Intel Finds Bug In AMD's Spectre Mitigation, AMD Issues Fix (tomshardware.com) 44
"News of a fresh Spectre BHB vulnerability that only impacts Intel and Arm processors emerged this week," reports Tom's Hardware, "but Intel's research around these new attack vectors unearthed another issue.
"One of the patches that AMD has used to fix the Spectre vulnerabilities has been broken since 2018." Intel's security team, STORM, found the issue with AMD's mitigation. In response, AMD has issued a security bulletin and updated its guidance to recommend using an alternative method to mitigate the Spectre vulnerabilities, thus repairing the issue anew....
Intel's research into AMD's Spectre fix begins in a roundabout way — Intel's processors were recently found to still be susceptible to Spectre v2-based attacks via a new Branch History Injection variant, this despite the company's use of the Enhanced Indirect Branch Restricted Speculation (eIBRS) and/or Retpoline mitigations that were thought to prevent further attacks. In need of a newer Spectre mitigation approach to patch the far-flung issue, Intel turned to studying alternative mitigation techniques. There are several other options, but all entail varying levels of performance tradeoffs. Intel says its ecosystem partners asked the company to consider using AMD's LFENCE/JMP technique. The "LFENCE/JMP" mitigation is a Retpoline alternative commonly referred to as "AMD's Retpoline."
As a result of Intel's investigation, the company discovered that the mitigation AMD has used since 2018 to patch the Spectre vulnerabilities isn't sufficient — the chips are still vulnerable. The issue impacts nearly every modern AMD processor spanning almost the entire Ryzen family for desktop PCs and laptops (second-gen to current-gen) and the EPYC family of datacenter chips....
In response to the STORM team's discovery and paper, AMD issued a security bulletin (AMD-SB-1026) that states it isn't aware of any currently active exploits using the method described in the paper. AMD also instructs its customers to switch to using "one of the other published mitigations (V2-1 aka 'generic retpoline' or V2-4 aka 'IBRS')." The company also published updated Spectre mitigation guidance reflecting those changes [PDF]....
AMD's security bulletin thanks Intel's STORM team by name and noted it engaged in the coordinated vulnerability disclosure, thus allowing AMD enough time to address the issue before making it known to the public.
Thanks to Slashdot reader Hmmmmmm for submitting the story...
"One of the patches that AMD has used to fix the Spectre vulnerabilities has been broken since 2018." Intel's security team, STORM, found the issue with AMD's mitigation. In response, AMD has issued a security bulletin and updated its guidance to recommend using an alternative method to mitigate the Spectre vulnerabilities, thus repairing the issue anew....
Intel's research into AMD's Spectre fix begins in a roundabout way — Intel's processors were recently found to still be susceptible to Spectre v2-based attacks via a new Branch History Injection variant, this despite the company's use of the Enhanced Indirect Branch Restricted Speculation (eIBRS) and/or Retpoline mitigations that were thought to prevent further attacks. In need of a newer Spectre mitigation approach to patch the far-flung issue, Intel turned to studying alternative mitigation techniques. There are several other options, but all entail varying levels of performance tradeoffs. Intel says its ecosystem partners asked the company to consider using AMD's LFENCE/JMP technique. The "LFENCE/JMP" mitigation is a Retpoline alternative commonly referred to as "AMD's Retpoline."
As a result of Intel's investigation, the company discovered that the mitigation AMD has used since 2018 to patch the Spectre vulnerabilities isn't sufficient — the chips are still vulnerable. The issue impacts nearly every modern AMD processor spanning almost the entire Ryzen family for desktop PCs and laptops (second-gen to current-gen) and the EPYC family of datacenter chips....
In response to the STORM team's discovery and paper, AMD issued a security bulletin (AMD-SB-1026) that states it isn't aware of any currently active exploits using the method described in the paper. AMD also instructs its customers to switch to using "one of the other published mitigations (V2-1 aka 'generic retpoline' or V2-4 aka 'IBRS')." The company also published updated Spectre mitigation guidance reflecting those changes [PDF]....
AMD's security bulletin thanks Intel's STORM team by name and noted it engaged in the coordinated vulnerability disclosure, thus allowing AMD enough time to address the issue before making it known to the public.
Thanks to Slashdot reader Hmmmmmm for submitting the story...
Glad to see at least AMD can move fast (Score:3)
If they were Intel, they would probably have denied the issue exists for half a year and then taken another half year to fix it...
