As a result, AMD has decided to release a security update for its processors which addresses ‘GPZ Variant 2’. This the branch target injection version of Spectre which is difficult but not impossible on AMD processors. “While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat,” said Mark Papermaster, CTO of AMD. “We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.” “AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks.” AMD will make the updates available through ‘system providers and OS vendors’, with Linux patches rolling out already.
Spectre Variant 1
AMD processors are also vulnerable to the first Spectre variant, a Bounds Check Bypass. However, AMD believes OS patches are enough to mitigate this. These are the patches introduced by Microsoft that led to bluescreens on some PCs. The issue arose due to anti-virus software, and Microsoft has halted the roll out as a result. However, AV vendors have been working to add a registry key that will enable updates for AMD-based PCs. Thankfully, Meltdown doesn’t seem to affect AMD processors at all. Privilege-level protections with paging architecture mean they aren’t susceptible. “We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats,” ends Papermaster.