AMD CPUs are vulnerable to a severe new side-channel attack

Evernessince said:
Facts, you can't beat them:

AMD : Security vulnerabilities, CVEs

Security vulnerabilities related to AMD : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com

Intel : Security vulnerabilities, CVEs

Security vulnerabilities related to Intel : List of vulnerabilities affecting any product of this vendor
www.cvedetails.com

Now why would I retract a true statement?
Click to expand...

Don't know. You can however retract your erroneous statement.

https://www.amd.com/en/corporate/product-security
 
"Severe"? That's a mighty clickbait-y title there. And inaccurate as well. The description in the article is also inaccurate.

The lead researcher had explained that what was leaked was *metadata* of memory access. As in, who accessed where. But the actual data within the memory accesses was not leaked. The researcher even compared this to other Intel vulnerabilities: "a bit of metadata" (the AMD situation) vs "a whole lot of data" (the Intel situation).

Also, the article didn't sufficiently highlight that the researchers had to use a kernel without Spectre+Meltdown mitigation, because they couldn't exploit the vulnerability otherwise. In other words: Use a kernel patched for Spectre+Meltdown (any recent kernel released in the past 9 months will do), and you'll be safe from this attack.

All in all: Tempest in a Teacup. Just some researchers *finally* finding a way to leak some privileged info -- and not actual all-important data -- from AMD CPUs... given some specific and outdated situation.
 
  • Like
Reactions: JimboJoneson and wiyosaya
pepoluan said:
"Severe"? That's a mighty clickbait-y title there. And inaccurate as well. The description in the article is also inaccurate.

The lead researcher had explained that what was leaked was *metadata* of memory access. As in, who accessed where. But the actual data within the memory accesses was not leaked. The researcher even compared this to other Intel vulnerabilities: "a bit of metadata" (the AMD situation) vs "a whole lot of data" (the Intel situation).

Also, the article didn't sufficiently highlight that the researchers had to use a kernel without Spectre+Meltdown mitigation, because they couldn't exploit the vulnerability otherwise. In other words: Use a kernel patched for Spectre+Meltdown (any recent kernel released in the past 9 months will do), and you'll be safe from this attack.

All in all: Tempest in a Teacup. Just some researchers *finally* finding a way to leak some privileged info -- and not actual all-important data -- from AMD CPUs... given some specific and outdated situation.
Click to expand...

Yeah I noticed that too ... no one else is claiming this as "severe" ... just an observation.
 
Irata said:
Afaik Meltdown does not affect AMD and neither does Zombieload. Some Spectre variants do affect AMD but to a lesser degree than Intel.

This is due to different design decisions wrt speed vs security.

I am not under the illusion that AMD‘s CPU are immune against all security vulnerabilities but there is a considerable difference between them and Intel.

If you were a Ford owner in the 70s you could have rightfully pointed out that all cars can potentially burn, but that did not negate the fact that the Pinto was much more likely to burst into flames due to Ford cutting corners in its design.
Click to expand...
True. That was the true cutting corner. In the quest for performance to beat their competitor, Intel let unprivilege access to features, to exactly cut their competitor right in the corner. Hence, spectre and meltdown only mostly impact Intel core proc.
 
Shadowboxer said:
This hugely embarrassing for AMD. All CPUs have multiple vulnerabilities (yes even Ryzen). The more we become aware of the more secure that CPU becomes. But this is embarrassing as Intel found AMDs vulnerability for them.

It’s been apparent for some time that AMD seem to be uninterested in funding research into finding vulnerabilities in their own hardware. Possibly motivated in part by the fact that the tech community are *****s and for some reason condemn Intel for performing the same research on their own parts. Everyone loves to jump on the hate bandwagon whenever Intel announce they have discovered a new hole in the hardware. But really this is no different to an aircraft manufacturer performing crash testing.

This means that Intel are plugging their security holes and allows software producers to mitigate threats aswell. AMD however is not fixing their vulnerabilities because they simply don’t know what they are. This news should be prompting the community to ask why AMD didn’t find this vulnerability and as to why AMD are currently offering no incentive to anyone to hunt for vulnerabilities. And that AMD owe Intel thanks for highlighting this, its not in Intel’s commercial interest to highlight this to AMD however it is in the community’s general interest in security.

And to the community members who live in the delusional fantasy world where Intel is evil and AMD is a good you should be thanking Intel for allowing AMD to take steps to make their CPUs more secure. However, I have no doubt the low intelligence of these people will lead them to believe this is a “smear” campaign against their beloved AMD.

