The chip designer AMD has said its forthcoming Zen 2 processors will include safeguards against the Spectre flaws.
In an earnings call yesterday, AMD CEO Lisa Su said that starting with the release of its Zen 2 PC and server chips, expected around 2019, AMD would make changes to mitigate attacks exploiting Spectre-related flaws in its CPUs.
“Longer term, we have included changes in our future processor cores, starting with our Zen 2 design, to further address potential Spectre like exploits,” she said.
“We continue to collaborate closely with the industry on these vulnerabilities and are committed to protecting AMD users from these and other security threats as they arise.”
SEE: Incident response policy (Tech Pro Research)
Spectre and Meltdown are vulnerabilities in modern chip design that could allow attackers to bypass system protections on nearly every recent PC, server and smartphone-allowing hackers to read sensitive information, such as passwords, from memory.
Existing AMD processors are vulnerable to attacks exploiting both variants of the Spectre vulnerability. However, AMD chips are not at risk from attacks exploiting the Meltdown vulnerability, which only affects Intel, Apple and one type of Arm-based processors.
In the near term, Su said that AMD would continue to work with other tech vendors to deploy software patches and firmware updates to reduce the risk from Spectre-related attacks.
“For Spectre Variant 1, we continue actively working with our ecosystem partners on mitigations, including operating system patches that have begun to roll out,” she said.
“We continue to believe that Variant 2 of Spectre is difficult to exploit on AMD processors. “However, we are deploying CPU microcode patches that in combination with OS updates provide additional mitigation steps.”
Intel CEO Brian Krzanich recently said the chip maker is working on a new design for processors that would incorporate “silicon-based changes” to mitigate the threat posed by the Spectre and Meltdown vulnerabilities.
However, the extent to which AMD and Intel will be able to eliminate these vulnerabilities is less clear.
The Spectre vulnerability exploits a fundamental feature of modern CPUs, specifically their use of Branch Prediction and Speculative Execution to accelerate the rate at which they operate.
It remains to be seen whether AMD and Intel will be able to redesign their processors to nullify the risk from Spectre without having a significant impact on performance.
Earlier Intel firmware updates to address variant 2 of the Spectre vulnerability has been shown to have a varying effect on processor performance, with the most significant impact being on server workloads that “incorporate a larger number of user/kernel privilege changes”.
Apart from the performance issues, patches and firmware updates against Spectre and Meltdown have caused various crashes and instability in PCs and servers.
- Intel: Don’t install our Spectre fix, risk of unwanted reboots is too great (TechRepublic)
- Intel chips have critical design flaw, and fixing it will slow Linux, Mac, and Windows systems (TechRepublic)
- 26% of organizations haven’t yet received Windows Meltdown and Spectre patches (TechRepublic)
- Meltdown-Spectre: More businesses warned off patching over stability issues (ZDNet)
- Intel halts some chip patches as the fixes cause problems (CNET)
- Spectre flaw: Dell and HP pull Intel’s buggy patch, new BIOS updates coming (ZDNet)
- Spectre-Meltdown glitches: Intel warns that new PCs, servers also risk unexpected reboots (TechRepublic)
- This fake Spectre/Meltdown patch will infect your PC with malware (TechRepublic)
- Spectre and Meltdown: Insecurity at the heart of modern CPU design (ZDNet)
- How to protect yourself from Meltdown and Spectre CPU flaws (CNET)