top | item 21978609

(no title)

c256 | 6 years ago

There are a couple of these MDS vulnerabilities that also exist on AMD, but the vast majority are Intel-specific. Thanks not to say that people won’t find some on AMD, but a) they haven’t yet, b) there are at least some that are much less likely on AMD than Intel, and c) the greater number of cores and channels is likely to make practical problems even less likely. Some of this also applies to ARM.

discuss

zrm|6 years ago

Spectre is basically a new variant in the longstanding category of timing attacks on hardware. There are things hardware vendors may be able to do to limit the impact, but it's just something software developers are going to have to learn to live with, like cache timing attacks. You mostly fix it by making the software different, not the hardware, because the performance benefits of having caches or speculative execution are too large to abandon in general.

Intel's trouble is that they're doing that kind of speculation across more security boundaries, which not only makes the attack more powerful (e.g. reading memory from the kernel/hypervisor or another process/VM instead of the active one), it also makes the mitigations more expensive. The benefits of speculative execution in those specific cases aren't worth the cost, but CPUs have a long lead time, so they're still selling silicon where that isn't fixed.

And then losing more performance to the mitigations than they gain from the speculative execution while enabling a greater attack scope for any software that doesn't implement the mitigations properly (or at all).