Meltdown-like vulnerability found in AMD CPUs

[leadeater]

17 minutes ago, Arika S said:

which is a vulnerability......

 

it may not have been used in this way yet, but it is VULNERABLE to be used in this way.

 

it's absolute semantics to not call it a vulnerability.

 

 

Even the dictionary definition of the word says it's a vulnerability. The flaw exists, therefore is it vulnerable

Vul·ner·a·bil·i·ty

noun: vulnerability; plural noun: vulnerabilities

1. the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally.

Well if you listen to the researcher that found it he specifically and categorically says it is not a vulnerability and is a hardware flaw. I think I'll listen to him because I think he has good justification for why it is NOT a security vulnerability.

 

Edit:

Also I guess what is most important is the preceding word in front of whichever word you feel is relevant or wish to use, that being hardware and not security. Being able to make something do something it shouldn't do isn't a security problem in and of itself. That's why he is trying to be so clear about what it is and what it is not.

[RejZoR]

5 hours ago, Chiyawa said:

Technically, aside from OS patches, they can't do anything about it. This is hardware level flaw,so it's already there. They can only depend on OS having a good security measure that this type of vulnerability are prevented from executing. Just like Intel and the Spectre, there's no permanent fix.

"Do about it" in terms of resolving the issue on hardware level asap. I'm well aware they can't do much on existing hardware other than patching microcode in BIOS.

[mr moose]

2 hours ago, leadeater said:

Speculative execution isn't a flaw or a security theory. Speculative execution is branch prediction with execution on the basis that what is predicted might actually be used so it's faster to have the result already before it is required.

 

 

The security flaws are in regards to gaining access to transient data caused by these speculative executions or keeping the cache data around for prediction input.

 

AMD did actually build in specific cache and memory protection in to Zen to guard against speculative execution security flaws, that was why many of the Intel flaws in the first round did not affect AMD/Zen because the safeguards that were put in place did protect improper reading of data in that way.

 

What we have here is a discovery of a way that does get around the current safeguards.

I didn't mean speculative execution was the exploit, I meant that the exploit of speculative execution has been around forever.

 

 

 

 

[Chiyawa]

1 minute ago, RejZoR said:

"Do about it" in terms of resolving the issue on hardware level asap. I'm well aware they can't do much on existing hardware other than patching microcode in BIOS.

Oh. Okay, that makes a lot of sense.

[sounds]

This flaw is a lot less severe than Meltdown:

Quote

In the whitepaper, the researchers did note that "AMD's design decisions indeed limit the exploitability scope" when compared to Meltdown-style attack vectors affecting Intel's CPUs, "yet it may be possible to use them to amplify other microarchitectural attacks."

Obviously there's going to be a hot debate now about whether AMD is just as vulnerable to a Meltdown-like flaw as Intel, but today, right now, AMD is not.

 

Just because the researchers showed they could access addresses that the CPU shouldn't access is not a full Meltdown exploit.

Quote

"The violation we report does not lead to cross address space leaks, but it provides a reliable way to force an illegal dataflow between microarchitectural elements. Unlike the previous AMD vulnerabilities, the flaw we report is the first flaw that proves that it is possible to force an illegal data flow between microarchitectural elements," the researchers explain.

The researchers are talking about stuff like HeartBleed, not Meltdown, when they say that. "An illegal dataflow between microarchitectural elements" means an exploit inside your process - like HeartBleed, not an exploit that lets one VM peek inside another VM in the cloud like Meltdown.

 

Maybe you don't think this makes any difference to you. I get it. But it makes a HUGE difference to AMD's biggest customers.

[mr moose]

13 hours ago, sounds said:

This flaw is a lot less severe than Meltdown:

Obviously there's going to be a hot debate now about whether AMD is just as vulnerable to a Meltdown-like flaw as Intel, but today, right now, AMD is not.