Of course, this vulnerability like the many Intel vulnerabilities discovered over the last few years are purely theoretical and not worth worrying about at all for single home users.
Click to expand...

Bump!

As predicted, this important news achieved the narrative INTEL BAD. AMD GOD.
Lmao, Lisa Su merrily continues to participate in her INside stock trading.
 
  • Like
Reactions: Shadowboxer
pepoluan said:
The lead researcher had explained that what was leaked was *metadata* of memory access. As in, who accessed where. But the actual data within the memory accesses was not leaked. The researcher even compared this to other Intel vulnerabilities: "a bit of metadata" ...
Click to expand...

Sorry bud you can't have it both ways, a leak is a leak is a leak. AMD is weak and provably has leaks!
 
Currently as it stands we have more faith in Intel to uncover vulnerabilities in AMD CPUs than we do AMD.

That’s embarrassing for AMD, no matter how you slice it.

But it isn’t helped by the community condemning manufactures for doing the research. Intel have announced a lot of vulnerabilities recently that they paid to find. And there are *****s in the community who genuinely and very vocally condemn this. It’s like condemning your bank for testing ways it can be hacked. (Ironically, your bank probably uses Intel CPUs!)

Never underestimate the stupidity of people on the internet...
 
  • Like
Reactions: CharmsD
Shadowboxer said:
Currently as it stands we have more faith in Intel to uncover vulnerabilities in AMD CPUs than we do AMD.

That’s embarrassing for AMD, no matter how you slice it.

But it isn’t helped by the community condemning manufactures for doing the research. Intel have announced a lot of vulnerabilities recently that they paid to find. And there are *****s in the community who genuinely and very vocally condemn this. It’s like condemning your bank for testing ways it can be hacked. (Ironically, your bank probably uses Intel CPUs!)

Never underestimate the stupidity of people on the internet...
Click to expand...

How could we, Twitter is always on the go! Take this speculative injection "Meltdown does not affect AMD and neither does Zombieload, Spectre variants do affect AMD but to a lesser degree than Intel", for example.

[EDIT - Twitter link removed]
 
Last edited:
  • Like
Reactions: Shadowboxer
CharmsD said:
Sorry bud you can't have it both ways, a leak is a leak is a leak. AMD is weak and provably has leaks!
Click to expand...
Don't take my word for that. Refer to the researchers own tweet instead:
https://twitter.com/i/web/status/1236218121704239104

@gnyueh asked: "Is this vulnerability as severe as Meltdown or Zombieload?"

@lavados (the lead researcher) responded: "Certainly not. The attacks leak a few bit of meta-data. Meltdown and Zombieload leak tons of actual data."

I'm fairly certain that neither you nor Techspot understand the issue better than the researchers.
 
  • Like
Reactions: Irata
TheGiantRat said:
And this is an Intel funded article. Funny. I can have that much of physical access to a server. I don't need this so-called "security flaw." A few bit of meta-data? How much of meta-data is needed to reconstruct an entire database schemas? and even with an entire database schemas, it is useless unless you have another backdoor to take use. And if there is a backdoor, you don't even need this "flaw" to start attacking. Just what the heck is Intel is doing? Downplaying competitor by spending millions to make up something that doesn't exist? So desperate.
Click to expand...

you are reading what agrees with you. Intel founded research into their CPUs too. But you don't like that, do you. All you get from this is that intel founded research into AMD cpus, and ignoring that the same people did intel before this too.
This has been repeated here in comments many times. Feel free (you, and others) to continue ignoring the whole story, and just cherry pick parts you like.

PS. Like many said before over the years (now) all these exploits require physical access to a PC. So they are not something anyone should be bothered about anyway, unless you run a datacenter where people come and go all the time (which is a security flaw in it self)
 
  • Like
Reactions: CharmsD
You must log in or register to reply here.

Similar threads

Shawn Knight
AMD readies Ryzen 5000XT series CPUs, further prolonging socket AM4
Replies
8
Views
167
TheBigFatClown
T
Jimmy2x
New MSI firmware could mean lower temperatures for multiple Intel CPUs and motherboards
Replies
5
Views
253
bviktor
B
E
Crypto miners are buying up all the AMD Ryzen CPUs
2
Replies
35
Views
625
Karlos95
Karlos95

Latest posts

Back