AMD Starts Issuing Patches For Both Spectre Variants

After initially claiming a “near-zero risk of exploitation” for the second variant of Spectre, AMD admitted that its CPUs are vulnerable to both Spectre variants. However, its CPUs remain unaffected by Meltdown, which only impacts Intel’s CPUs. AMD also started issuing patches for Spectre.

Spectre Variant 1

AMD believes that the first Spectre variant (CVE-2017-5753), which is a bounds check bypass, can be contained with an operating system update. The company said it’s working with Microsoft to deploy the patch and to also resolve an issue with certain older AMD systems that stop booting after receiving the patch.


Linux vendors have also begun rolling out this patch.

Spectre Variant 2

The Spectre variant 2 (CVE-2017-5715) is a branch target injection vulnerability, and it’s also the one AMD first thought wouldn’t affect its CPUs. The company continues to believe that its processor architecture makes it difficult to exploit this flaw. However, AMD will also add some protections in place, which the company will deliver through both microcode and OS updates.

AMD will make microcode updates optional for Ryzen and EPYC customers starting this week. Previous generation CPUs will receive the updates over the coming weeks. The updates will not come directly from AMD, but from system and OS providers, so users will need to check if they’ve received the updates from them.

The company is working with Microsoft on the timing of the patch release for this second variant of Spectre. Linux vendors have already started providing the patch, and AMD is also working closely with them to develop a new software protection called “Retpoline,” which would prevent branch target injection. Retpoline would allow indirect branches to be isolated from speculative execution, a CPU feature meant to improve performance but also the root cause of the Spectre vulnerabilities.

Meltdown

AMD believes that the Meltdown vulnerability (CVE-2017-5754) doesn’t affect its CPUs due to the company’s use of privilege level protections within the paging architecture. That company said that no mitigation will be required for this bug.

GPUs Are Immune

Like Nvidia’s GPUs, AMD’s GPUs are not susceptible to these vulnerabilities because they don’t use speculative execution.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
9 comments
Comment from the forums
    Your comment
  • SteveRNG
    So does this mean everyone will shut the [front door] and stop saying this is an Intel problem, that it's a sign of Intel's greed and admit that maybe the people that develop devices that literally contain billions of elements might not find every possible potential problem?

    Everybody [that matters] is affected; ARM, AMD, and Intel. Perhaps some are affected less than others, but it seems like the constant harping on the 22 year old design imperfection is just a little too bitchy. Yes, the performance loss could be problematic. And the stability problems of the patches are the cause of everyone freaking out and pushing patches ASAP. But the root cause is not a Zionist [or whatever you think] Conspiracy! Find it. Fix it. Adjust your expectations and move on ... please!
  • RedFIveStandingBy
    LIARS!!!!!!!! Defend them all you want they claimed immunity from these bugs to make their competition look worse. Slimey move AMD
  • barryv88
    Anonymous said:
    LIARS!!!!!!!! Defend them all you want they claimed immunity from these bugs to make their competition look worse. Slimey move AMD


    Oh nonsense! They never claimed immunity from any official announcement. The only difference is that AMD CPU's are far less affected and the performance hits are miniature as well. That's pretty much the bottom line!