Jump to content
NotebookTalk

Amd and Intel's security flaws and security vulnerabilities. The chosen one ISN'T BETTER THAN THE OTHER.


Papusan

Recommended Posts

Do you remember a few years ago when everyone panicked over a couple of security flaws known as Meltdown and Spectre? These were a new type of security hole altogether, known as speculative execution flaws because they exploit the so-named capability of modern processors. That was back in 2018, and since then, every tech company under the sun has issued patches, firmware updates, and other guidance to mitigate the danger of these attacks.
 
So that's all over and dealt with, right? Well... not exactly. As it turns out, one of the major mitigations deployed against Spectre, known as "retpoline", isn't actually as helpful as we thought. A new flaw, known as "retbleed", has been discovered by researchers at ETH Zurich. Retbleed evades earlier protections against a specific form of the Spectre vulnerability, including machines using the retpoline mitigation..
 
Both AMD and Intel say that they're not aware of anyone making use of these vulnerabilities in the wild, but patches aren't available yet. When they do become available, they may come with a performance hit of as much as 28%. Hopefully some clever coders will come up with a way to mitigate that performance loss.
 
Microsoft try push you over on new hardware so you can enjoy their latest and most secure OS. Same do the HW manufacturers. They know they later have to patch flaws they have added to try optimize for better performance. Give with one hand and then take it back with the other hands. Or just hope you buy their newest and safer products that will suffer same mess after a couple of years. Why not just stop optimize for performance when you know you have to take it back later?
  • Like 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • Papusan changed the title to Amd and Intel's security flaws and security vulnerabilities. The chosen one ISN'T BETTER THAN THE OTHER.
  • 2 weeks later...

Meh... I rather agree with the sentiments expressed in this article:
https://www.extremetech.com/computing/337005-researchers-found-an-unpatchable-security-flaw-in-apples-m1-and-you-probably-dont-need-to-care

 

The amount of energy and drama expended seems out of proportion to the actual risks, and mainly only serves to keep IT professionals and tech writers employed as far as I can see. How many people do you know who have been impacted by any of these things? Over the entirety of the past decade, I know one person who got a minor virus, one person who was targeted by a social hack with no ill-results, and two people who have had their WhatsApp accounts hacked (and well, if you're still using WhatsApp, lol...). Social engineering is by far the most common form of attack these days, and renders most of the underlying technical issues completely moot.

  • Thumb Up 2
Link to comment
Share on other sites

2 hours ago, Ishatix said:

Meh... I rather agree with the sentiments expressed in this article:
https://www.extremetech.com/computing/337005-researchers-found-an-unpatchable-security-flaw-in-apples-m1-and-you-probably-dont-need-to-care

 

The amount of energy and drama expended seems out of proportion to the actual risks, and mainly only serves to keep IT professionals and tech writers employed as far as I can see. How many people do you know who have been impacted by any of these things? Over the entirety of the past decade, I know one person who got a minor virus, one person who was targeted by a social hack with no ill-results, and two people who have had their WhatsApp accounts hacked (and well, if you're still using WhatsApp, lol...). Social engineering is by far the most common form of attack these days, and renders most of the underlying technical issues completely moot.

true, drama sells clicks n views. but still, better to be aware than be caught off guard.

  • Thumb Up 3

Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022-24)
AMD Ryzen 9 7950X (custom TG IHS) / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / Teamgroup T-Force Delta RGB DDR5-8200 2x24 GB / Seagate Firecuda 530 4 TB / 5x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 (Push/Pull 6x Noctua NF-A14 IndustrialPPC-3000 intake) / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG (3x Arctic P12 A-RGB intake / 4x Arctic P14 A-RGB exhaust / 1x Arctic P14 A-RGB RAM cooling) / Samsung Odyssey Neo G8 32" 4K 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB / PDP Afterglow Wave Black

 

My Lady's: Clevo NH55JNNQ "Alfred" (2022-24)
Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel Core i5 12600 / Nvidia Geforce RTX 3070 Ti / Mushkin Redline DDR4-3200 2x32 GB / Samsung 970 Pro 1 TB / Samsung 870 QVO 8 TB / Intel AX201 WIFI 6+BT 5.2 / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod!

