A Reminder from AMD: Our Processors Aren't Affected by New "SPOILER" Vulnerability

[Megalith]

AMD has published a support article confirming its chips should be immune to “SPOILER,” a new CPU vulnerability outlined by computer scientists at Worcester Polytechnic Institute and the University of Lübeck. As explained in their paper, SPOILER takes advantage of "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem.” This makes it easier for memory attacks such as “Rowhammer” to be carried out, but evidently, only Intel users need worry.

We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.

 

[killroy67]

Intel chips, the gift that keeps on giving.

 

[JosiahBradley]

I'd love to see an IPC comparison clock for clock of the latest Ryzen and Intel chips after patching for all these new bugs.

 

[freeloader1969]

LOL...I wonder if Intel has implemented any fixes for this and other security flaws in their "new" Comet Lake CPU?

 

[THRESHIN]

Thanks AMD. Stop making me want to replace me insecure skylake with a ryzen

 

[Mode13]

Ack, they said "should". Therefore, it's still possible! Therefore [Insert mode13 intel shill speech]

mwahahahaha, now where is my check?

 

[Skull_Angel]

LOL...I wonder if Intel has implemented any fixes for this and other security flaws in their "new" Comet Lake CPU?

From what I've read into, nope, no hardware fixes.

 

[killroy67]

From what I've read into, nope, no hardware fixes.

And difficult to do software mitigations, nothing will completely get rid of the vulnerability.

 

[sirmonkey1985]

LOL...I wonder if Intel has implemented any fixes for this and other security flaws in their "new" Comet Lake CPU?

i believe the hardware fixes won't be til 10nm or 7nm processors which ever they go with in 2020'ish. comet lake will be yet another refresh.

 

[mjz_5]

Intel will need to sell you a new chipset excuse or some bullcrap to fix the issues

 

[DukenukemX]

That's great and all but does it effect performance for Intel users? Can it be patched and fixed? So far there's a lot of vulnerabilities being exposed but it hasn't hurt Intel's sales one bit. Especially for gaming where we're concerned about.

 

[NWRMidnight]

That's great and all but does it effect performance for Intel users? Can it be patched and fixed? So far there's a lot of vulnerabilities being exposed but it hasn't hurt Intel's sales one bit. Especially for gaming where we're concerned about.

That is only because most people are naive, don't know about the vulnerabilities, or simply don't care, which will bite them in the ass sooner or later.

It's like having sex without protection. Some get lucky. Some end up having to pay support for 18 to 24 years, some end up with a disease that sticks with them for the rest of their life, and others get a mix of it all.

With all the Intel vulnerabilities, most people are just playing the odds that nothing will happen to them... Some will lose.

 

[STEM]

That is only because most people are naive, don't know about the vulnerabilities, or simply don't care, which will bite them in the ass sooner or later.

It's like having sex without protection. Some get lucky. Some end up having to pay support for 18 to 24 years, some end up with a disease that sticks with them for the rest of their life, and others get a mix of it all.

With all the Intel vulnerabilities, most people are just playing the odds that nothing will happen to them... Some will lose.

Intel is a lot like Apple when it comes to brand loyalty. I recently consulted for a small company that was looking to upgrade their servers and came up with an AMD EPYC box that would have effectively replaced their entire rack. I told them that there is enough left in the budget to build an identical box as a failover, and we can create a fast storage server, and a backup server. Or just the one EPYC server and a backup server. Well, they didn't want to virtualize all their antiquated Intel boxes, but more importantly, they said that, and I paraphrase: "our entire marketing strategy and reputation is built on selling our customers the same hardware that we use [...] Intel, Cisco and Microsoft are integral to our growth strategy [...]". At the end I walked out of there thinking that those poor shmucks can't afford Intel and Cisco, come to think of it, they can barely afford Microsoft. Needless to say a month later I heard that they ordered four low-end Intel servers from Dell.

 

[[Spectre]]

Intel is a lot like Apple when it comes to brand loyalty. I recently consulted for a small company that was looking to upgrade their servers and came up with an AMD EPYC box that would have effectively replaced their entire rack. I told them that there is enough left in the budget to build an identical box as a failover, and we can create a fast storage server, and a backup server. Or just the one EPYC server and a backup server. Well, they didn't want to virtualize all their antiquated Intel boxes, but more importantly, they said that, and I paraphrase: "our entire marketing strategy and reputation is built on selling our customers the same hardware that we use [...] Intel, Cisco and Microsoft are integral to our growth strategy [...]". At the end I walked out of there thinking that those poor shmucks can't afford Intel and Cisco, come to think of it, they can barely afford Microsoft. Needless to say a month later I heard that they ordered four low-end Intel servers from Dell.

