1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

AMD addresses Spoiler vulnerability: Ryzen users are safe from this one

By onetheycallEric · 10 replies
Mar 17, 2019
Post New Reply
  1. Researchers at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, recently discovered another speculative execution vulnerability impacting Intel processors. Dubbed "Spoiler," and like Spectre before it, the flaw preys upon the CPU's speculative execution engine that presciently guesses upcoming computations to boost performance.

    As the research paper explains, Spoiler is entirely independent from Spectre, so existing mitigations for Spectre and Meltdown have no effect on the new flaw. Spoiler is a complicated problem, but the paper offers a summary of sorts.

    We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes. The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.

    The researchers also tested AMD and ARM-based processors, but found that they were not susceptible in the same way Intel's processors are. This makes Spoiler a problem unique to Intel, and it's already found itself reeling after the frenzy that was Spectre and Meltdown. And just like those two flaws, there's no viable software-only mitigation; microarchitecure level changes could help, but it'd come at the cost of performance.

    No doubt relieved, AMD has confirmed Spoiler does not impact Ryzen processors.

    We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.

    While AMD did have to issue some mitigations for Spectre, they seem to have dodged a bullet here. The same can't be said for Intel, unfortunately, who will have to continue to analyze their CPU design at the silicon level for improved security in the future.

    Permalink to story.

     
    Black Paper likes this.
  2. Evernessince

    Evernessince TS Evangelist Posts: 3,991   +3,477

    If I were in Enterprise I'd heavily be considering moving to EPYC. Spectre / Meltdown had a far larger impact on servers then desktops and this new exploit won't help. You would think Intel would have at least commissioned a security firm to explore potential additional speculative execution vulnerabilities. It almost seems like Intel would rather use it's customers as minesweepers and then do minimal patching work. The amount of vulnerabilities they are finding is getting out of hand.
     
  3. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,540   +918

    Unlike desktop users, Enterprise hardware decisions are not made so easily. You don't just move to another platform overnight. It's expensive and the support, software, optimizations and performance may just not be there yet. And what if this vulnerability isn't worth switching for or Intel does have a fix for this coming and it is still their desired platform? Well then you just spent a lot of time and money for nothing.

    There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
     
    Last edited: Mar 18, 2019
  4. Evernessince

    Evernessince TS Evangelist Posts: 3,991   +3,477

    I often find at my work the new guys who can't explain the topic well in fact don't know it well. If you are going to call someone out on something you should at least be able to explain the subject matter. A dash of assumption and snark seem to be the limit of your wits in this case.

    Changes to architectures don't come easy either like you seem to suggest. Exploiting speculative execution is no longer anything new and Intel doesn't even have a processor on it's roadmap that fully protects against all these exploits. They don't even have spectre and meltdown protections until Cascade lake let alone other vulnerabilities.

    And mind you I never suggested they move immediately like your oft hyperbolic comment seems to suggest. If you took the time to read my post I specifically stated that they should heavily consider it. I shouldn't have to say that "heavily consider" is not the same as "overnight" as you stated.

    You know what's also expensive? Buying all new Cascade lake processors and the required motherboards to prevent spectre and meltdown and then in another 2 years buying all new processors again when Intel finally fixes the newer speculative execution exploits that were discovered near the end of 2018 til now (and likely more later TBH). Or you can just slowly rollout EPIC platforms, which on average cost anywhere from 33% - 48% less then a similar performing Intel platform. The cost to stay on vulnerable platforms could be zero or it could be your company's data or the data of your customers. That's not a choice most companies want to face.

    Of course there are a ton of variables to account for when purchasing hardware for company wide use. The above are just factors laid out that every enterprise will be considering. Speculative execution exploits are a problem and there is no fix yet in sight for Intel.
     
    Last edited: Mar 18, 2019
  5. JakeAndrew77

    JakeAndrew77 TS Member

    HERE HERE! Well said
     
  6. redgarl

    redgarl TS Enthusiast Posts: 53   +55

    Performances at the expense of security... Intel is in deep trouble. They need to redesign a big part of their uarch if they want to patch these hardware issues.

    - At that point industries have the choice of buying new Intel products, which are more expensive, on a weaker node and still subject to Spoiler/Meltdown/Spectre...

    - Or they keep switching to AMD EPYC in bigger volume than initially planned.

    Many of the bigger companies are having an initial set of EPYC servers already, it will be even easier to transit from Intel to AMD at this point. Let's not forget that Rome is also looking like the better choice here... and probably offering better value to.

    AMD is having serve on a golden plate. I am not sure Intel will be able to dodge this one.
     
    Black Paper and Charles Olson like this.
  7. akamateau

    akamateau TS Member Posts: 21   +17

    Intel nor the tech media still does not benchmark it's silicon with Meltdown, Spectre or Foreshadow vulnerability patches installed. The tech media must never show Intel in a bad light and now there is spoiler!

    It's amazing how the media just brushes Intel flaws under the rug.
     
    wizardB likes this.
  8. akamateau

    akamateau TS Member Posts: 21   +17

    Intel will dodge this because the tech media is not outraged nor calling them to task. There are no words even in this little puff piece that asks the really big question.

    Hey Intel WTF???
     
    Black Paper and wizardB like this.
  9. colemar

    colemar TS Rookie

    The INTC stock price seemed totally unaffected by SPOILER announce.
    Either shareholders do not understand the point or they just believe Intel's generic PR bullshit.
     
  10. Black Paper

    Black Paper TS Member Posts: 16   +10

    Most of the changes don't really effect the average user; largely either HEDT or server chips like Xeon/ThreadRipper/Epyc. Phoronix is the only place I've seen that includes pre and post spectre/meltdown patches and the patches heavily hinder INTEL chips in Linux 4.20.
     
  11. akamateau

    akamateau TS Member Posts: 21   +17


    And who's word do we have regarding that? Who is the average user? There is no such thing as an average user as this silicon is used in really big tin with ten's of thousand's of clients.

    The average user? More Intel BS.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...