A Reminder from AMD: Our Processors Aren't Affected by New "SPOILER" Vulnerability

Discussion in 'HardForum Tech News' started by Megalith, Mar 17, 2019.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    AMD has published a support article confirming its chips should be immune to “SPOILER,” a new CPU vulnerability outlined by computer scientists at Worcester Polytechnic Institute and the University of Lübeck. As explained in their paper, SPOILER takes advantage of "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem.” This makes it easier for memory attacks such as “Rowhammer” to be carried out, but evidently, only Intel users need worry.

    We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.
     
  2. kilroy67

    kilroy67 Gawd

    Messages:
    674
    Joined:
    Oct 16, 2006
    Intel chips, the gift that keeps on giving.
     
  3. JosiahBradley

    JosiahBradley [H]ard|Gawd

    Messages:
    1,724
    Joined:
    Mar 19, 2006
    I'd love to see an IPC comparison clock for clock of the latest Ryzen and Intel chips after patching for all these new bugs.
     
  4. freeloader1969

    freeloader1969 2[H]4U

    Messages:
    2,241
    Joined:
    Dec 13, 2003
    LOL...I wonder if Intel has implemented any fixes for this and other security flaws in their "new" Comet Lake CPU?
     
  5. THRESHIN

    THRESHIN 2[H]4U

    Messages:
    2,951
    Joined:
    Sep 29, 2002
    Thanks AMD. Stop making me want to replace me insecure skylake with a ryzen :p
     
    Krenum and jmilcher like this.
  6. Mode13

    Mode13 Limp Gawd

    Messages:
    485
    Joined:
    Jun 11, 2018
    Ack, they said "should". Therefore, it's still possible! Therefore [Insert mode13 intel shill speech]

    mwahahahaha, now where is my check?
     
    Darth Kyrie likes this.
  7. Skull_Angel

    Skull_Angel [H]ard|Gawd

    Messages:
    1,477
    Joined:
    May 31, 2010
    From what I've read into, nope, no hardware fixes.
     
    freeloader1969 likes this.
  8. kilroy67

    kilroy67 Gawd

    Messages:
    674
    Joined:
    Oct 16, 2006
    And difficult to do software mitigations, nothing will completely get rid of the vulnerability.
     
    Skull_Angel likes this.
  9. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    21,238
    Joined:
    Sep 13, 2008
    i believe the hardware fixes won't be til 10nm or 7nm processors which ever they go with in 2020'ish. comet lake will be yet another refresh.
     
    freeloader1969 likes this.
  10. mjz_5

    mjz_5 2[H]4U

    Messages:
    3,594
    Joined:
    May 24, 2001
    Intel will need to sell you a new chipset excuse or some bullcrap to fix the issues
     
    Stimpy88, jmilcher and Darth Kyrie like this.
  11. DukenukemX

    DukenukemX [H]ardness Supreme

    Messages:
    4,390
    Joined:
    Jan 30, 2005
    That's great and all but does it effect performance for Intel users? Can it be patched and fixed? So far there's a lot of vulnerabilities being exposed but it hasn't hurt Intel's sales one bit. Especially for gaming where we're concerned about.
     
  12. NWRMidnight

    NWRMidnight Limp Gawd

    Messages:
    269
    Joined:
    Oct 23, 2010
    That is only because most people are naive, don't know about the vulnerabilities, or simply don't care, which will bite them in the ass sooner or later.

    It's like having sex without protection. Some get lucky. Some end up having to pay support for 18 to 24 years, some end up with a disease that sticks with them for the rest of their life, and others get a mix of it all.

    With all the Intel vulnerabilities, most people are just playing the odds that nothing will happen to them... Some will lose.
     
    blandead, N4CR, Witchdoctor and 3 others like this.
  13. STEM

    STEM Gawd

    Messages:
    561
    Joined:
    Jun 7, 2007
    Intel is a lot like Apple when it comes to brand loyalty. I recently consulted for a small company that was looking to upgrade their servers and came up with an AMD EPYC box that would have effectively replaced their entire rack. I told them that there is enough left in the budget to build an identical box as a failover, and we can create a fast storage server, and a backup server. Or just the one EPYC server and a backup server. Well, they didn't want to virtualize all their antiquated Intel boxes, but more importantly, they said that, and I paraphrase: "our entire marketing strategy and reputation is built on selling our customers the same hardware that we use [...] Intel, Cisco and Microsoft are integral to our growth strategy [...]". At the end I walked out of there thinking that those poor shmucks can't afford Intel and Cisco, come to think of it, they can barely afford Microsoft. Needless to say a month later I heard that they ordered four low-end Intel servers from Dell.
     