No one ever got fired for buying IBM......or Intel. If this is your field, you should know this.

 

[c3k]

My 4790k is shaking in its socket...

 

[Darth Kyrie]

Intel chips, the gift that keeps on giving.

Are you saying that Intel CPUs are like herpes?

 

[STEM]

No one ever got fired for buying IBM......or Intel. If this is your field, you should know this.

Oh no worries, I sell Intel-based systems mostly. These guys wanted to save money, not because they were stingy, but because they are poor. Still, even the poor prefer Intel over AMD. Brand recognition goes a long way. And trust, people trust Intel, no matter how many security issues come up, no matter how many screwups.

I'm typing this from my trusty AMD Threadripper 1950X workstation.

 

[Skull_Angel]

Oh no worries, I sell Intel-based systems mostly. These guys wanted to save money, not because they were stingy, but because they are poor. Still, even the poor prefer Intel over AMD. Brand recognition goes a long way. And trust, people trust Intel, no matter how many security issues come up, no matter how many screwups.

I'm typing this from my trusty AMD Threadripper 1950X workstation.

I get something similar to this when I recommend new AMD builds to gaming buddies that are on a tight budgets. Could have saved the money, went for more RAM, and/or a new (needed) mouse, and have 2 more physical cores, but "It's not Intel though"; probably won't overclock either...

 

[MV75]

Our processor doesn't do this, it doesn't do that...

Well when you have a processor that does nothing, then nothing can happen to it.

 

[mjz_5]

Our processor doesn't do this, it doesn't do that...

Well when you have a processor that does nothing, then nothing can happen to it.

Really? I'm amazed that people can't understand why AMD CPUs are great

 

[Elf_Boy]

Sadly I think there must be an exploit that is amd specific - are those who find these things even looking given the installed base?

I'll start by saying I am not big with FPS type games anymore. Nothing against them, just more of a RPG kind of gamer. Though if Anthem is ever properly debugged I may check it out.

Specs below. I play every game at 4k full/max quality and get a good gaming experience with my system.

I run into fellow gamers at work, who I know are tighter on money then myself who prefer to go broke on Intel, bitch about not having enough ram and storage for all there games, yet are die hard Intel boys all the way.

I've had both Intel and amd systems. My laptop is Intel. It is a nice system.

I really don't get why people get so stuck on brands. Except mayonnaise, of course, that has to be Best Foods brand.

 

[BloodyIron]

Got my r5 2600, very happy with it!

 

[Stanley Pain]

Sadly I think there must be an exploit that is amd specific - are those who find these things even looking given the installed base?

I'll start by saying I am not big with FPS type games anymore. Nothing against them, just more of a RPG kind of gamer. Though if Anthem is ever properly debugged I may check it out.

Specs below. I play every game at 4k full/max quality and get a good gaming experience with my system.

I run into fellow gamers at work, who I know are tighter on money then myself who prefer to go broke on Intel, bitch about not having enough ram and storage for all there games, yet are die hard Intel boys all the way.

I've had both Intel and amd systems. My laptop is Intel. It is a nice system.

I really don't get why people get so stuck on brands. Except mayonnaise, of course, that has to be Best Foods brand.

You'd think someone (Intel) would throw money at some R&D firm to find some AMD specific exploits. I'm sure there are some.

 

[Elf_Boy]

You'd think someone (Intel) would throw money at some R&D firm to find some AMD specific exploits. I'm sure there are some.

It does seem like a very Intel thing to do (well corporate America thing to do) --- I wonder though, would it lead to a bigger Intel flaw coming to light? If Intel has more to hide maybe they don't want to get into a Tit for Tat kind of fight.

All speculation of course as I don't know much about the inner workings of either.

Makes me really think about Intel jumping into the high end GPU market.... How is all of this related in the big picture.... GPUs are the new CPU, right? We will all end up with custom ARM CPUs in our system with the number of cores etc we want with a quantum-gpu that does all the heavy lifting for graphics, ai, physics, etc.

All new set of hardware vulnerabilities.

 

[STEM]

You'd think someone (Intel) would throw money at some R&D firm to find some AMD specific exploits. I'm sure there are some.

That's not how it works. You can't just make up exploits as you please. Keep in mind that all of Intel's security flaws are in the parts of the CPU that affect performance directly. Just like Spectre is a conceptual error and some variant or variants affected both ARM-based CPUs and AMD (though not as severely as Intel), well, Intel has the most Spectre vulnerabilities of them all. What does that tell you?