Re: (Score:1)
If they were Intel they would be too bust looking for bugs in their competitors products to find their own defects.
Re: (Score:3)
If they were Intel they would be too bust looking for bugs in their competitors products to find their own defects.
You mistyped the "y" -- I'm guessing you meant "busty" ... :-)
Re: Glad to see at least AMD can move fast (Score:3)
Re: (Score:2)
Well, yes. So one mitigation got invalidated. I have no idea either what the impact is.
Re: (Score:2)
For now, AMD recommends switching from AMD Retpolines to Generic Retpolines. There isn't much of a performance hit on Zen3-class CPUs making the switch.
Re: (Score:2)
Intel has talented developers. AMD/ATI not so much.
And yet AMD was able to beat Intel for multiple years with better CPUs. . .
Re: (Score:2)
Re: (Score:2)
Intel has talented developers. AMD/ATI not so much.
And yet AMD was able to beat Intel for multiple years with better CPUs. . .
Indeed. And then there are things like it being the AMD64 architecture or AMD integrating the memory controller years before Intel. The fact of the matter is that AMD has vastly superior CPU designers compared to Intel. The only thing that kept Intel ahead before was their better manufacturing processes and their willingness to screw over their customers security-wise for extra speed.
Re: Glad to see at least AMD can move fast (Score:2)
You forgot ilegal tactics, like bribery.
Re: (Score:2)
True.
Re: (Score:3)
It worked better than IA64.
Re: (Score:2)
Except they haven't fixed anything. Don't get me wrong, Intel's no saint, but AMD wasn't a trailblazer with fixing Spectre related issues either. Both companies had ample notification from Google.
Re: (Score:2)
Shut the fuck up.
Re: (Score:2)
This is the correct answer.
Re: (Score:2)
He was telling the right-wing troll OP to STFU, so maybe you're responding to the wrong one.
There are a bunch of accounts that are trolls based on rslivergun's account [slashdot.org]. It's easy to confuse a troll comment like this with a serious comment that might come from the real poster. Mark all those accounts as foes and then you'll get a little red warning dot and know not to feed the trolls by replying. Also if you are moderating you can know to mod down by default (the post is a troll due to the user name, even if the content isn't).
Re: (Score:2)
Re: Fourth vaccine shot is needed (Score:2)
Re: (Score:2)
Sometimes it just feels good to tell someone to shut the fuck up. Especially when they are being a cocksucker. I know I shouldn't feed the trolls but this one caught me at a weak moment.
Re: (Score:2)
Who the fuck are you. I have your weak moment hanging low and ready to go. Now take your ass back to reddit or whatever rock you crawled out from under.
Re: (Score:2)
Nice To See Competitors Work Together. (Score:2)
This is for the greater good of the customers, and I assume to combat Russia (or whoever it is) that is launching cyber attacks on our companies and government entities.
Re: (Score:2)
Don't believe it. Intel saw yet another vulnerability hit their latest-and-greatest CPUs (including, apparently, Sapphire Rapids, which isn't even out yet!) so they lashed out by trying to find dirt on AMD's CPUs.
So they found a weird edge-case where AMD's Spectre fix didn't work as advertised and made a big deal about it. AMD turns around with a fix in under a month. Life goes on for AMD users.
Corportate Responisiblity (Score:1)
Re: (Score:2)
Outside forces could have found the truth regardless of what AMD or Intel did. It's in both parties interest to cut the problem off as early as possible.
It is the End Of Days! Intel is sharing! (Score:2)
Intel Corp. is sharing information! Next they will, heaven forbid, admit there are security flaws in their CPUs, they they have not mitigated because it would make their CPUs slower and less competitive!
On a more serious note, this is actually good for Intel. They have had so many black eyes, they might as well have Punching Bag written as the corporation motto. So a little sharing, even to the competition, helps their corporate image. Plus, if Intel got caught withhold
Re: (Score:2)
No, Intel Corp is trying to force sysadmins on AMD systems to slow their machines down so the latest Spectre V2 exploits that only affect Intel and ARM machines don't look so bad in comparison.
Too bad it didn't work out for Intel, eh?
Rollback Spectre patches to gain performance? (Score:2)
I am really curious if anyone has tried this - it seems you could gain a lot. I haven't seen any evidence of actual remote exploitation either, so it seems it might be safe for a dedicated gaming PC.
Re: (Score:2)
I kinda wish I could - all these mitigations seem to bring VirtualBox down to about 20% of performance on the metal, versus about 80% beforehand.