Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
AMD Security IT Technology

AMD Releases Spectre v2 Microcode Updates for CPUs Going Back To 2011 (bleepingcomputer.com) 54

Catalin Cimpanu, writing for BleepingComputer: AMD has released CPU microcode updates for processors affected by the Spectre variant 2 (CVE-2017-5715) vulnerability. The company has forwarded these microcode updates to PC and motherboard makers to include them in BIOS updates. Updates are available for products released as far as 2011, for the first processors of the Bulldozer line. Microsoft has released KB4093112, an update that also includes special OS-level patches for AMD users in regards to the Spectre v2 vulnerability. Similar OS-level updates have been released for Linux users earlier this year. Yesterday's microcode patches announcement is AMD keeping a promise it made to users in January, after the discovery of the Meltdown and Spectre (v1 and v2) vulnerabilities.
This discussion has been archived. No new comments can be posted.

AMD Releases Spectre v2 Microcode Updates for CPUs Going Back To 2011

Comments Filter:
  • by QuesarVII ( 904243 ) on Wednesday April 11, 2018 @01:43PM (#56419217)
    Sandy bridge Intel still hasn't been patched, and that's only a few years old.
    • by darkain ( 749283 )

      Exactly this. Intel basically only pushed patches for 2 years of CPUs. The only architectures "older" that have patches are ones that still have newer CPUs being built on top of them, like the Xeon-D line.

    • Re: (Score:1, Informative)

      by Anonymous Coward

      Stop lying. Almost everything newer than Core 2 Duo is already patched on Intel side.

      https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

  • What about my 486DX-40?

  • Now to apply it to my desktops

  • It's worth noting AMD has said that Spectre 2 is virtually impossible to exploit on the Zen architecture. Even AMD engineers were unable to create a working exploit for it. Of coarse, they still have to release a patch for it to be on the safe side.

  • by citylivin ( 1250770 ) on Wednesday April 11, 2018 @04:00PM (#56420081)

    Theres no way in hell i am taking a 30% performance decrease because of some theoretical memory exploit..

    I have been purposely avoiding any 2018 firmwares for just this reason!

    But it would be nice to get a confirmation of my bias as things may have changed. Even a 10% performance hit would be not worth it imho. So some rogue process can read a random part of the computers memory. I'm sure some clever person will figure out a way to exploit it, but I am not buying the hype that this is a super big deal at the current time.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Spectre variant 2 even when mitigated by software-only workarounds has almost no performance penalties.

      It's variant 3 (Meltdown) which is Intel-only that has from almost no (gaming) to huge (heavy I/O like Redis which gets almost halved performance) impact.

    • No these patches cause no noticeable change in speed. What you're thinking of is the meltdown patch that requires kernel page table isolation. That causes a 5-20% hit depending on application with nearly all applications that a normal user can expect falling below the 10% mark.

      To be clear the is no patch for any of the spec exec bugs that hits 30% penalties in anything other than synthetic benchmarks on that specific worst off case on very specific subset of CPUs.

      You'll be fine, not only with this patch but

  • will supermicro update there old 6XXX boards

  • by manu0601 ( 2221348 ) on Wednesday April 11, 2018 @08:57PM (#56421645)

    There is no patch for pre-2011 CPU, but are they vulnerable? If I understand correctly, Spectre stems from optimization that are present in recent CPU.

    Do we have a list of affected AMD processors?

Those who do things in a noble spirit of self-sacrifice are to be avoided at all costs. -- N. Alexander.

Working...