AMD addresses Spoiler vulnerability: Ryzen users are safe from this one

onetheycallEric

onetheycallEric

Posts: 225   +47
Staff
In context: Researchers continue to find ways to abuse and exploit speculative execution on modern CPUs. The newest vulnerability has been named "Spoiler," and while it'll likely be a thorn in Intel's side for some time to come with no viable solution, AMD's processors are unaffected claims the CPU maker.

Researchers at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, recently discovered another speculative execution vulnerability impacting Intel processors. Dubbed "Spoiler," and like Spectre before it, the flaw preys upon the CPU's speculative execution engine that presciently guesses upcoming computations to boost performance.

As the research paper explains, Spoiler is entirely independent from Spectre, so existing mitigations for Spectre and Meltdown have no effect on the new flaw. Spoiler is a complicated problem, but the paper offers a summary of sorts.

We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes. The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.

The researchers also tested AMD and ARM-based processors, but found that they were not susceptible in the same way Intel's processors are. This makes Spoiler a problem unique to Intel, and it's already found itself reeling after the frenzy that was Spectre and Meltdown. And just like those two flaws, there's no viable software-only mitigation; microarchitecure level changes could help, but it'd come at the cost of performance.

No doubt relieved, AMD has confirmed Spoiler does not impact Ryzen processors.

We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.

While AMD did have to issue some mitigations for Spectre, they seem to have dodged a bullet here. The same can't be said for Intel, unfortunately, who will have to continue to analyze their CPU design at the silicon level for improved security in the future.

Permalink to story.

https://www.techspot.com/news/79234-amd-addresses-spoiler-vulnerability-ryzen-users-safe-one.html

 
  • Like
Reactions: Black Paper
If I were in Enterprise I'd heavily be considering moving to EPYC. Spectre / Meltdown had a far larger impact on servers then desktops and this new exploit won't help. You would think Intel would have at least commissioned a security firm to explore potential additional speculative execution vulnerabilities. It almost seems like Intel would rather use it's customers as minesweepers and then do minimal patching work. The amount of vulnerabilities they are finding is getting out of hand.
 
  • Like
Reactions: Black Paper, JaredTheDragon, Charles Olson and 3 others
Evernessince said:
If I were in Enterprise I'd heavily be considering moving to EPYC. Spectre / Meltdown had a far larger impact on servers then desktops and this new exploit won't help. You would think Intel would have at least commissioned a security firm to explore potential additional speculative execution vulnerabilities. It almost seems like Intel would rather use it's customers as minesweepers and then do minimal patching work. The amount of vulnerabilities they are finding is getting out of hand.
Click to expand...

Unlike desktop users, Enterprise hardware decisions are not made so easily. You don't just move to another platform overnight. It's expensive and the support, software, optimizations and performance may just not be there yet. And what if this vulnerability isn't worth switching for or Intel does have a fix for this coming and it is still their desired platform? Well then you just spent a lot of time and money for nothing.

There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
 
Last edited:
hahahanoobs said:
There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
Click to expand...

I often find at my work the new guys who can't explain the topic well in fact don't know it well. If you are going to call someone out on something you should at least be able to explain the subject matter. A dash of assumption and snark seem to be the limit of your wits in this case.

hahahanoobs said:
Unlike desktop users, Enterprise hardware decisions are not made so easily. You don't just move to another platform overnight. It's expensive and the optimizations and performance just aren't there yet. And what if Intel does have a fix for this coming and it is still their desired platform? Well then you just spent a lot of time and money for nothing.

There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
Click to expand...

Changes to architectures don't come easy either like you seem to suggest. Exploiting speculative execution is no longer anything new and Intel doesn't even have a processor on it's roadmap that fully protects against all these exploits. They don't even have spectre and meltdown protections until Cascade lake let alone other vulnerabilities.

And mind you I never suggested they move immediately like your oft hyperbolic comment seems to suggest. If you took the time to read my post I specifically stated that they should heavily consider it. I shouldn't have to say that "heavily consider" is not the same as "overnight" as you stated.

You know what's also expensive? Buying all new Cascade lake processors and the required motherboards to prevent spectre and meltdown and then in another 2 years buying all new processors again when Intel finally fixes the newer speculative execution exploits that were discovered near the end of 2018 til now (and likely more later TBH). Or you can just slowly rollout EPIC platforms, which on average cost anywhere from 33% - 48% less then a similar performing Intel platform. The cost to stay on vulnerable platforms could be zero or it could be your company's data or the data of your customers. That's not a choice most companies want to face.

Of course there are a ton of variables to account for when purchasing hardware for company wide use. The above are just factors laid out that every enterprise will be considering. Speculative execution exploits are a problem and there is no fix yet in sight for Intel.
 
Last edited:
  • Like
Reactions: Black Paper, JaredTheDragon, Godel and 4 others
Evernessince said:
hahahanoobs said:
There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
Click to expand...

