• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

AleksandarK

News Editor
Staff member
Joined
Aug 19, 2017
Messages
2,190 (0.91/day)
AMD Ryzen 5000 series of processors feature the new Zen 3 core design, which uses many techniques to deliver the best possible performance. One of those techniques is called Predictive Store Forwarding (PSF). According to AMD, "PSF is a hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting dependencies between loads and stores." That means that PSF is another "prediction" feature put in a microprocessor that could be exploited. Just like Spectre, the feature could be exploited and it could result in a vulnerability in the new processors. Speculative execution has been a part of much bigger problems in CPU microarchitecture design, showing that each design choice has its flaws.

AMD's CPU architects have discovered that the software that relies upon isolation aka "sandboxing", is highly at risk. PSF predictions can sometimes miss, and it is exactly these applications that are at risk. It is reported that a mispredicted dependency between load and store can lead to a vulnerability similar to Spectre v4. So what a solution to it would be? You could simply turn it off and be safe. Phoronix conducted a suite of tests on Linux and concluded that turning the feature off is taking between half a percent to one percent hit, which is very low. You can see more of that testing here, and read AMD's whitepaper describing PSF.


View at TechPowerUp Main Site
 

las

Joined
Nov 14, 2012
Messages
1,533 (0.37/day)
System Name Obsolete / Waiting for Zen 5 or Arrow Lake
Processor i9-9900K @ 5.2 GHz @ 1.35v / No AVX Offset
Motherboard AsRock Z390 Taichi
Cooling Custom Water
Memory 32GB G.Skill @ 4000/CL15
Video Card(s) Gainward RTX 4090 Phantom / Undervolt + OC
Storage Samsung 990 Pro 2TB + WD SN850X 1TB + 64TB NAS/Server
Display(s) 27" 1440p IPS @ 280 Hz + 77" QD-OLED @ 144 Hz VRR
Case Fractal Design Meshify C
Audio Device(s) Asus Essence STX / Upgraded Op-Amps
Power Supply Corsair RM1000x / Native 12VHPWR
Mouse Logitech G Pro Wireless Superlight
Keyboard Corsair K60 Pro / MX Low Profile Speed
Software Windows 10 Pro x64
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
 
Last edited:
Joined
Apr 18, 2013
Messages
1,260 (0.32/day)
Location
Artem S. Tashkinov
Nothing to write home about: https://www.phoronix.com/scan.php?page=article&item=amd-zen3-psf&num=1

perf.png
 
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
Probably AMD copied some optimizations from Intel's book. Let's be honest. No one should be using Intel CPUs based on their security problems, right? Well everyone is using those and no one cares. From the teenager gamer to the highly experienced IT. Spectre, Meltdown? We forgoten those names long ago. So, why AMD try to keep it's CPUs as safe as possible and not offer what everyone wants? Performance.
 
Low quality post by HenrySomeone
Joined
Apr 16, 2019
Messages
632 (0.35/day)
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
AMD just relies on their fanboy base, that will put up with almost anything and usually does the beta testing for them. Makes financial sense if you think about it really - why do something yourself or pay others to do when it'll be done by your deluded fans free of charge... :cool:
 
Joined
May 31, 2016
Messages
4,323 (1.51/day)
Location
Currently Norway
System Name Bro2
Processor Ryzen 5800X
Motherboard Gigabyte X570 Aorus Elite
Cooling Corsair h115i pro rgb
Memory 16GB G.Skill Flare X 3200 CL14 @3800Mhz CL16
Video Card(s) Powercolor 6900 XT Red Devil 1.1v@2400Mhz
Storage M.2 Samsung 970 Evo Plus 500MB/ Samsung 860 Evo 1TB
Display(s) LG 27UD69 UHD / LG 27GN950
Case Fractal Design G
Audio Device(s) Realtec 5.1
Power Supply Seasonic 750W GOLD
Mouse Logitech G402
Keyboard Logitech slim
Software Windows 10 64 bit
AMD just relies on their fanboy base, that will put up with almost anything and usually does the beta testing for them. Makes financial sense if you think about it really - why do something yourself or pay others to do when it'll be done by your deluded fans free of charge... :cool:
Because, if you pay someone to find vulnerabilities you can also tell them not to put it into the public straight away. With tech savvy dudes (not fan boys) who like to do that type of things, they are not being payed anything by the company with the CPU architecture, they just like doing it and I guess they are good at it. The company that pays for the resources to find the exploits or vulnerabilities may also block the publicity of the findings or postpone it in time (exactly what Intel did) to fix it but still there are people, companies that are vulnerable anyway and they don't have any idea about it. Just because a company has a different approach, doesn't mean it's wrong and people who are involved in finding the vulnerabilities in the CPU architecture are not deluded fan boys because they are not being payed by the company that the CPU belongs to that's for sure.
 