Link to comment
Share on other sites

  • 5 months later...

It seem AMD collect¬†vulnerabilities¬†and prefer push out patches after they have released new products. This time patched only 31 vulnerabilities¬†ūüôā

 

And yes, Intel follows the same path. But stop the talk about who is best in the class. They are both equal dishonest and both have to implement vulnerabilities to make their products to show better perfomance. Then they have to fix their own created mess with patches after they have been discovered with the panths down. This is classic. Give something with the left hand then backtack it later with the right hand. They should stop implement code to show their products in better lights. 

 

On 7/26/2022 at 10:45 PM, jaybee83 said:

true, drama sells clicks n views.

Not alwaysūüė鬆AMD try avoid drama. Drama can reduce salesūüė鬆They usually hide what is patched in newer firmware. And they don't patch before they have to.

 

"AMD quietly divulged 31 new CPU vulnerabilities" in a January update, spanning its Ryzen chips for consumers and the EPYC data center processors. The vulnerability update also includes a list of AGESA versions, with mitigations for the impacted processors. 

 

Quetly fix the vulnerabilities then throw it out. The end results will sometimes end as this.. Angry owners of their modern HW.

image.png.95608d960cc4c85aceed45870b829b2f.png. 

  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 6 months later...

AMD 'Zenbleed' Bug Allows Data Theft From Zen 2 Processors, Patches ComingA huge Zen 2 leak requires a patch.

 

[Update 9:15am PT: AMD told us that patches to prevent Zenbleed are available for its EPYC Rome processors, but hasn't said if they are available for the impacted consumer Ryzen CPUs. AMD also hasn't given an ETA for patches for Ryzen chips or responded to our questions about potential performance impacts from the Zenbleed patches. We're still working to learn more.]

 

The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000 CPUs, allowing the theft of protected information from the CPU, such as encryption keys and user logins. The attack does not require physical access to the computer or server and can even be executed via javascript on a webpage.

 

Update. AMD's statement implies there will be some performance impact from the patches, but we'll have to conduct independent benchmarks when the patches arrive for the consumer Ryzen products. In the meantime, we've asked AMD for any ballpark figures it can share.

 

 

According to Ormandy, all Zen 2 CPUs are impacted, including the EPYC Rome processors:

  • AMD Ryzen 3000 Series Processors
  • AMD Ryzen PRO 3000 Series Processors
  • AMD Ryzen Threadripper 3000 Series Processors
  • AMD Ryzen 4000 Series Processors with Radeon Graphics
  • AMD Ryzen PRO 4000 Series Processors
  • AMD Ryzen 5000 Series Processors with Radeon Graphics
  • AMD Ryzen 7020 Series Processors with Radeon Graphics
  • AMD EPYC ‚ÄúRome‚ÄĚ Processors

 

Not what the fanboys want to hear. But the AMD engineers is spot on.... from the security bulletins.  "Any computer system" has risks of security vulnerabilities that cannot be completely prevented or mitigated. 

 

And nice to see that AMD don't bother release a new patch before end of 2023 for their consumer chips. This means you still can have the same Cpu performance another 4 or 5 months ūüôā

  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 3 weeks later...
The Red pill.....
AMD is not aware of any Inception exploits outside of security research circles.

 

AMD 'Inception' Vulnerability Affects Zen 3 and 4

 

Unfortunately for AMD and its users, Inception affects the latest AMD Ryzen processor families based on Zen 3 and Zen 4 cores ‚ÄĒ across data center, desktop, HEDT, and mobile. However, we must be thankful that, as details of Inception go live, mitigations are in the pipeline.