I often find at my work the new guys who can't explain the topic well in fact don't know it well. If you are going to call someone out on something you should at least be able to explain the subject matter. A dash of assumption and snark seem to be the limit of your wits in this case.

hahahanoobs said:
Unlike desktop users, Enterprise hardware decisions are not made so easily. You don't just move to another platform overnight. It's expensive and the optimizations and performance just aren't there yet. And what if Intel does have a fix for this coming and it is still their desired platform? Well then you just spent a lot of time and money for nothing.

There are articles out there that will explain this much better than I, but I strongly suggest you read them before trying to play CEO for multi-billion dollar companies...
Click to expand...

Changes to architectures don't come easy either like you seem to suggest. Exploiting speculative execution is no longer anything new and Intel doesn't even have a processor on it's roadmap that fully protects against all these exploits. They don't even have spectre and meltdown protections until Cascade lake let alone of other vulnerabilities.

And mind you I never suggested they move immediately like your oft hyperbolic comment seems to suggest. If you took the time to read my post I specifically stated that they should heavily consider it. I shouldn't have to say that "heavily consider" is not the same as "overnight" as you stated.

You know what's also expensive? Buying all new Cascade lake processors and the required motherboards to prevent spectre and meltdown and then in another 2 years buying all new processors again when Intel finally fixes the newer speculative execution exploits that were discovered near the end of 2018 til now (and likely more later TBH). Or you can just slowly rollout EPIC platforms, which on average cost anywhere from 33% - 48% less then a similar performing Intel platform. The cost to stay on vulnerable platforms could be zero or it could be your company's data or the data of your customers. That's not a choice most companies want to face.

Of course there are a ton of variables to account for when purchasing hardware for company wide use. The above are just factors laid out that every enterprise will be considering. Speculative execution exploits are a problem and there is no fix yet in sight for Intel.
Click to expand...

HERE HERE! Well said
 
Performances at the expense of security... Intel is in deep trouble. They need to redesign a big part of their uarch if they want to patch these hardware issues.

- At that point industries have the choice of buying new Intel products, which are more expensive, on a weaker node and still subject to Spoiler/Meltdown/Spectre...

- Or they keep switching to AMD EPYC in bigger volume than initially planned.

Many of the bigger companies are having an initial set of EPYC servers already, it will be even easier to transit from Intel to AMD at this point. Let's not forget that Rome is also looking like the better choice here... and probably offering better value to.

AMD is having serve on a golden plate. I am not sure Intel will be able to dodge this one.
 
  • Like
Reactions: Black Paper and Charles Olson
Intel nor the tech media still does not benchmark it's silicon with Meltdown, Spectre or Foreshadow vulnerability patches installed. The tech media must never show Intel in a bad light and now there is spoiler!

It's amazing how the media just brushes Intel flaws under the rug.
 
  • Like
Reactions: wizardB
redgarl said:
Performances at the expense of security... Intel is in deep trouble. They need to redesign a big part of their uarch if they want to patch these hardware issues.

- At that point industries have the choice of buying new Intel products, which are more expensive, on a weaker node and still subject to Spoiler/Meltdown/Spectre...

- Or they keep switching to AMD EPYC in bigger volume than initially planned.

Many of the bigger companies are having an initial set of EPYC servers already, it will be even easier to transit from Intel to AMD at this point. Let's not forget that Rome is also looking like the better choice here... and probably offering better value to.

AMD is having serve on a golden plate. I am not sure Intel will be able to dodge this one.
Click to expand...

Intel will dodge this because the tech media is not outraged nor calling them to task. There are no words even in this little puff piece that asks the really big question.

Hey Intel WTF???
 
  • Like
Reactions: Black Paper and wizardB
The INTC stock price seemed totally unaffected by SPOILER announce.
Either shareholders do not understand the point or they just believe Intel's generic PR bullshit.
 
akamateau said:
Intel nor the tech media still does not benchmark it's silicon with Meltdown, Spectre or Foreshadow vulnerability patches installed. The tech media must never show Intel in a bad light and now there is spoiler!

It's amazing how the media just brushes Intel flaws under the rug.
Click to expand...
Most of the changes don't really effect the average user; largely either HEDT or server chips like Xeon/ThreadRipper/Epyc. Phoronix is the only place I've seen that includes pre and post spectre/meltdown patches and the patches heavily hinder INTEL chips in Linux 4.20.
 
Black Paper said:
Most of the changes don't really effect the average user; largely either HEDT or server chips like Xeon/ThreadRipper/Epyc. Phoronix is the only place I've seen that includes pre and post spectre/meltdown patches and the patches heavily hinder INTEL chips in Linux 4.20.
Click to expand...


And who's word do we have regarding that? Who is the average user? There is no such thing as an average user as this silicon is used in really big tin with ten's of thousand's of clients.

The average user? More Intel BS.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
271
Dreadcthulhu
D
Shawn Knight
AMD readies Ryzen 5000XT series CPUs, further prolonging socket AM4
Replies
8
Views
172
TheBigFatClown
T
midian182
"Zenbleed" vulnerability puts AMD Ryzen users at risk of data theft
Replies
20
Views
793
lostinlodos
L

Latest posts

Back