-A15 HS-PWM Fan 1500rpm
Memory Micron DDR4-3200 2x32GB D.S. D.R. (CT2K32G4DFD832A)
Video Card(s) AMD RX 6800 - Asus Tuf
Storage Kingston KC3000 1TB & 2TB & 4TB Corsair LPX
Display(s) LG 27UL550-W (27" 4k)
Case Be Quiet Pure Base 600 (no window)
Audio Device(s) Realtek ALC1220-VB
Power Supply SuperFlower Leadex V Gold Pro 850W ATX Ver2.52
Mouse Mionix Naos Pro
Keyboard Corsair Strafe with browns
Software W10 22H2 Pro x64
Spectre did actually hurt us in the datacenter; We tend to plan servers on 3 or 5 year lifespans for budget and ROI reasons. We had a lot of Xeon and very little Epyc and after the first round of updates we jumped from about half capacity to about 70% capacity with a trickle less capacity every time more patches were added. Since those hosts were running VMs with access to financial data and confidential data under NDA it would have been irresponsible to leave hyperthreading on too - so within 6 months of the first patches our half-capacity became almost maxed out and some of these servers had several years left on the clock before being budgeted for replacment.

The only reason things aren't as dire as they could have been is that COVID-19 has reduced the server loads these last 13 months. Under normal circumstances, the loss of performance from applying mitigation steps and patches would have f***ed us over, hard, and expensively.
Yikes. Scary stuff.

We have yoga 370 notebooks for work and over the past 3 years with bios updates and windows updates it’s noticeably slower then it was at day 1.
 
Joined
Feb 20, 2019
Messages
7,194 (3.86/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
It is. It was late though, doh! I assume you are correct.
LOL.
I also assume, I haven't bothered doing the research to check :)

Presumably AMD wouldn't intentionally take security shortcuts like Intel, as they were using their "we're not affected by Spectre" as a pretty big selling point in the server world. Maybe they're just lying asshats and all megacorps are pure evil. Nothing would surprise me or bother me really, we buy stuff because we have to, not because we want to....
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
No, smeltdown was discovered by Google's project zero! In fact Intel (almost) paid researchers to not disclose similar vulnerabilities out in the open :shadedshu:


Correct. However, google Project zero still accepted the initial standard bounty. It's standard practice to not investigate something without a chance of return in most cases.
 
Joined
Feb 20, 2019
Messages
7,194 (3.86/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Yikes. Scary stuff.

We have yoga 370 notebooks for work and over the past 3 years with bios updates and windows updates it’s noticeably slower then it was at day 1.
Absolutely - the Core M-5y71 laptops we have are unusable now. They were barely fast enough in the first place so when you add patch bloat slowdown to Spec-ex mitigations it's dire :p
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Presumably AMD wouldn't intentionally take security shortcuts like Intel,
Honestly, speculative execution is the shortcut, and all complex chip vendors use it. Some just have had less research done, but the origin is the same.
 
Joined
Jun 10, 2014
Messages
2,889 (0.81/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
Presumably AMD wouldn't intentionally take security shortcuts like Intel…
Then that's a product of bias, a bias which unfortunately has become widespread. I've not seen any evidence of Intel taking "security shortcuts".

A shortcut would imply a conscious decision, while the Spectre family is caused by an oversight, an oversight done by numerous companies implementing their own microarchitectures.
 
Low quality post by dirtyferret
Joined
Jun 1, 2011
Messages
3,817 (0.81/day)
Location
in a van down by the river
Processor faster than yours
Motherboard better than yours
Cooling cooler than yours
Memory smarter than yours
Video Card(s) better performance than yours
Storage stronger than yours
Display(s) bigger than yous
Case fancier than yours
Audio Device(s) clearer than yours
Power Supply more powerful than yours
Mouse lighter than yours
Keyboard less clicky than yours
Benchmark Scores up yours
 
Joined
Apr 30, 2011
Messages
2,648 (0.56/day)
Location
Greece
Processor AMD Ryzen 5 5600@80W
Motherboard MSI B550 Tomahawk
Cooling ZALMAN CNPS9X OPTIMA
Memory 2*8GB PATRIOT PVS416G400C9K@3733MT_C16
Video Card(s) Sapphire Radeon RX 6750 XT Pulse 12GB
Storage Sandisk SSD 128GB, Kingston A2000 NVMe 1TB, Samsung F1 1TB, WD Black 10TB
Display(s) AOC 27G2U/BK IPS 144Hz
Case SHARKOON M25-W 7.1 BLACK
Audio Device(s) Realtek 7.1 onboard
Power Supply Seasonic Core GC 500W
Mouse Sharkoon SHARK Force Black
Keyboard Trust GXT280
Software Win 7 Ultimate 64bit/Win 10 pro 64bit/Manjaro Linux
Everyone should deactivate that feature. Less than 1% effect on performance isn't something to discuss about.
 
Top