I indeed did not understand it right. There are currently three demonstrated ways to do a Spectre attack. AMD is quite fine ("near zero risk") after a kernel patch solves one of these ways (which can therefore be solved through a software update, unlike the other ways): https://www.amd.com/en/corporate/speculative-execution

However, https://spectreattack.com/spectre.pdf says:

Further attacks can be designed by varying both the method of achieving speculative execution and the method used to leak the information. Examples of the former include mistraining return instructions or return from interrupts. Examples of the latter include leaking information through timing variations or by generating contention on arithmetic units.

It looks like all modern processors (including AMD's) will be at risk. Without a way to solve the problem through software updates.

Well, in each case it would appear that exploiting spectre is quite tough and to my understanding nowhere near as grave as meltdown.

Well, Meltdown is grave (any data in the RAM can be read at a rather high speed)... but can be solved once and for all with the KPTI patch (accepting performance regressions). A Spectre attack only allows to read data in the kernel space (but there are private keys there!) at a slower speed (50 times slower than Meltdown according to the original publications). Nevertheless, it basically affects all processors in use and cannot be entirely solved by software update. In the medium/long term, it looks far more problematic than Meltdown: to be immune, everybody will have to throw their current hardware and spends money on a newer processors that do not exist yet!

Reply via email to