It tells me that Intel's in-silicon security flaws are the result of them cutting corners to increase performance without having to put too much effort into it. Unlike AMD who is putting considerable effort into their Zen architecture by redesigning it and making it more modular with a central I/O die on each CPU to cut internal latencies to increase IPC and overall performance, Intel decided to remove some steps that would have ensured security. The shitty part of this is the fact that Spoiler might not even be fixable with a software patch. If this gets out of hand and Intel hits a wall with microcode updates and software patches, sooner or later it will catch up to them, and they will either be forced to do a massive recall or pay out some money. Either way, they screwed up on a colossal scale. I wonder if they thought that greed pays...

 

[Megaslug]

Really? I'm amazed that people can't understand why AMD CPUs are great

Easy - we've been burned before. You know, maybe the current AMD processors really are that good. But way back when, I bough tin to the "XP +" hype from AMD and built an AMD system. Probably my shortest lived desktop. I even went ATI instead of nVidia for the video card - and with Linux and also a Windows-based 3D CAD program I used, the Pentium 3 system with whatever card was common for those, can't exactly recall which model I had, blew it away. That was the first and last ATI/AMD video card I bought. And the last AMD CPU I bought until somewhere around 2007 when I build a machine to run WHS. I was looking strictly at power for that machine, the AMD CPU was nicely low powered but also extremely poor performing, but for this application it didn't matter much, outside of the initial OS installation. Maybe the current stuff is MUCH better. But I've NEVER had issues using Intel and nVidia and I see no reason why I should gamble now. Certain not to build a fairly expensive primary desktop. I'm more willing to try AMD where it doesn't matter so much and something like low cost is the primary objective, but for a main system - not going to gamble when I have a known quantity on one hand and an unknown that has proven to be a past disappointment.
And these security vulnerabilities are being blown WAY out of proportion. Yes, you can gain access to privileged level memory, but actually extracting that data to do anything meaningful has yet to be proven outside of some proof of concept demonstrations running on the physical machine itself. Now, if you are int he habit of allowing unknown people to waltz into your data center, and/or run your servers in unprotected vlans accessible from random conference room ethernet ports, well, you pretty much deserve what you get. There's no point in enhanced cyber security if there is no physical security.

 

[STEM]

Easy - we've been burned before. You know, maybe the current AMD processors really are that good. But way back when, I bough tin to the "XP +" hype from AMD and built an AMD system. Probably my shortest lived desktop. I even went ATI instead of nVidia for the video card - and with Linux and also a Windows-based 3D CAD program I used, the Pentium 3 system with whatever card was common for those, can't exactly recall which model I had, blew it away. That was the first and last ATI/AMD video card I bought. And the last AMD CPU I bought until somewhere around 2007 when I build a machine to run WHS. I was looking strictly at power for that machine, the AMD CPU was nicely low powered but also extremely poor performing, but for this application it didn't matter much, outside of the initial OS installation. Maybe the current stuff is MUCH better. But I've NEVER had issues using Intel and nVidia and I see no reason why I should gamble now. Certain not to build a fairly expensive primary desktop. I'm more willing to try AMD where it doesn't matter so much and something like low cost is the primary objective, but for a main system - not going to gamble when I have a known quantity on one hand and an unknown that has proven to be a past disappointment.
And these security vulnerabilities are being blown WAY out of proportion. Yes, you can gain access to privileged level memory, but actually extracting that data to do anything meaningful has yet to be proven outside of some proof of concept demonstrations running on the physical machine itself. Now, if you are int he habit of allowing unknown people to waltz into your data center, and/or run your servers in unprotected vlans accessible from random conference room ethernet ports, well, you pretty much deserve what you get. There's no point in enhanced cyber security if there is no physical security.

Wow, cognitive dissonance at its finest.

 

[Spire3660]

No one ever got fired for buying IBM......or Intel. If this is your field, you should know this.

Those of us who build things can only choke down so much market positioning.

 

[Stanley Pain]

That's not how it works. You can't just make up exploits as you please. Keep in mind that all of Intel's security flaws are in the parts of the CPU that affect performance directly. Just like Spectre is a conceptual error and some variant or variants affected both ARM-based CPUs and AMD (though not as severely as Intel), well, Intel has the most Spectre vulnerabilities of them all. What does that tell you?

It tells me that Intel's in-silicon security flaws are the result of them cutting corners to increase performance without having to put too much effort into it. Unlike AMD who is putting considerable effort into their Zen architecture by redesigning it and making it more modular with a central I/O die on each CPU to cut internal latencies to increase IPC and overall performance, Intel decided to remove some steps that would have ensured security. The shitty part of this is the fact that Spoiler might not even be fixable with a software patch. If this gets out of hand and Intel hits a wall with microcode updates and software patches, sooner or later it will catch up to them, and they will either be forced to do a massive recall or pay out some money. Either way, they screwed up on a colossal scale. I wonder if they thought that greed pays...

