- Nov 22, 2008
lets be clear amd is labeled insecure at this time but the issue does not affect them and has a work around that is waiting to be merged into the kernel.
"AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>"
And that translated for the layman by the Register helps make it more clear at least for me.
It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.
That would allow ring-3-level user code to read ring-0-level kernel data. And that is not good.
It reads like Intel is doing an awful lot of speed cheating with their speculative code execution at everyone's cost. smh