Announcement

Collapse
No announcement yet.

AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #21
    Originally posted by Jumbotron View Post
    So...with all this talk about microcode fixes for Ryzen/Epyc what about Excavator/Bulldozer arch and APU's like Carrizo/Bristol Ridge?
    Well, just read it

    AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.
    "Coming weeks" usually means "next month plus or earlier" That could be only updates or maybe optional microcodes or maybe not

    Most severe issue actually people sees not with these vulnerabilites but with Windows updates , here AMD seems bricked a lot of old Athlon/Opteron/Sempron/Turions/*

    https://answers.microsoft.com/en-us/...8c88f36?auth=1

    So don't worry, just keep it up to date

    Originally posted by RussianNeuroMancer View Post
    AMD, please fix this: https://bugzilla.kernel.org/show_bug.cgi?id=196683
    After they brick enough old machines, they are coming to get you Ryzen seems so powerful, so it does not like idling around

    edit: sorry for the noise, after reading this AMD's notice I started reading these MS Windows issues for some reason and couldn't stop laughing
    Last edited by dungeon; 12 January 2018, 03:08 PM.
    • Likes 1

    Comment

    • #22
      ugg its all too confusing, I'm going back to a Cyrix CPU, better safe then sorry....
      • Likes 1

      Comment

      • #23
        Originally posted by Almindor View Post
        Add another vulnerability for INTEL this time: https://arstechnica.com/information-...ment-firmware/

        In words of w40k orks: 'ere we go 'ere we go!

        I wonder what the total tally of side-channel and "management engine" hacks are going to be in the end!
        It's not a "vulnerability". It's a default password on a feature (AMT/vPro) you have to specifically order when getting a PC. Any IT department that doesn't change it deserves to be compromised...

        This is like claiming that a BIOS is vulnerable because it's not password-protected by default and allows an attacker with physical access to boot something malicious
        • Likes 4

        Comment

        • #24
          Wonder if Canonical will delay 18.04 to come with Linux 4.16 and GCC 8.0..

          Comment

          • #25
            Originally posted by tessio View Post
            Wonder if Canonical will delay 18.04 to come with Linux 4.16 and GCC 8.0..
            They delayed LTS only once 12 years ago, so likely no but still possible Regardless, i think kernel unlikely but still might be bumped, while GCC 8 no way.
            Last edited by dungeon; 12 January 2018, 06:29 PM.
            • Likes 1

            Comment

            • #26
              Originally posted by nomadewolf View Post

              AND IF YOU WANT A GIRLFRIEND ADD foreveralone TO BOOT PARAMETERS
              isnt "foreveralone" a given for Linux users.

              • Likes 1

              Comment

              • #27
                Originally posted by numacross View Post

                It's not a "vulnerability". It's a default password on a feature (AMT/vPro) you have to specifically order when getting a PC. Any IT department that doesn't change it deserves to be compromised...

                This is like claiming that a BIOS is vulnerable because it's not password-protected by default and allows an attacker with physical access to boot something malicious
                You do realize that feature is always there, that only some BIOS-es expose this? I wonder if this default password is usable on ALL the CPUs given they find what the interface to put it in actually works like.

                Even if they "dodged the bullet" with that and it wasn't the case the whole intel ME/amd PSP thing is ludicrous. I am willing to bet $5 (will pay in crypto) that there will be at least 3 more vulnerabilities found with intel ME or amd PSP before the end of 2018.
                • Likes 2

                Comment

                • #28
                  Originally posted by tessio View Post
                  Wonder if Canonical will delay 18.04 to come with Linux 4.16 and GCC 8.0..
                  All distros should be doing so. Tha Last thing we need is rushed in place fixes.
                  • Likes 1

                  Comment

                  • #29
                    Originally posted by Almindor View Post
                    You do realize that feature is always there, that only some BIOS-es expose this? I wonder if this default password is usable on ALL the CPUs given they find what the interface to put it in actually works like.
                    If there's no AMT enabled in ME then getting to MEBx won't give you anything useful. Some BIOSes (like old C2D HP) were patched for this very issue a long time ago. If they have a BIOS password configured they will ask for it before invoking MEBx. Dell's BIOSes can turn off the Ctrl+P shortcut.

                    HWiNFO on Windows has a good way to check what your ME is capable of. In Motherboard - Intel ME you can see:
                    • Full Network Manageability (this is VNC-capable VPro)
                    • Standard Network Manageability (this is remote power control, remote Serial-over-LAN, remote IDE/ISO redirection)
                    • Manageability (AMT)
                    • Small Business Advantage (for older versions)
                    If any of those is "Capable" then getting to MEBx without BIOS authorization will be potentially a problem.

                    I do not know if there's a comparable "detection tool" on Linux though.

                    Originally posted by Almindor View Post
                    Even if they "dodged the bullet" with that and it wasn't the case the whole intel ME/amd PSP thing is ludicrous. I am willing to bet $5 (will pay in crypto) that there will be at least 3 more vulnerabilities found with intel ME or amd PSP before the end of 2018.
                    Of course, it's cost-cutting time-to-market rush in all of those products


                    Comment

                    • #30
                      Originally posted by numacross View Post

                      It's not a "vulnerability". It's a default password on a feature (AMT/vPro) you have to specifically order when getting a PC. Any IT department that doesn't change it deserves to be compromised...

                      This is like claiming that a BIOS is vulnerable because it's not password-protected by default and allows an attacker with physical access to boot something malicious
                      Exactly! If anyone has a problem with passwords, it's not Intel but Apple: https://www.maketecheasier.com/anoth...rd-screen-bug/

                      Comment

                      Previous 1 2 3 4 template Next
                      Working...
                      X