That's not how what works?

People are paid to research things all the time. I'm honestly surprised that AMD hasn't been bit as badly as Intel. Kudos to them for obviously doing things "the right way" (at least as far as we know currently). My comment was a bit of sarcasm too. To clarify I'm sure some money HAS been thrown at finding vulns in AMD CPUs.

 

[Wolf-R1]

I'd love to see an IPC comparison clock for clock of the latest Ryzen and Intel chips after patching for all these new bugs.

I've been wondering the same thing. AMD keeps getting closer and closer.

 

[/dev/null]

When are AMD processors coming to "workstation" lines at any of the big 3 OEMS? I'm talking single/dual socket options with ecc reg as standard.

Also looking for thinkpad T series with Ryzen & can't find anything. Personally? I can't wait for my box to be Ryzen. Work however won't look at anything that isn't a workstation from one of the big 3 OEMS (Dell/HP/Lenovo)

 

[STEM]

When are AMD processors coming to "workstation" lines at any of the big 3 OEMS? I'm talking single/dual socket options with ecc reg as standard.

Also looking for thinkpad T series with Ryzen & can't find anything. Personally? I can't wait for my box to be Ryzen. Work however won't look at anything that isn't a workstation from one of the big 3 OEMS (Dell/HP/Lenovo)

The big 3 get better deals from Intel most likely, and then it's the entire brand/image thing. AMD just isn't as sexy (yet). Though I'm not partial to any company/corporation, I like to pick the best tool for the job that fits within my budget. I also don't like hardware that does not have a proven track record, though, with all of Intel's in-silicon security flaws that go back over a decade or more, it's kind of a weird conundrum to pick and choose what to install in a server. Do I roll the dice with Intel hoping that this is it, while paying 100% of the price for something that will have ~20% less performance when installed and deployed, or do I go with AMD, a newer architecture that was built from scratch with the long term in mind, and architecture that underwent the same scrutiny as Intel when it comes to searching for security flaws.

QUOTE="Wolf-R1, post: 1044127838, member: 89765"]I've been wondering the same thing. AMD keeps getting closer and closer.[/QUOTE]

AMD Ryzen based CPUs, when compared at the same clock speed to Intel Skylake-X (no Turbo or Core Clock Enhancement BS enabled on Intel or PBO / XFR on AMD), the AMD Ryzen CPUs lose in latency-sensitive applications due to Infinity Fabric. So while AMD has IPC parity with Intel, performance is application dependent. The good news is that those applications are too far and in-between. Here is an example: https://www.tweaktown.com/articles/8379/amd-threadripper-vs-intel-core-i9-cpus-clock/index.html

Let's be honest here for a second: if I'm on a budget and I need 16 cores for [insert use case here], I will absolutely skip the 2950X and get a 1950X. There is an $1100 discrepancy between the 1950X and the 9960X. Maybe you can find a 7960X for a bit less than $1600 if you're lucky, new that is. If, however, I have a use case where the Intel CPU will give me a tangible performance boost, say 30% or so, then I will gladly spend the difference and go for Intel.

The bothersome part about Spoiler is that something as high-level as JavaScript can exploit that flaw. I mean, JavaScript runs inside an interpreter for crying out loud. If you'd have to write specific code in ASM to exploit it, that would be one thing. But JavaScript? And it might not even be fixable with a software patch, or microcode update, or both.

The bottom line is that while you spend an extra $1000 or so to go with Intel for your high-performance workstation, you might lose any performance edge over a similar AMD CPU due all the patches meant to address security issues.

That's not how what works?

The very next sentense...

I've been wondering the same thing. AMD keeps getting closer and closer.

AMD CPUs are not a money maker for other hardware manufacturers because they don't overclock as high as Intel and AMD keep the same socket around forever. So motherboard manufacturers won't invest much in AMD motherboards because they will collect dust, as AMD customers are typically of the stingy variety. People who spend thousands on a computer system expect what's perceived to be the best brands inside their box, that is Intel (or AMD Threadripper in some cases), ASUS motherboar, Corsair Dominator RAM, EVGA GPUs, Samsung SSDs and so on. So AMD has a long way to go in order to be perceived as a premium brand. Just pointing the finger and saying "our CPUs are more secure" isn't enough.

