News Intel roasts AMD and Nvidia in its latest product security report, says AMD has 78 vulnerabilities with no fix planned, Nvidia has only high-severi...

[Pierce2623]

Smells like AMD boasting about AI performance over nVidia and getting hammed for it. Stay in your lane companies!

That never happened. Nvidia posted some BS charts using CUDA on Nvidia but using Vulkan instead of ROCm on the AMD parts. All Nvidia did was themselves look like liars.

 

[lmcnabney]

AMD's issues require the attacker to have Local Admin access. Seriously, if a threat has Local Admin privileges you have so much more to worry about than the ability to load some microcode on the processor.

 

[waltc3]

Such comments are ludicrous and smack of absolute desperation.

 

[nogaard777]

Isn't it though? Intel is arguing that if security is important to you when shopping, Intel should get some points for it. As I recall, AMD similarly jabbed Intel during the Spectre days. (And I believe a similar though less-severe vulnerability was found in AMD CPUs just a short time later.)

Which was really ironic because Specter and Meltdown ALSO effected AMD just to a lesser extent. Intel deserves a lot of the flak they receive, but it doesn't take a genius to see forums, articles, and comments are rife with the AMD fanboys that pretend AMD has no issues. AMD has seen more than a handful of vulnerabilities that effected the ENTIRE Zen line but no one reports on it unless you're specifically working with security. One was just this last month.

As I DO deal with security AMD has more vulnerabilities than Intel. It's just a fact. It doesn't mean they're bad chips, but as far as security goes Intel actually is better.

 

[nogaard777]

AMD's issues require the attacker to have Local Admin access. Seriously, if a threat has Local Admin privileges you have so much more to worry about than the ability to load some microcode on the processor.

So does Intel's. If you're going to run fanboy defense for AMD probably shouldn't use a double standard.

 

[nogaard777]

Most likely written by their marketing department. The marketing people usually have no clue on anything related to technology, nor do they really understand what they are talking about. But they are getting paid to make it sound really big and great.

BS. This is a report Intel puts out regularly even telling on THEMSELVES. To call it marketing is laughably stupid and just shows you're an AMD fanboy because you didn't like the results.

Intel HAS to be fully open when it comes to security when they have so much hardware in government and big businesses. Hiding their deficiencies would be tantamount to suicide.

 

[nogaard777]

This must be satire, Intel was destroyed by the Spectre flaws, and that’s how they had such a great performance lead. Once it was public knowledge they had to re-think their core designs, and this is how they ended up what they are today.

Someone forgot AMD was ALSO effected by spectre. Or did AMD not tell you that?

 

[rluker5]

The low hanging fruit vulnerabilities have been found. The ones uncovered these days are obscure and need admin access/ physical access to exploit. The chances of them being used are slim (never say never) but if someone was able to use the exploit your pc/server is hosed already.

Google revealing that they have discovered a bug in the ųcode, think about this - the ųcode bug goes back to zen, first gen servers, it’s been there for coming up to 10 years. It shows how deeply the researchers are digging to find “insecurities”. I can’t say that I agree with not fixing bugs, it may be that they are all but impossible to fix or it might be that they are all but impossible to exploit. I don’t know enough to say. Intel or AMD we will have to trust their judgement.

One of the ones AMD is ignoring is SQUIP: https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/ (article), https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1039.html (details from AMD, and don't worry, Zen 5 will probably be added to the list in a while).

Which works through javascript in Firefox and across different browser windows: https://stefangast.eu/papers/javasquip.pdf .

This one doesn't need local access. Maybe some of the other 77 no fix planned vulnerabilities also are functional on a remote basis.

Edit: I keep bringing this one up because it peeves me that AMD is just letting it sit out there with no apparent plans to fix it. I bet one of my banks uses Epyc based servers and Ryzen CPUs. Banks have a lot of money. I also have money on E-Trade. Businesses like that could be a target.

 

[lmcnabney]

So does Intel's. If you're going to run fanboy defense for AMD probably shouldn't use a double standard.

