AMD releases response to Meltdown and Spectre exploits
AMD releases response to Meltdown and Spectre exploits
Since these exploits were discovered, the industry has worked together to take steps to lessen the impact of recent findings, though note that neither of these exploits have ever been seen/used outside of security labs. Those who discovered these “flaws” are experts within the industry and have a lot of non-public information about modern CPU architectures, making it difficult for others to replicate effectively.Â
AMD has released a detailed response to the issue, highlighting the three known variants of the exploit, showing that variant 2 has never been demonstrated on an AMD processor and that the company’s products are completely immune to variant 3. Only variant 1 is a concern for AMD, though this has been resolved by software/OS updates, which are expected to have a “minimal” performance impact.Â
In another statement, an AMD representative has stated that “we believe there is a near zero risk to AMD processors at this time“, a huge show of confidence for the company. Â
Even Linus Torvalds, the creator of Linux, has shown confidence in AMD by laying out plans to marge an AMD update into Linux that will disable PTI (page table isolation) on AMD processors. This feature is the OS security measure that is designed to prevent variant 3 (Meltdown) from occurring, which AMD claims to be immune to.Â
 Â
   There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats.
It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
– The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
– The described threat has not been seen in the public domain.
When AMD learned that researchers had discovered a new CPU attack targeting the speculative execution functionality used by multiple chip companies’ products, we immediately engaged across the ecosystem to address the teams’ findings.The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details.
 Â
Â
Contrast this with Intel’s response matrix to the same three variants, and we see a very different story, showing Intel to be the worst affected by these exploits. Intel is the only company that has been found to be vulnerable to Meltdown (variant 3), requiring the use of PTI (page table isolation) to secure systems.Â
On information pages regarding both Meltdown and Spectre, it is said that Meltdown has been tested on all Intel processor generations since 2011, with “effectively every processor since 1995″ being affected (with a few exceptions).  Â
Â
   Which systems are affected by Meltdown?
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.Which systems are affected by Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
 Â
While Intel’s statement that processors from “different vendors” are “susceptible” to these “bugs” or “flaws”, we can see that the company is telling a half-truth. Yes, both AMD and ARM are affected by spectre, but Intel has been the only company that has been found to be vulnerable to Meltdown (variant 3), making the problem unique to Intel (at least right now).Â
To make a long story short, AMD’s processors are not as heavily affected by Spectre and Meltdown as Intel, with their immunity to Meltdown making the recent addition of PTI to Linux unnecessary. Page Table Isolation is the feature that many have been associating performance dips with over the past few days, leaving AMD in a much better position than Intel regarding this kerfuffle.
You can join the discussion on AMD’s response to the Meltdown and Spectre exploits on the OC3D Forums.Â