AMD CPUs Are Also Vulnerable To Spectre 2 Exploit Rev. 2.0

AMD updated their security advisory, confirming that their CPUs are also vulnerable to the Spectre 2 exploit. We updated our article Everything On The Intel, AMD & ARM CPU Bug, but it looks like many AMD fanboys still insist that AMD processors are only affected by Spectre 1. So let us burst their bubble and update them on what AMD actually said about this “issue”.

Updated @ 2018-01-15 : Added two new sections addressing the criticisms of the AMD and Intel fanboys.

Originally posted @ 2018-01-13


AMD CPUs Are Also Vulnerable To Spectre 2 Exploit

When AMD first released their security advisory on the Meltdown and Spectre exploits, they stated that, “Differences in AMD architecture mean there is a near zero risk of exploitation of this variant.

Just over a week later, on 11 January 2018, Mark Papermaster, AMD Senior Vice President and Chief Technology Officer, posted an update of their assessment, stating that “GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.

He clarified that while AMD believes that their “processor architectures make it difficult to exploit Variant 2“, they have defined “a combination of processor microcode updates and OS patches” to mitigate the Spectre 2 threat.

You can read more about the Spectre and Meltdown exploits in Everything On The Intel, AMD & ARM CPU Bug.


Why Is Spectre 2 Important?

This development is significant, because Spectre 2 is the more problematic exploit of the two. Mainly because any efforts to reduce its risks significantly reduces performance.

According to Microsoft, only Spectre 2 mitigation patches have a significant performance impact. Their initial performance tests show that Spectre 1 and Meltdown mitigation patches have minimal or small performance impact, and are unlikely to be noticed by users.


What Is AMD Doing About Spectre 2?

AMD has already defined the “additional steps” that consists of processor microcode updates and operating system patches that will mitigate the threat of Spectre 2 to their affected processors.

They will make the microcode updates available for the Ryzen and EPYC processors this week, with microcode updates for older processors in the coming weeks.

Notably, Mark said that they would be OPTIONAL. This ties in with their assessment that it would be difficult (albeit not impossible) to exploit Variant 2 in an AMD processor. So AMD users will get the option of NOT applying these microcode updates, at least while no actual Spectre threat exists in the real world.

Linux vendors have started to roll out Spectre 2 patches, while Microsoft will be releasing Spectre 2 patches for Windows shortly.


AMD Fanboys Are Missing The Big Picture

Many AMD fanboys say that we are biased against AMD, because that the risk of a Spectre 2 exploit is small or “virtually non-existent”.

We love the AMD Ryzen just like you do, and find their performance-value proposition incredibly refreshing. In fact, we even wrote an article crediting The Ryzen Effect for creating better Intel processors.

What we reported is no different from the official statement by Mark Papermaster – the AMD CPUs are vulnerable to Spectre 2. But you are all missing the big picture.

[adrotate group=”2″]

The point here isn’t to rub our collective noses in some kind of childish Intel vs. AMD fanboy war, it’s to point out that these Spectre 2 patches will have a significant performance impact.

Because there is no real world exploit of both Meltdown and Spectre, and because AMD’s microarchitecture is more robust against the Spectre 2 vulnerability, there is arguably no real need to apply the Spectre 2 patches.

That’s why we specifically pointed out that “Mark said that they would be OPTIONAL“, so you should have the option of “NOT applying these microcode updates“.

You guys would have realised that if you actually read the article, instead of just stopping at the title.


Intel Fanboys Should Stop Throwing Stones

Some Intel fanboys are using this article as evidence that “AMD got caught lying” or “AMD CPUs are just as bad”. Well, let us address those claims.

  1. AMD did not lie – In their original disclosure, they stated very clearly that “there is a near zero risk” of a Spectre 2 exploit working on an AMD CPU. We specifically mentioned and underlined that in the original article to stress that AMD was already aware that their CPUs are somewhat vulnerable to Spectre 2.
  2. AMD CPUs are far less at risk – Even with this upgraded risk assessment, AMD CPUs are still much less vulnerable to Spectre 2 than Intel CPUs, and they are completely impervious to the Meltdown exploit. Because they are less vulnerable, AMD users have the option of not applying Spectre 2 patches that can have a significant performance impact.


Meltdown + Spectre Reading Suggestions

Go Back To > Articles | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Leave a ReplyCancel reply