Joined
Aug 20, 2007
Messages
20,710 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Joined
Jul 13, 2016
Messages
2,793 (0.99/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
"could be exploited"

Lot of anti-AMD comments for something that doesn't have an exploit yet. Mind you the performance difference is near nothing anyways so it wouldn't mean much to begin with. I'm guessing as usual, the typical suspects rush to the comments without reading.
 
Joined
Nov 7, 2016
Messages
158 (0.06/day)
Processor 5950X
Motherboard Dark Hero
Cooling Custom Loop
Memory Crucial Ballistix 3600MHz CL16
Video Card(s) Gigabyte RTX 3080 Vision
Storage 980 Pro 500GB, 970 Evo Plus 500GB, Crucial MX500 2TB, Crucial MX500 2TB, Samsung 850 Evo 500GB
Display(s) Gigabyte G34WQC
Case Cooler Master C700M
Audio Device(s) Bose
Power Supply AX850
Mouse Razer DeathAdder Chroma
Keyboard MSI GK80
Software W10 Pro
Benchmark Scores CPU-Z Single-Thread: 688 Multi-Thread: 11940
Question: which are the softwares that implement sandboxing? Also, there is no information about how to disable PSF.
 
Last edited:
Joined
Feb 20, 2019
Messages
7,194 (3.86/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Probably AMD copied some optimizations from Intel's book. Let's be honest. No one should be using Intel CPUs based on their security problems, right? Well everyone is using those and no one cares. From the teenager gamer to the highly experienced IT. Spectre, Meltdown? We forgoten those names long ago. So, why AMD try to keep it's CPUs as safe as possible and not offer what everyone wants? Performance.
Spectre did actually hurt us in the datacenter; We tend to plan servers on 3 or 5 year lifespans for budget and ROI reasons. We had a lot of Xeon and very little Epyc and after the first round of updates we jumped from about half capacity to about 70% capacity with a trickle less capacity every time more patches were added. Since those hosts were running VMs with access to financial data and confidential data under NDA it would have been irresponsible to leave hyperthreading on too - so within 6 months of the first patches our half-capacity became almost maxed out and some of these servers had several years left on the clock before being budgeted for replacment.

The only reason things aren't as dire as they could have been is that COVID-19 has reduced the server loads these last 13 months. Under normal circumstances, the loss of performance from applying mitigation steps and patches would have f***ed us over, hard, and expensively.
 
Joined
Jul 13, 2016
Messages
2,793 (0.99/day)
Processor Ryzen 7800X3D
Motherboard ASRock X670E Taichi
Cooling Noctua NH-D15 Chromax
Memory 32GB DDR5 6000 CL30
Video Card(s) MSI RTX 4090 Trio
Storage Too much
Display(s) Acer Predator XB3 27" 240 Hz
Case Thermaltake Core X9
Audio Device(s) Topping DX5, DCA Aeon II
Power Supply Seasonic Prime Titanium 850w
Mouse G305
Keyboard Wooting HE60
VR HMD Valve Index
Software Win 10
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html

Officially Intel has far more vulnerabilities than AMD. Any statement that AMD has more vulnerabilities because many of them have not yet been found is pure speculation. You say "Logic 101" but you are really making an assumption based on assumption. That's not logic.
 
Joined
Apr 19, 2018
Messages
958 (0.44/day)
Processor AMD Ryzen 9 5950X
Motherboard Asus ROG Crosshair VIII Hero WiFi
Cooling Arctic Liquid Freezer II 420
Memory 32Gb G-Skill Trident Z Neo @3806MHz C14
Video Card(s) MSI GeForce RTX2070
Storage Seagate FireCuda 530 1TB
Display(s) Samsung G9 49" Curved Ultrawide
Case Cooler Master Cosmos
Audio Device(s) O2 USB Headphone AMP
Power Supply Corsair HX850i
Mouse Logitech G502
Keyboard Cherry MX
Software Windows 11
And those that say AMD has no security vulnerabilities because they don't pay bug bounties are crazy... Why crazy? Lets see...