 

That we know about.  The law of averages dictates that both AMD and Intel likely have the same number of vulnerabilities, it's just we only know about some of them, and who knows about others is a guess at best.    If you want to take a strictly mathematical approach then Intel is safer because more of their vulnerabilities are publicly known and therefore can be mitigated. 

 

13 hours ago, sounds said:

 

Maybe you don't think this makes any difference to you. I get it. But it makes a HUGE difference to AMD's biggest customers.

I recon it makes no more difference to them than the last round of exploits they were informed about.  security is just another part of business that needs to be addressed.  sometimes it costs too much to address it properly so they don't bother, other times they apply the mitigation and get on with life.

[BetteBalterZen]

On 9/2/2021 at 10:01 PM, Demonking said:

Just when you think you're safe on AMD.

Lol

[Mark Kaine]

On 9/6/2021 at 6:18 AM, leadeater said:

Speculative execution is branch prediction with execution on the basis that what is predicted might actually be used so it's faster to have the result already before it is required.

So how does this make it faster, the cpu cannot "guess" what im going to do next, because i don't know myself...

Or is this more a thing what programs "might" do next? This would probably be easier to predict... im just asking because the description of this process often seems to be pretty vague... is this what the "virtual" cores are for, i mean they aren't really separate cores anyway?  I sometimes get the feeling even the people who make these things don't understand them fully - or at least can't really explain it well.

 

On 9/6/2021 at 7:57 AM, leadeater said:

I've used yet multiple times on purpose, because it likely will.

Possible Microsoft will push an update soon, so it won't be an actual exploit? 

 

 

On 9/8/2021 at 12:13 PM, mr moose said:

That we know about.  The law of averages dictates that both AMD and Intel likely have the same number of vulnerabilities,

Well only if like everyone is lying because I remember researchers and amd said zen architecture can't have a meltdown like vulnerability because they have measures against it which intel did not (hence no patches) so there's at least one vulnerability less, because intel lazy, amd good. : P

 

 

[leadeater]

1 hour ago, Mark Kaine said:

Or is this more a thing what programs "might" do next? This would probably be easier to predict...

Yes it's more like this. When you hit a branch of code that is "if this then do that else do this" it'll do both, cache it, then when the program catches up and says hey do this one the CPU has already done the cooking show "here is one I prepared earlier". It's all happening extremely quickly though, at the micro-operation level not full blown logic path and program interactivity level that we actually use the application. It's really not trying to guess what we are doing with the application at all.

[mr moose]

10 hours ago, Mark Kaine said:

Well only if like everyone is lying because I remember researchers and amd said zen architecture can't have a meltdown like vulnerability because they have measures against it which intel did not (hence no patches) so there's at least one vulnerability less, because intel lazy, amd good. : P

 

If you want to reduce the entire debate surrounding which product is more secure to only one type of exploit then sure.  But seeing as we are specifically informing people that the number of exploits that exist is unknown and not just one and the fact I specifically said that we do not know how many exploits are known but not made known to AMD or Intel (let alone to the public),  then the question about one being more secure is not resolvable.

 

Intel could have mitigated a hundred known vulnerabilities while AMD only has 2and it would only look like AMD is better. If AMD has 30 vulnerabilities they don't know about but a serious cyber criminal does then AMD is far more insecure.  The problem here is we just don't know.  There is absolutely no way for any of us to know how many vulnerabilities any CPU has, so we can't call one more secure than another.

[Mark Kaine]

2 hours ago, mr moose said:

The problem here is we just don't know.  There is absolutely no way for any of us to know how many vulnerabilities any CPU has, so we can't call one more secure than another.

Yeah, im just saying its not the same vulnerability,  if it is one, I don't really care which one is worse off, but I think intel got hit quite a bit harder during recent times. 

 

Ps: i know my post came off a little fanboyish, but it wasn't meant to be. I kinda like intel more, would love to have a fast 7nm 20 core intel at reasonable prices (which is just not something they're able to offer seemingly)