 

[JosiahBradley]

Snip
AMD CPUs are not a money maker for other hardware manufacturers because they don't overclock as high as Intel and AMD keep the same socket around forever. So motherboard manufacturers won't invest much in AMD motherboards because they will collect dust, as AMD customers are typically of the stingy variety. People who spend thousands on a computer system expect what's perceived to be the best brands inside their box, that is Intel (or AMD Threadripper in some cases), ASUS motherboar, Corsair Dominator RAM, EVGA GPUs, Samsung SSDs and so on. So AMD has a long way to go in order to be perceived as a premium brand. Just pointing the finger and saying "our CPUs are more secure" isn't enough.

I sure hope people on this forum aren't silly enough to spend their hard earned thousands on fictitious brand image. I'm using a PNY video card of all things and am top 100 in superposition for 1080tis. I've got an Intel CPU but there was no Ryzen when I bought it. I'm looking forward to Zen 2 when I can relive my 2700+ days. Also AMD has been refreshing their chip sets lately too keep motherboard makers fresh. Maybe I'm weird but I buy brands based on price performance.

 

[M76]

Easy - we've been burned before. You know, maybe the current AMD processors really are that good. But way back when, I bough tin to the "XP +" hype from AMD and built an AMD system. Probably my shortest lived desktop. I even went ATI instead of nVidia for the video card - and with Linux and also a Windows-based 3D CAD program I used, the Pentium 3 system with whatever card was common for those, can't exactly recall which model I had, blew it away. That was the first and last ATI/AMD video card I bought. And the last AMD CPU I bought until somewhere around 2007 when I build a machine to run WHS. I was looking strictly at power for that machine, the AMD CPU was nicely low powered but also extremely poor performing, but for this application it didn't matter much, outside of the initial OS installation. Maybe the current stuff is MUCH better. But I've NEVER had issues using Intel and nVidia and I see no reason why I should gamble now. Certain not to build a fairly expensive primary desktop. I'm more willing to try AMD where it doesn't matter so much and something like low cost is the primary objective, but for a main system - not going to gamble when I have a known quantity on one hand and an unknown that has proven to be a past disappointment.
And these security vulnerabilities are being blown WAY out of proportion. Yes, you can gain access to privileged level memory, but actually extracting that data to do anything meaningful has yet to be proven outside of some proof of concept demonstrations running on the physical machine itself. Now, if you are int he habit of allowing unknown people to waltz into your data center, and/or run your servers in unprotected vlans accessible from random conference room ethernet ports, well, you pretty much deserve what you get. There's no point in enhanced cyber security if there is no physical security.

So because you bought a cpu before checking how it performs with the application you bought it for And / Or you screwed up the build badly to have it perform so poorly, now you hate AMD even 15 years later? I just don't see where is AMD's fault in all of this.
BTW I upgraded from a PIII 1 Ghz, to an XP and it was a huge improvement, AMD basically wiped the floor with Intel during that PIV period, I don't know how you managed to come out of that so poorly.

 

[MV75]

Really? I'm amazed that people can't understand why AMD CPUs are great

I don't understand why you think that, your join date would suggest you've been around long enough.

I had been on amd from ~1998 until ~2014. I was there in the amd high, the xp, the x64, then nothing, nothing nothing. I fully understand why I switched.

 

[Uvaman2]

So because you bought a cpu before checking how it performs with the application you bought it for And / Or you screwed up the build badly to have it perform so poorly, now you hate AMD even 15 years later? I just don't see where is AMD's fault in all of this.
BTW I upgraded from a PIII 1 Ghz, to an XP and it was a huge improvement, AMD basically wiped the floor with Intel during that PIV period, I don't know how you managed to come out of that so poorly.

Me either, p3 vs xp? And the xp was worse? Weird.

 

[Kajun614]

I loved AMD up until I got my IVY Bridge. I'll probably go back to AMD next upgrade. I remember getting a new cpu almost yearly years ago but that stopped. Ivy and my age I guess.

 

[Rvenger]

I smell some Intel stock owners in this thread. Back on topic perhaps?

 

[Biznatch]

You'd think someone (Intel) would throw money at some R&D firm to find some AMD specific exploits. I'm sure there are some.

They can't even find the exploits in their own CPUs, and have pushed new generation of processors without even fixing current vulnerabilities.... I don't recommend intel to anyone at this point, AMD is cheaper and probably faster once the intel gets neutered with the software patches.

 

[M76]

They can't even find the exploits in their own CPUs, and have pushed new generation of processors without even fixing current vulnerabilities.... I don't recommend intel to anyone at this point, AMD is cheaper and probably faster once the intel gets neutered with the software patches.

That's just business. Fixing the exploits would be too costly (both in performance and finance terms). Much like car companies decided in the good ol times that it's better to settle with the families of the deceased than to fix the fatal issue with their cars.