1.) ALL CPUs have bugs, and some can be exploited... Shock, horror...
2.) Intel have their own engineers looking at AMD CPUS all day long, looking for some dirt that they can use to create a fake security research company, setup a flashy website with fancy graphics, complete with fancy names for the exploits, and drum up a lynch mob to tank AMD shares. Think it don't happen? yeah right...
3.) Ever heard of ransomware? Maybe there is no money in finding an exploit... yeah...
4.) ALL future CPUs will have bugs, and will be exploited...
 
Joined
Sep 6, 2013
Messages
2,973 (0.77/day)
Location
Athens, Greece
System Name 3 desktop systems: Gaming / Internet / HTPC
Processor Ryzen 5 5500 / Ryzen 5 4600G / FX 6300 (12 years latter got to see how bad Bulldozer is)
Motherboard MSI X470 Gaming Plus Max (1) / MSI X470 Gaming Plus Max (2) / Gigabyte GA-990XA-UD3
Cooling Νoctua U12S / Segotep T4 / Snowman M-T6
Memory 16GB G.Skill RIPJAWS 3600 / 16GB G.Skill Aegis 3200 / 16GB Kingston 2400MHz (DDR3)
Video Card(s) ASRock RX 6600 + GT 710 (PhysX)/ Vega 7 integrated / Radeon RX 580
Storage NVMes, NVMes everywhere / NVMes, more NVMes / Various storage, SATA SSD mostly
Display(s) Philips 43PUS8857/12 UHD TV (120Hz, HDR, FreeSync Premium) ---- 19'' HP monitor + BlitzWolf BW-V5
Case Sharkoon Rebel 12 / Sharkoon Rebel 9 / Xigmatek Midguard
Audio Device(s) onboard
Power Supply Chieftec 850W / Silver Power 400W / Sharkoon 650W
Mouse CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Keyboard CoolerMaster Devastator III Plus / Coolermaster Devastator / Logitech
Software Windows 10 / Windows 10 / Windows 7
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."

AMD had plenty of vulnerabilies, even tho they don't pay people for finding them. Meaning, very few people will spend time trying to find them. Logic 101.

It's sad that AMD does not pay people for finding bugs, when tons of big tech companies do; https://www.guru99.com/bug-bounty-programs.html
Oh....WOW!!!!!

There are so many wrongs in your logic and others already mentioned a few. Intel could be paying not only so it can improve it's CPUs, but also to try to silence people as long as necessary to create hardware fixes for future revisions. Also no one should assume that Intel is not paying for vulnerabilities on Ryzen CPUs. Intel was really hit hard, for a period of time, with all those security holes on it's CPUs monopolizing the news. And while we can't say that they have payed people to create fictional problems on AMD CPUs (do you remember that Israeli firm? ), they probably have payed to find vulnerabilities in a competing product that is eating from their market share. Not to mention that huge companies, like Google, or Amazon, or Microsoft who use AMD's Epyc processors, probably keep looking for vulnerabilities themselves, or pay others to do so. They have plenty of money to spent.

Your logic reminds me of "Linux is as bad in security as Windows, we only don't see security problems on Linux because of it's small market share".
 
Joined
Feb 20, 2019
Messages
7,194 (3.86/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Makes me wonder why it's enabled at all...
Because it's one of 50+ different features that provide fractions of a percent. Together they constitute a meaningful double-digit IPC uplift. Individually, none of them are that significant.
 
Joined
Jan 8, 2017
Messages
8,863 (3.36/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
Probably AMD copied some optimizations from Intel's book. Let's be honest. No one should be using Intel CPUs based on their security problems, right? Well everyone is using those and no one cares. From the teenager gamer to the highly experienced IT. Spectre, Meltdown? We forgoten those names long ago. So, why AMD try to keep it's CPUs as safe as possible and not offer what everyone wants? Performance.

Parallel out-of-order and speculative execution as well as the caching mechanisms will always leave a window open for security issues. They are impossible to get rid of.
 
