https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/
Updated as recently as today. Again states that AMD is un-effected by Meltdown.
Sound like you are referring to Spectre. Can you link the specific document in question?
https://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/Not accurate.
In fact AMD archs also do not bother to check if the speculatively executed memory access request is valid. You can read it in meltdownattack site's document in p.6.4. Threre is a theoretical possibility to configure the attack that way that leakage can be performed also on AMD's archs by one or other way. But in fact AMD's server share in so low, that attacks on AMD hardware is near zero chances.
Well, the meltdown attck is easily noticeble. Because of CFLUSH-RELOAD scheme the L1/L2/L3 will be constantly resetted and you will experience the massive slowdowns on affected CPU core. As well other cores also will be slowed because of massive mem. controllers overload caused by this attack. And the rate of memory leakage is 503KB/sec. To dump the 4GB pool of RAM it will take near three hours. from the sandbox - maybe even more. The examples showing if sysytem is affected by flaws the exploit EXACTLY knows the adresses where to look for the data. In real usage the exploit will need to scan almost WHOLE memory, that will be changed from time to time.Web browsers apps are exactly that - you run the apps in a sandbox with strictly controlled access. People are always going to dodgy web sites and hence running dodgy browser apps - if they can break out of the sandbox using one of these flaws then they can take over their machine. Hence yes it can effect home users.
https://meltdownattack.com/meltdown.pdfhttps://www.welivesecurity.com/2018/01/05/meltdown-spectre-cpu-vulnerabilities/
Updated as recently as today. Again states that AMD is un-effected by Meltdown.
Sound like you are referring to Spectre. Can you link the specific document in question?
6.4 Limitations on ARM and AMD We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.
From http://www.amd.com/en/corporate/speculative-executionGPZ Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.
- We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
At the very beginning we heard that AMD processors are not affected by all three attacks at all.That is old news as part of the original announcement. It's been challenged and as of the end of last week AMD posted.
AMD never said it wasn't susceptible to Spectre 1 and 2. Their first statements were clear. 1 They were suseptable to and 2 they were suseptable to but that design wise they considered it a near zero risk. But 2 can be patched for and they did so. Just because they patched for a near zero risk exploitation doesn't mean the threat was higher.At the very beginning we heard that AMD processors are not affected by all three attacks at all.
Soon after AMD admits that, well Spectre 1 attack is possible for perform, Spectre 2 attack is "near zero risk"
Now Spectre 2 attack is possible.
Since the publishing the initial research NO fundamental reasearch were performed to make a AMD archs to be exploitable. because the memory space separation was already patched.
Tell me - WHO provided the deep analysis& except for the AMD PR's who primarily denies even the Spectre 1 and 2 threats.
At the very beginning we heard that AMD processors are not affected by all three attacks at all.
Soon after AMD admits that, well Spectre 1 attack is possible for perform, Spectre 2 attack is "near zero risk"
Now Spectre 2 attack is possible.
Since the publishing the initial research NO fundamental reasearch were performed to make a AMD archs to be exploitable. because the memory space separation was already patched.
Tell me - WHO provided the deep analysis& except for the AMD PR's who primarily denies even the Spectre 1 and 2 threats.
I doubt that, if BIOS/OS level is not enough, then any malicious code inside their VM can compromise the entire machine. Either the BIOS/OS patches are necessary and enough, or there is no fix for this and it all depends on the security of the software you are running.