    N4CR likes this.
  14. Paul_Johnson

    Paul_Johnson [H] Admin Staff Member

    Messages:
    15,600
    Joined:
    Aug 29, 2004
    No one ever got fired for buying IBM......or Intel. If this is your field, you should know this.
     
    Wierdo and STEM like this.
  15. c3k

    c3k 2[H]4U

    Messages:
    2,094
    Joined:
    Sep 8, 2007
    My 4790k is shaking in its socket...
     
  16. Darth Kyrie

    Darth Kyrie n00b

    Messages:
    49
    Joined:
    Jan 3, 2018
    Are you saying that Intel CPUs are like herpes?
     
    N4CR, GHRTW, kilroy67 and 2 others like this.
  17. STEM

    STEM Gawd

    Messages:
    561
    Joined:
    Jun 7, 2007
    Oh no worries, I sell Intel-based systems mostly. These guys wanted to save money, not because they were stingy, but because they are poor. Still, even the poor prefer Intel over AMD. Brand recognition goes a long way. And trust, people trust Intel, no matter how many security issues come up, no matter how many screwups.

    I'm typing this from my trusty AMD Threadripper 1950X workstation.
     
    Wierdo, c3k and Darth Kyrie like this.
  18. Skull_Angel

    Skull_Angel [H]ard|Gawd

    Messages:
    1,477
    Joined:
    May 31, 2010
    I get something similar to this when I recommend new AMD builds to gaming buddies that are on a tight budgets. Could have saved the money, went for more RAM, and/or a new (needed) mouse, and have 2 more physical cores, but "It's not Intel though"; probably won't overclock either... :shifty:
     
    N4CR, Darth Kyrie, GHRTW and 3 others like this.
  19. MV75

    MV75 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Nov 13, 2007
    Our processor doesn't do this, it doesn't do that...

    Well when you have a processor that does nothing, then nothing can happen to it.
     
  20. mjz_5

    mjz_5 2[H]4U

    Messages:
    3,594
    Joined:
    May 24, 2001
    Really? I'm amazed that people can't understand why AMD CPUs are great
     
    Nukester likes this.
  21. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,296
    Joined:
    Nov 16, 2007
    Sadly I think there must be an exploit that is amd specific - are those who find these things even looking given the installed base?

    I'll start by saying I am not big with FPS type games anymore. Nothing against them, just more of a RPG kind of gamer. Though if Anthem is ever properly debugged I may check it out.

    Specs below. I play every game at 4k full/max quality and get a good gaming experience with my system.

    I run into fellow gamers at work, who I know are tighter on money then myself who prefer to go broke on Intel, bitch about not having enough ram and storage for all there games, yet are die hard Intel boys all the way.

    I've had both Intel and amd systems. My laptop is Intel. It is a nice system.

    I really don't get why people get so stuck on brands. Except mayonnaise, of course, that has to be Best Foods brand.
     
    Last edited: Mar 18, 2019
  22. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,443
    Joined:
    Jul 11, 2005
    Got my r5 2600, very happy with it!
     
  23. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,386
    Joined:
    Apr 5, 2001
    You'd think someone (Intel) would throw money at some R&D firm to find some AMD specific exploits. I'm sure there are some.
     
  24. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,296
    Joined:
    Nov 16, 2007
    It does seem like a very Intel thing to do (well corporate America thing to do) --- I wonder though, would it lead to a bigger Intel flaw coming to light? If Intel has more to hide maybe they don't want to get into a Tit for Tat kind of fight.

    All speculation of course as I don't know much about the inner workings of either.

    Makes me really think about Intel jumping into the high end GPU market.... How is all of this related in the big picture.... GPUs are the new CPU, right? We will all end up with custom ARM CPUs in our system with the number of cores etc we want with a quantum-gpu that does all the heavy lifting for graphics, ai, physics, etc.

    All new set of hardware vulnerabilities.
     
  25. STEM

    STEM Gawd

    Messages:
    561
    Joined:
    Jun 7, 2007
    That's not how it works. You can't just make up exploits as you please. Keep in mind that all of Intel's security flaws are in the parts of the CPU that affect performance directly. Just like Spectre is a conceptual error and some variant or variants affected both ARM-based CPUs and AMD (though not as severely as Intel), well, Intel has the most Spectre vulnerabilities of them all. What does that tell you?