Joined
Jun 10, 2014
Messages
2,889 (0.81/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
This is the reason why most vulberabilies were found in Intel CPUs; https://www.intel.com/content/www/us/en/security-center/bug-bounty-program.html

Intel actually pays people for finding them. "Intel’s bug bounty awards range from $500 up to $100,000."
There is also Intel's extensive collaboration with research institutions and companies.

Probably AMD copied some optimizations from Intel's book.
Most modern CPU microarchitectures relies on the same research which leads to similar mistakes and assumptions. Blaming Intel for AMD's mistakes, that's a stretch!

Let's be honest. No one should be using Intel CPUs based on their security problems, right? Well everyone is using those and no one cares. From the teenager gamer to the highly experienced IT. Spectre, Meltdown?
All current microarchitectures with speculative execution, regardless if they are based on x86, ARM, Power or MIPS, share the "Spectre class" of vulnerabilities. Some of them may have mitigations in hardware, firmware or the OS level, but to my knowledge none of them has been redesigned to resolve the underlying problem (but they will). But as with any design flaw, you will not get rid of it until you have resolved the underlying issue. So we should expect Intel, AMD, etc. to have a continuous stream of such bugs, until major post-Spectre architectures are complete. Even the upcoming Sapphire Rapids was in development prior to Spectre, so it's going to take a while.

Any company making tech products should take any vulnerability seriously, but it's the risk and consequences which should dictate which customers should take action. The Spectre class bugs (and really Meltdown too) should be considered nearly "theoretical" problems. While you can certainly reproduce them in controlled environments, any successful exploit would still require access to running custom software locally, and usually a lot of time to extract useful information. Many of these known exploits are able to extract privileged data at bytes per second or kB per second, while it's burning your CPU with load for weeks or months to find something valuable. For desktop users, these exploits are pretty much irrelevant; if I'm able to run my program on your machine, then I already have access to everything in your user space, so I probably already own all your files anyway.

The Spectre class of bugs is only really scary for cloud providers, where there is a theoretical possibility that one VM can steal data from another, bypassing all layers of security. But I want to stress, this is practically theoretical, executing a such attack and gaining substantial useful and intact information is going to be hard, especially since data will be moved around by the time someone can dump enough of it. But those who are putting sensitive information or critical systems in the public cloud are pretty "stupid" anyways.

The real impact of Spectre is the cost of mitigations, while it's negligible for most users, it can be significant for very specific server loads or some edge cases.

Meanwhile, as normal desktop users, there are many more serious security issues to worry about, including your crappy router/access point, all the IoT devices you carelessly connect, and keeping your systems up to date and passwords managed.
 

tabascosauz

Moderator
Supporter
Staff member
Joined
Jun 24, 2015
Messages
7,457 (2.33/day)
Location
Western Canada
System Name ab┃ob
Processor 7800X3D┃5800X3D
Motherboard B650E PG-ITX┃B550-I Strix
Cooling PA120+T30┃AXP120x67
Memory 64GB 6000CL30┃32GB 3600CL14
Video Card(s) RTX 4070 Ti Eagle┃RTX A2000
Storage 8TB of SSDs┃1TB SN550
Display(s) 43" QN90B / 32" M32Q / 27" S2721DGF
Case Caselabs S3┃Lone Industries L5
Power Supply Corsair HX1000┃HDPlex
This is the consumer space. Same as any Intel vulnerability - show me a real exploit that leverages this vulnerability in a way that poses an appreciable risk to the normal user, and I'll disable PSF. Otherwise, piss off with the fearmongering.

All this isn't even because of a CVE-assigned vulnerability. All this because of a goddamn whitepaper published by AMD, *speculating* on potential risks. Yeah no shit, it's speculative execution. And now all the trolls come out of the woodwork either defending their double standards for almighty AMD or thinking the tables have turned for their darling Intel.

Holy hell, some of the justifications on here are hokey as shit. Intel pays people to find bugs, but it's unreasonable to impose an NDA that gives them reasonable time to evaluate and solve it, and that constitutes a cover-up? What, did Intel pay dirty money to commission AMD to make this AMD whitepaper too? Jumping jack christ, some of the hypocrisy could be painted bright yellow and illuminated with floodlights and some of you would miss it.