The items that Intel hasn't fixed yet are like AMD's. They ones they have fixed were much worse.

 

[SyCoREAPER]

Meanwhile Intel can't make a GPU anyone would take for free and AMD who was the budget Intel is destroying them.

More like a sour loser.

 

[jkhoward]

Someone forgot AMD was ALSO effected by spectre. Or did AMD not tell you that?

I know there are, but one variant, not all, and performance didn’t rank like it did for Intel. Did Intel forget to YOU that?

 

[Nikolay Mihaylov]

Was this published just ahead of the latest Intel vulns disclosure?

https://www.phoronix.com/news/Intel-Microcode-20250211

 

[Nikolay Mihaylov]

Which was really ironic because Specter and Meltdown ALSO effected AMD just to a lesser extent.

Yes. To the extent that AMD CPUs were not vulnerable to Meltdown at all! Which was a big deal, because the fix was to introduce kernel address space isolation, which had a decent performance hit.
I don't know how they do it nowadays. Modern CPUs have Process Context Identifier (PCID) support which is supposed to obviate the need for a TLB flush on context switch. But I though this is mostly useful for virtual machines, because of the limited number of IDs - 4096.

 

[eldakka1]

To the naysayers who posted above...

You can't just say no it isn't and call that an argument

Naa uhh, can too!

 

[Peksha]

Hiding their deficiencies would be tantamount to suicide.

This is exactly what Intel does.

 

[dalek1234]

Intel, shut up. No one is listening to you anymore.

 

[Ferlucio]

Sounds like something someone says a week before a major security exploit of theirs gets used to wreak major damage.

 

[sleepless01]

I mean who is intel. what do they make. asking for a friend.

 

[KyaraM]

Do the AMD fanboys in this thread even realize how ridiculous they sound? Just because YOU hate Intel and think AMD is the absolute perfect goodness incarnate and completely flawless doesn't make it true, it doesn't mean others think the same, and it doesn't mean nobody suddenly uses Intel anymore just because you wish for it so much. That is so incredibly infantile, holy cow.

On the actual topic, I seriously wished those three companies would finally stop acting like children going " I'm the best and you all suck, no me, no I am!". It's so dumb, annoying, and really doesn't do anything to endorse them to, well, anyone really, except maybe their hardcore idiot fanboys. Anyone with two braincells and who actually uses them past their own camp knows each have their perks and downsides, and all this does is give other the opportunity to bash them the second something goes wrong. Or, well, just for acting like stupid little children bickering. Seriously. Where are we, in kindergarten? Get a freaking grip, Intel, AMD and Nvidia.

 

[johannicholas]

Thanks its an informative post (Computer repair sydney)

 

[TerryLaze]

Easy fix.

just go to the site and you can look up the dates on the CVE's

Yes, 280 vs 1719, but do the math, percentage wise they are the same.

1702/280=6.0
10019/1719=5.8

 

[gggplaya]

Even if Intel's claims were 100% legit, they have no right to be casting stones.

 

[Roland Of Gilead]

Intel HAS to be fully open when it comes to security when they have so much hardware in government and big businesses. Hiding their deficiencies would be tantamount to suicide.

That's interesting. So they have to be open on security flaws, but not on design flaws like 13th/14th gen CPU's have.

 

[GenericUsername109]

I suspect Intel dropped hyperthreading from their new CPUs in order to reduce complexity and vulnerability. Now, they need to justify/excuse the drop in performance somehow.

 

[BillyRazOr]

Intel, shut up. No one is listening to you anymore.

As I'm PC average user, I totally disagree your selfish words. You're the one who spreading hates about Intel and defending AMD for loyalty.

You really don't know about is that most users are still using Intel for doing businesses, general tasks and content creations. By far, not everyone would want to do only gaming because they need to do other tasks and stuff for works. This is NOT about loyalty, it's about our people really care about values and need to use depends on their requirements.

Every chips aren't too perfect and doesn't mean it's terrible, only bad on prices. AMD fanboys are always pretend clever and said about Intel are really worse and talking how great hardwares for AMD, this is absolutely ridiculous and idiot.