AMD NOT Vulnerable to Lazy FPU Exploit

FrgMstr

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
55,598
We talked you this morning about Intel CPUs and the Lazy FPU exploit. AMD reached out to us and had this to say:


You may be aware of a new security vulnerability being described as ‘Lazy FPU’. Based on our analysis to-date, we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU switching.
 
hmm... something fishy (as always)

"we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU switching." ???

Believe it's a very very lawyer term.. believe and be sure are completely different things.. you can believe something and still be wrong. "we do not believe" it's not the exact way to confirm that they are or not vulnerable to something. same answer before, however patch were still released for their CPUs..
 
Araxie said:
hmm... something fishy (as always)

"we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU switching." ???

Believe it's a very very lawyer term.. believe and be sure are completely different things.. you can believe something and still be wrong. "we do not believe" it's not the exact way to confirm that they are or not vulnerable to something. same answer before, however patch were still released for their CPUs..
Click to expand...

Saying "we are sure" when it comes to security never tends to go over well
 
I mean it could very well be, but I believe a companies internal oversight as much as I do when .gov does it.
 
Araxie said:
hmm... something fishy (as always)

"we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU switching." ???

Believe it's a very very lawyer term.. believe and be sure are completely different things.. you can believe something and still be wrong. "we do not believe" it's not the exact way to confirm that they are or not vulnerable to something. same answer before, however patch were still released for their CPUs..
Click to expand...

Actually, that doesn't sound very "lawyery" at all. It's a simple statement in which their initial testing has not found a way AMD processors can be affected by the exploit but doesn't mean it's absolutely, totally and completely impossible.
 
oh noes...is my 5820k gonna be allright? Security vulnerabilities are always present when you expose a machine to the internet. But I'm likely to go to AMD on my next build.

edit: kudos however to intel to atleast "trying" to plug this. Instead of going "buy our new and sec i9 and no probs processor, and it's almost like the old one without the sec flaws and 500MHz less" remember kids...intel goes 5GHz!
 
Araxie said:
hmm... something fishy (as always)

"we do not believe our products are susceptible to the recent security vulnerability identified around lazy FPU switching." ???

Believe it's a very very lawyer term.. believe and be sure are completely different things.. you can believe something and still be wrong. "we do not believe" it's not the exact way to confirm that they are or not vulnerable to something. [...]
Click to expand...

They are saying based upon the analysis that they have done so far it looks like they are not affected. Not that they are absolutely not affected.

Araxie said:
same answer before, however patch were still released for their CPUs..
Click to expand...

Actually, they did not say they were unaffected by all three vulnerabilities, one of the spectre's they mentioned that it was very improbable to exploit. This is why they released the optional patch.
 
Richard R said:
They are saying based upon the analysis that they have done so far it looks like they are not affected. Not that they are absolutely not affected.



Actually, they did not say they were unaffected by all three vulnerabilities, one of the spectre's they mentioned that it was very improbable to exploit. This is why they released the optional patch.
Click to expand...

Actually, actually, they only grudgingly admitted that it may be affected by one of the vulnerabilities. Their very first response was the same one they gave here.
 
NoOther said:
Actually, actually, they only grudgingly admitted that it may be affected by one of the vulnerabilities. Their very first response was the same one they gave here.
Click to expand...

Have you seen POC code? like the POC code for Intel?
 
thebufenator said:
Have you seen POC code? like the POC code for Intel?
Click to expand...

Yes, and so has AMD. Which is one of the reasons they were forced to amend their statement and why they created patches for it. The reality is, all these attacks are very hard to pull off on any processor.
 
Last edited:
The way that is worded, they could put that statement out - even without ever looking. At any time, their statement could be altered at any subsequent finding! AND - still be a true statement.
 
NoOther said:
Yes, and so has AMD. Which is one of the reasons they were forced to amend their statement and why they created patches for it. The reality is, all these attacks are very hard to pull off on any processor.
Click to expand...

If you have a link to code that exploits an AMD cpu I'd like to see it. I have many generations of hardware here and would love to see what code functions on what hardware with different levels of patches.
 
You must log in or register to reply here.
Back
Top