    It tells me that Intel's in-silicon security flaws are the result of them cutting corners to increase performance without having to put too much effort into it. Unlike AMD who is putting considerable effort into their Zen architecture by redesigning it and making it more modular with a central I/O die on each CPU to cut internal latencies to increase IPC and overall performance, Intel decided to remove some steps that would have ensured security. The shitty part of this is the fact that Spoiler might not even be fixable with a software patch. If this gets out of hand and Intel hits a wall with microcode updates and software patches, sooner or later it will catch up to them, and they will either be forced to do a massive recall or pay out some money. Either way, they screwed up on a colossal scale. I wonder if they thought that greed pays...
     
    Skull_Angel and iNViSiGOD like this.
  26. Megaslug

    Megaslug Limp Gawd

    Messages:
    173
    Joined:
    Jul 30, 2015
    Easy - we've been burned before. You know, maybe the current AMD processors really are that good. But way back when, I bough tin to the "XP +" hype from AMD and built an AMD system. Probably my shortest lived desktop. I even went ATI instead of nVidia for the video card - and with Linux and also a Windows-based 3D CAD program I used, the Pentium 3 system with whatever card was common for those, can't exactly recall which model I had, blew it away. That was the first and last ATI/AMD video card I bought. And the last AMD CPU I bought until somewhere around 2007 when I build a machine to run WHS. I was looking strictly at power for that machine, the AMD CPU was nicely low powered but also extremely poor performing, but for this application it didn't matter much, outside of the initial OS installation. Maybe the current stuff is MUCH better. But I've NEVER had issues using Intel and nVidia and I see no reason why I should gamble now. Certain not to build a fairly expensive primary desktop. I'm more willing to try AMD where it doesn't matter so much and something like low cost is the primary objective, but for a main system - not going to gamble when I have a known quantity on one hand and an unknown that has proven to be a past disappointment.
    And these security vulnerabilities are being blown WAY out of proportion. Yes, you can gain access to privileged level memory, but actually extracting that data to do anything meaningful has yet to be proven outside of some proof of concept demonstrations running on the physical machine itself. Now, if you are int he habit of allowing unknown people to waltz into your data center, and/or run your servers in unprotected vlans accessible from random conference room ethernet ports, well, you pretty much deserve what you get. There's no point in enhanced cyber security if there is no physical security.
     
  27. STEM

    STEM Gawd

    Messages:
    561
    Joined:
    Jun 7, 2007
    Wow, cognitive dissonance at its finest.
     
    iNViSiGOD and Darth Kyrie like this.
  28. Spire3660

    Spire3660 [H]ard|Gawd

    Messages:
    1,030
    Joined:
    Jan 5, 2005
    Those of us who build things can only choke down so much market positioning.
     
    Darth Kyrie likes this.
  29. Stanley Pain

    Stanley Pain 2[H]4U

    Messages:
    2,386
    Joined:
    Apr 5, 2001
    That's not how what works?

    People are paid to research things all the time. I'm honestly surprised that AMD hasn't been bit as badly as Intel. Kudos to them for obviously doing things "the right way" (at least as far as we know currently). My comment was a bit of sarcasm too. To clarify I'm sure some money HAS been thrown at finding vulns in AMD CPUs.
     
  30. Wolf-R1

    Wolf-R1 [H]ard|Gawd

    Messages:
    2,007
    Joined:
    Aug 30, 2004
    I've been wondering the same thing. AMD keeps getting closer and closer.
     
  31. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,954
    Joined:
    Mar 31, 2001
    When are AMD processors coming to "workstation" lines at any of the big 3 OEMS? I'm talking single/dual socket options with ecc reg as standard.

    Also looking for thinkpad T series with Ryzen & can't find anything. Personally? I can't wait for my box to be Ryzen. Work however won't look at anything that isn't a workstation from one of the big 3 OEMS (Dell/HP/Lenovo)
     
  32. STEM

    STEM Gawd

    Messages:
    561
    Joined:
    Jun 7, 2007
    The big 3 get better deals from Intel most likely, and then it's the entire brand/image thing. AMD just isn't as sexy (yet). Though I'm not partial to any company/corporation, I like to pick the best tool for the job that fits within my budget. I also don't like hardware that does not have a proven track record, though, with all of Intel's in-silicon security flaws that go back over a decade or more, it's kind of a weird conundrum to pick and choose what to install in a server. Do I roll the dice with Intel hoping that this is it, while paying 100% of the price for something that will have ~20% less performance when installed and deployed, or do I go with AMD, a newer architecture that was built from scratch with the long term in mind, and architecture that underwent the same scrutiny as Intel when it comes to searching for security flaws.