AMD's current recommendation at the bottom of the whitepaper that is the friggin subject of this article: leave it on. So 5000 owners leave it on and go about your day. If this ever changes, and AMD makes a recommendation like Intel did to turn it off, then it would be wise to reconsider.
 
Last edited:
Joined
Aug 20, 2007
Messages
20,710 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
Because it's one of 50+ different features that provide fractions of a percent. Together they constitute a meaningful double-digit IPC uplift. Individually, none of them are that significant.
But they know this one individual feature constitutes a security risk. So I repeat the question.

If I had a dollar for every anti Intel post in the News Forum alone on this site I'd have a new RTX 3080 with money to spare. I've dealt with the AMD fanbois across the internet for well over a decade now and imo they are the scourge of the internet. Any article about Intel or an Intel product posted on the main page of a popular review and/or tech site is usually loaded with AMD fanbois posting underneath said article in the comment section with some of the most ignorant post imaginable.
You do realize you are doing the exact same shit here, right?
 
Joined
Sep 28, 2012
Messages
963 (0.23/day)
System Name Poor Man's PC
Processor AMD Ryzen 5 7500F
Motherboard MSI B650M Mortar WiFi
Cooling ID Cooling SE 206 XT
Memory 32GB GSkill Flare X5 DDR5 6000Mhz
Video Card(s) Sapphire Pulse RX 6800 XT
Storage XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320
Display(s) Mi Gaming Curved 3440x1440 144Hz
Case Cougar MG120-G
Audio Device(s) MPow Air Wireless + Mi Soundbar
Power Supply Enermax Revolution DF 650W Gold
Mouse Logitech MX Anywhere 3
Keyboard Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers
VR HMD Meta Quest 2
Benchmark Scores Who need bench when everything already fast?
Most vulnerabilities have NEVER been seen exploited in the wild. Why? Because they are so difficult to pull off as to render them near impossible. The same goes for Intel's vulnerability lists. CVE lists are not as black and white as you would suggest with your assumptions. Just because a vulnerability exists does NOT make it easily or even generally exploitable. You need to do more research and learn that difference instead of making a blanket statement that has little bearing on reality.

I'll just leave it here, cause I know nothing about Predictive Store Forwarding (PSF) and MS didn't say anything about it so how is that gonna affect my casual activities as commoners :rolleyes:
 

Chloefile

S.T.A.R.S.
Joined
Dec 16, 2012
Messages
10,878 (2.64/day)
Location
Finland
System Name 4K-gaming
Processor AMD Ryzen 7 5800X
Motherboard Gigabyte B550M Aorus Elite
Cooling Custom loop (CPU+GPU, 240 & 120 rads)
Memory 32GB Kingston HyperX Fury @ DDR4-3466
Video Card(s) PowerColor RX 6700 XT Fighter
Storage ~4TB SSD + 6TB HDD
Display(s) Acer 27" 4K120 IPS + Lenovo 32" 4K60 IPS
Case Fractal Design Define Mini C
Audio Device(s) Asus TUF H3 Wireless
Power Supply EVGA Supernova G2 750W
Mouse Logitech MX518 Legendary
Keyboard Roccat Vulcan 121 AIMO
VR HMD Oculus Rift CV1
Software Windows 11 Pro
Benchmark Scores It runs Crysis remastered at 4K
What I'm wondering is that does this affect an average user at all, probably not?
 
Joined
Aug 20, 2007
Messages
20,710 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
What I'm wondering is that does this affect an average user at all, probably not?
As long as generalized workarounds are distributed to most end users assuring the hackers don't try to use these methods by and large, you'll likely never need to really worry.

They are still issues.
 
Joined
Feb 20, 2019
Messages
7,194 (3.86/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
But they know this one individual feature constitutes a security risk. So I repeat the question.
Makes me wonder why it's enabled at all...

Well, presumably when it was originally enabled, it wasn't a known security risk.

Surely that's obvious? Is that really what you're asking?
 
Joined
Jun 10, 2014
Messages
2,889 (0.81/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
What I'm wondering is that does this affect an average user at all, probably not?
The exploit: no, not really
The mitigation: perhaps

As long as generalized workarounds are distributed to most end users assuring the hackers don't try to use these methods by and large
The Spectre class of bugs don't really allow people to hack your computer. They need to execute the attack locally on your computer, so essentially hack it first.
 
Last edited:
Top