AMD logo

AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.

In addition, because of repeated questions regarding the status of its GPU products, Mark Papermaster, AMD Senior Vice President and Chief Technology Officer, clarified that AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to either the Meltdown or Spectre flaws.

AMD's status on Meltdown (CVE-2017-5754)

AMD reiterated once more that its CPUs are not vulnerable to the Meltdown bug due to different design choices it made.

AMD's status on Spectre flaw #1 (CVE-2017-5753)

AMD says its processors are vulnerable but an OS-level patch is enough to mitigate this flaw.

Both Linux and Microsoft have started deploying operating system updates for this issue, albeit some Windows users reported BSOD errors earlier in the week, which led Microsoft to pause the rollout of the Spectre #1 patch for the time being.

AMD says that only AMD Opteron, Athlon and AMD Turion X2 Ultra families were affected by these BSOD errors.

"We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week," Papermaster said.

AMD's status on Spectre flaw #2 (CVE-2017-5715)

Just like for Intel CPUs, AMD processors will also require a microcode update to fix this issue. Intel has already started releasing microcode updates for Intel CPUs running Linux.

AMD says it will make optional microcode updates available to customers and partners for Ryzen and EPYC processors starting this week, and for previous CPU generations in the coming weeks.

"These software updates will be provided by system providers and OS vendors," Papermaster said, "please check with your supplier for the latest information on the available option for your configuration and requirements."

AMD also said it's working with the Linux community on implementing a coding technique invented by Google named "return trampoline" (Retpoline), which is said to mitigate this Spectre flaw.

Related Articles:

Researchers Detail New CPU Side-Channel Attack Named SpectreRSB

Changes in WebAssembly Could Render Meltdown and Spectre Browser Patches Useless

Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

Backdoor Mechanism Discovered in VIA C3 x86 Processors

New NetSpectre Attack Can Steal CPU Secrets via Network Connections