    QUOTE="Wolf-R1, post: 1044127838, member: 89765"]I've been wondering the same thing. AMD keeps getting closer and closer.[/QUOTE]

    AMD Ryzen based CPUs, when compared at the same clock speed to Intel Skylake-X (no Turbo or Core Clock Enhancement BS enabled on Intel or PBO / XFR on AMD), the AMD Ryzen CPUs lose in latency-sensitive applications due to Infinity Fabric. So while AMD has IPC parity with Intel, performance is application dependent. The good news is that those applications are too far and in-between. Here is an example: https://www.tweaktown.com/articles/8379/amd-threadripper-vs-intel-core-i9-cpus-clock/index.html

    Let's be honest here for a second: if I'm on a budget and I need 16 cores for [insert use case here], I will absolutely skip the 2950X and get a 1950X. There is an $1100 discrepancy between the 1950X and the 9960X. Maybe you can find a 7960X for a bit less than $1600 if you're lucky, new that is. If, however, I have a use case where the Intel CPU will give me a tangible performance boost, say 30% or so, then I will gladly spend the difference and go for Intel.

    The bothersome part about Spoiler is that something as high-level as JavaScript can exploit that flaw. I mean, JavaScript runs inside an interpreter for crying out loud. If you'd have to write specific code in ASM to exploit it, that would be one thing. But JavaScript? And it might not even be fixable with a software patch, or microcode update, or both.

    The bottom line is that while you spend an extra $1000 or so to go with Intel for your high-performance workstation, you might lose any performance edge over a similar AMD CPU due all the patches meant to address security issues.

    The very next sentense...

    AMD CPUs are not a money maker for other hardware manufacturers because they don't overclock as high as Intel and AMD keep the same socket around forever. So motherboard manufacturers won't invest much in AMD motherboards because they will collect dust, as AMD customers are typically of the stingy variety. People who spend thousands on a computer system expect what's perceived to be the best brands inside their box, that is Intel (or AMD Threadripper in some cases), ASUS motherboar, Corsair Dominator RAM, EVGA GPUs, Samsung SSDs and so on. So AMD has a long way to go in order to be perceived as a premium brand. Just pointing the finger and saying "our CPUs are more secure" isn't enough.
     
    Darth Kyrie likes this.
  33. JosiahBradley

    JosiahBradley [H]ard|Gawd

    Messages:
    1,724
    Joined:
    Mar 19, 2006
    I sure hope people on this forum aren't silly enough to spend their hard earned thousands on fictitious brand image. I'm using a PNY video card of all things and am top 100 in superposition for 1080tis. I've got an Intel CPU but there was no Ryzen when I bought it. I'm looking forward to Zen 2 when I can relive my 2700+ days. Also AMD has been refreshing their chip sets lately too keep motherboard makers fresh. Maybe I'm weird but I buy brands based on price performance.
     
  34. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    So because you bought a cpu before checking how it performs with the application you bought it for And / Or you screwed up the build badly to have it perform so poorly, now you hate AMD even 15 years later? I just don't see where is AMD's fault in all of this.
    BTW I upgraded from a PIII 1 Ghz, to an XP and it was a huge improvement, AMD basically wiped the floor with Intel during that PIV period, I don't know how you managed to come out of that so poorly.
     
  35. MV75

    MV75 [H]ard|Gawd

    Messages:
    1,025
    Joined:
    Nov 13, 2007
    I don't understand why you think that, your join date would suggest you've been around long enough.

    I had been on amd from ~1998 until ~2014. I was there in the amd high, the xp, the x64, then nothing, nothing nothing. I fully understand why I switched.
     
  36. Uvaman2

    Uvaman2 2[H]4U

    Messages:
    3,031
    Joined:
    Jan 4, 2016
    Me either, p3 vs xp? And the xp was worse? Weird.
     
  37. Kajun614

    Kajun614 Limp Gawd

    Messages:
    142
    Joined:
    Jul 7, 2016
    I loved AMD up until I got my IVY Bridge. I'll probably go back to AMD next upgrade. I remember getting a new cpu almost yearly years ago but that stopped. Ivy and my age I guess.
     
  38. Rvenger

    Rvenger [H]ard|Gawd

    Messages:
    1,636
    Joined:
    Sep 12, 2012
    I smell some Intel stock owners in this thread. Back on topic perhaps?
     
  39. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,213
    Joined:
    Nov 16, 2009
    They can't even find the exploits in their own CPUs, and have pushed new generation of processors without even fixing current vulnerabilities.... I don't recommend intel to anyone at this point, AMD is cheaper and probably faster once the intel gets neutered with the software patches.
     
  40. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    That's just business. Fixing the exploits would be too costly (both in performance and finance terms). Much like car companies decided in the good ol times that it's better to settle with the families of the deceased than to fix the fatal issue with their cars.