AMD senior VP and CTO Mark Papermaster has posted a full and frank update on how AMD’s processors may, or may not, be affected by the Spectre and Meltdown CPU security flaws.
“At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise,” says Papermaster, before going on to update users on three specific known exploits.
First of these is Google Project Zero (GPZ) Variant 1 (Bounds Check Bypass, or Spectre). Variant 1 does affect AMD processors, although “believes” that it can be protected against through an OS patch. Depending on your OS, the patches are going to roll out at different times, with the majority of AMD systems now protected in the current version of Windows. A few older CPUs are causing issues though, including the dreaded Blue Screen of Death, and AMD expects fixes for these AMD Opteron, Athlon, and Turion X2 Ultra CPU families to roll out with a week.
GPZ Variant 2 (Branch Target Injection, or Spectre) also affects AMD CPUs. This attack is still a threat, although AMD reckons its processor architecture makes any vulnerabilities tricky to exploit. AMD has defined a series of process microcodes and OS patches that will aim to mitigate this threat, with the first heading out to Ryzen and EPYC owners next week. Users with older CPUs will receive the updates in the following weeks.
Lastly, there’s GPZ Variant 3 (Rogue Data Cache Load, or Meltdown). GPZ 3 does not affect AMD processors whatsoever and is believed to be restricted to Intel CPUs. “We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.”
So there you have it. It sounds as if AMD is well and truly on top of things here, with two of three security flaws already patched out and third fix to come within a week. All you’ve got to do now is make sure your PC’s up-to-date, including Windows updates and any associated drivers.
You can read Papermaster’s full post for yourself here.