 

 

The Blue pill.....

Sky Lake through Tiger Lake/Ice Lake affected.
 

Intel 'Downfall' Bug Steals Encryption Keys, Data From Years of CPUs

 

A new security vulnerability, called Downfall, was revealed today by Intel and the researcher who discovered it, Daniel Moghimi. The new attack uses Gather Data Sampling to steal data and other sensitive information from other users on a computer with Intel processors from 2015 through 2019 ranging from sixth gen Skylake through eleventh gen Rocket Lake and Tiger Lake.

  • Thumb Up 2

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

One more.... But for older Zen chips.  AMD Zen 1 Vulnerability Emerges, Dividing by 0 Can Leak Sensitive Data

 

Despite the fact that AMD's Zen 1 architecture is immune to the recent 'Inception' vulnerability affecting modern Zen 3 and Zen 4 CPUs, another vulnerability has been found that affects Zen 1 CPUs specifically. According to a report by Phoronix, a new Zen 1 vulnerability was found that can release potentially sensitive data if the CPU divides an integer calculation by the number 0 in Linux operating systems.

 

Thankfully the issue appears to be Linux-specific and does not affect Windows operating systems. Plus the vulnerability is already being actively patched for Linux users. However, the same cannot be said of the two other vulnerabilities affecting modern AMD CPUs and Intel CPUs, Inception and Downfall, right now.

  • Thumb Up 2

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

Yep. You'll never get what you paid for. Scummy. First they offer better performance then later they'll have to take it back. 

 

The Blue pill.

AMD's Inception Fix Causes Up to 54% Performance Drop

 

 

 

 

And here is AMD's second problem..... It's Zen time ūüôā¬†Maybe 3rd time have it's¬†charm.

 

Red exclamation point in a triangle above 1's and 0's.
  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 2 months later...

CPU VULNERABILITY Intel is said to have known about Downfall as early as 2018

Plaintiffs accuse Intel of having known about security problems five years ago, which ultimately led to Downfall.....

  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • Thumb Up 1
  • Like 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 2 months later...

A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data

Some affected devices have already been patched, but many more are still vulnerable...
 
Based on extensive research, the group found GPUs made by AMD, Apple, and Qualcomm are vulnerable to this attack. Researchers could not find flaws in Intel, Nvidia, Arm, or Imagination GPUs....
  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 4 weeks later...

AMD discloses slew of high severity security vulnerabilities for Zen chips that attack BIOS chips ‚ÄĒ updates aim to patch bugs, finally fix Zenbleed

 

Update your BIOS ASAP. Hmmm. Here as well. Follow same procedure as with Windows security patches. Don't be the guinea pig.

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 1 month later...

Yup. Everyone hoped that Apple could make it better than Intel. 

 

The security analysts confirmed the exploit, dubbed GoFetch, works on M1 CPUs and speculate that it likely also impacts M2 and M3 chips and their Pro and Max variants. Intel's 13th-generation Raptor Lake processors also exhibit the flaw that enables GoFetch but are probably unaffected.

 

giphy.gif

 

Unpatchable Apple Silicon vulnerability could leak encryption keys

In brief: Hardware-based security flaws have become more frequent over the last several years but have mostly affected Intel and AMD processors. Now, Apple joins those ranks with a recently discovered vulnerability that causes Mac M-series CPUs to expose encryption keys. Since it is hardware-based, there is little users can do besides keeping macOS updated.
  • Thumb Up 1

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • 1 month later...

AMD finally patches gaping Zenbleed security hole ‚ÄĒ MSI releases AGESA 1.2.0.Ca BIOS update for Zen 2

 

AMD did not state if this new security update impacts performance. When we tested Zenbleed fixes previously, we found that while gaming was unaffected, other performance could drop as much as 15%.

"The Killer"  ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors |

 

                                               Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
√ó
√ó
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use