We noticed that some of our users believe that the recently revealed speculative execution vulnerability / CPU cache timing attack only affects Intel CPUs. While Intel CPU seem to be the ones most vulnerable, it is important to note that AMD and ARM CPUs are also vulnerable to this attack which gives the attacker full read access to the entire memory.
There are currently three variants of the speculative execution vulnerability attack and they are all equally devastating. The majority of Intel CPUs are vulnerable to the three attack variants currently known. AMD’s CPUs are vulnerable to the 1st variant (and – theoretically – the 2nd variant) but not the third. Only a small-but-widely-used subset of ARM CPUs are vulnerable to any of the three variants.
You can find the official statements from the three major chip makers below:
AMD’s Statement:
"There has been recent press coverage regarding a potential security issue related to modern microprocessors and speculative execution. Information security is a priority at AMD, and our security architects follow the technology ecosystem closely for new threats.
"It is important to understand how the speculative execution vulnerability described in the research relates to AMD products, but please keep in mind the following:
- The research described was performed in a controlled, dedicated lab environment by a highly knowledgeable team with detailed, non-public information about the processors targeted.
- The described threat has not been seen in the public domain.
"When AMD learned that researchers had discovered a new CPU attack targeting the speculative execution functionality used by multiple chip companies’ products, we immediately engaged across the ecosystem to address the teams’ findings.
"The research team identified three variants within the speculative execution research. The below grid details the specific variants detailed in the research and the AMD response details.
Variant / AMD Response Matrix
Google Project Zero (GPZ) Research Title | Details | |
Variant One | Bounds Check Bypass | Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected. |
Variant Two | Branch Target Injection | Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date. |
Variant Three | Rogue Data Cache Load | Zero AMD vulnerability due to AMD architecture differences. |
"As the security landscape continues to evolve, a collaborative effort of information sharing in the industry represents the strongest defense.
"Total protection from all possible attacks remains an elusive goal and this latest example shows how effective industry collaboration can be.
"As always, AMD strongly encourages its customers to consistently undertake safe computing practices, examples of which include: not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates."
Intel’s Statement:
"Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
"Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices -- with many different vendors' processors and operating systems -- are susceptible to these exploits.
"Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.
"Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.
"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.
"Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers."
ARM’s Statement:
"Based on the recent research findings from Google on the potential new cache timing side-channels exploiting processor speculation, here is the latest information on possible Arm processors impacted and their potential mitigations. We will post any new research findings here as needed.
"Cache timing side-channels are a well-understood concept in the area of security research and therefore not a new finding. However, this side-channel mechanism could enable someone to potentially extract some information that otherwise would not be accessible to software from processors that are performing as designed. This is the issue addressed here and in the Cache Speculation Side-channels whitepaper.
"It is important to note that this method is dependent on malware running locally which means it's imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads.
"The majority of Arm processors are not impacted by any variation of this side-channel speculation mechanism. A definitive list of the small subset of Arm-designed processors that are susceptible can be found below."
(Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73 and Cortex-A75)