Info Meltdown and Spectre Vulnerabilities Information

Page 11 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
Apart from the AI Suite issue (lots of people are reporting that similar software no longer works) these could be placebo effects. If you've read about 30% performance drops on every site you may start seeing 30% performance drops on every site.
 
Could someone give me a quick bit of direction on exactly what I'm supposed to do to "fix" these vulnerabilities? I am running an i7-4790K on an ASRock Z97 OC Formula. ASrock doesn't seem to have a new BIOS nor does the Intel page seem to have something to download. ... What am I supposed to do here? Thanks very much to everyone, this forum is always very very helpful!
 


All you can do is keep Windows updated for now.

Nobody knows if the board manufactures will put out bios updates for the older chipsets.
 



Ok thank you very much! I have always done so and believe I am up to date at the moment. Thank you again especially for such a rapid response, much obliged brother.
 


I am in the same boat with 2 of my systems, one LGA 1156 and the other LGA 1155.

Luckily my main machine is LGA 1151 so I am OK on that one.

It's all up to Corp Politics and other assorted BS etc to see if they will do anything or not.

Maybe the Government will get involved an force them to do something.
 


And now AMD hits its own class action lawsuit:

AMD stands accused of "artificially inflating" its stock price by not making public a CPU design flaw the tech world now knows as Spectre,

https://www.theregister.co.uk/2018/01/17/amd_investors_sue_over_chip_flaw_silence/
 


Did you even read that lawsuit? It's a frivolous lawsuit, he bought his shares on January 8th! He must have been paid to file this lawsuit, because Kim isn't going to win a penny!
This is a wider period than the Intel case, which begins its lawsuit with shares bought from 27 July 2017, roughly the time that the third Meltdown flaw was discovered, and 4 January 2018, when the full extent of the issues became public.

As evidence of hiding the knowledge of the chip vulnerabilities, the complaint highlighted AMD's end-of-2016 statement, as well as its Q1, Q2 and Q3 filings. These all contain the same paragraph warning about the general risk of hackers and potential consequences of attacks, the place where investors would expect to read about fundamental issues with the company's chips, but did not. Signed and declared accurate by Su and Kumar, these reports would indicate that all was well in terms of security at AMD.

On January 2, The Register revealed the Spectre and Meltdown vulnerabilities, and AMD responded to the news saying its processors were only at risk from one variant of Spectre. On January 11, AMD published a statement to say that in fact both Spectre flavors affected its cores, with CEO Su confirming this in an interview on the same day. This information caused AMD's share prices to dip.

While not explicitly mentioned in the filing, the Google Project Zero blog stated it informed AMD about Spectre on 1 June 2017. It is not clear why the class period begins earlier than this date and makes reference to the end-of-2016 and 2017 Q1 reports, as AMD would not have been aware of the flaw at those points in time.

There's also the little annoying fact that AMD's share price went up after details of Meltdown and Spectre emerged in early January, and at $12.12 today, the stock price is more than its June 1 value of $10.93. It peaked at $14.76 in July.

Kim bought 21,000 shares in AMD at $12.24 on January 8, 2018, presumably thinking it was a safe bet. He now appears to be upset they declined in value by 0.99 per cent to $12.02 on January 12, the day after the chip design clarified its position on Meltdown and Spectre.

Responding to the class-action lawsuit, an AMD PR rep told The Reg: "We believe these allegations are without merit. We intend to vigorously defend against these baseless claims." ®

The statement AMD released has not change, near-zero, and they have only added that they are going to take further steps to mitigate the possibility of exploitation. He is suing over less than a 1% decline in stock. It is likely that AMD stock will be worth more than he bought it for when he goes to trial, which it will be laughed out of court.

Note: Intel now has 4 lawsuits against it not 3.

Edit: I posted a picture from AMD security update page on Jan. 6th. This shows AMD's initial statements have not changed, and he bought the stock on the 8th afterword.
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html#20556662
 
Are those problems affecting windows and linux machines (implying BIOS patched having issues) or windows only problems (implying windows patches problems)?

I didn't see anything explicit about that.

Cheers!
 


The problem is the plaintiffs have to show actual harm. As we've established: Desktop users for the most part really aren't going to be affected in a significant way, so that makes 90% off all plaintiffs SOL.

The others are likely to be the ones who have a legitimate gripe, as their business model is suddenly up in flames. And since those plaintiffs are more likely to be VERY large companies, there's a chance for damages reaching the Billions of dollars.



I haven't heard much on the Linux front. This does highlight my "don't install patches until they're at least a month old" policy though.

This looks to me MSFT is trying to rush the patches out without really doing the necessary testing across multiple configs. It's possible it's purely an OS issue, but this smells more of a motherboard/CPU driver issue to me.
 


That is the exact reason why I friggin' hate Win10. No way to really control the updates other than having the PC off (which is what I've done with my new notebook! FFS!) until you're absolutely sure nothing will break badly.

/rant

Is there also a potential number of affected machines on this? I think that is also important to know, since the problems might be affecting very specific hardware configs as well.

Cheers!
 


The AMD lawsuits aren't for performance loses. They are for misleading claims to investors.
 
That's correct the AMD lawsuits are for lying to investors.. AMD Targeted By Class Action Suit Over Spectre Vulnerabilities:
http://www.tomshardware.com/news/amd-targeted-class-action-spectre-vulnerabilities,36357.html

The company initially claimed, and continues to maintain, that it’s vulnerable to Spectre Variant 1, which is patched at the OS level. As for Spectre Variant 2, however, AMD’s initial statement was that there was “near-zero risk of exploitation” on its CPUs; it later stated that it had issued “optional” CPU microcode updates for the vulnerability.

The change in position is part of why the Rosen and Pomerantz law firms are now targeting AMD. These lawsuits aren’t aimed at justice for consumers, though; they’re after AMD for failing to disclose to investors its knowledge of the vulnerabilities, which led to a claimed drop in stock value. AMD’s stock took an insignificant hit in after-hours trading on the day it announced its BIOS updates, but its has since recovered. Only the Pomerantz lawsuit specifically mentions Spectre Variant 2, whereas the Rosen lawsuit references only “a fundamental security flaw”. Both lawsuits seem to be viewing AMD’s eventual release of BIOS updates as a smoking gun for the case that AMD’s CPUs are vulnerable to Spectre Variant 2 after all.
 


Not entirely true. You can set your network connection as "metered", basically telling the OS you don't have unlimited data, and then tell Windows 10 not to download updates over metered connections.
 




I already proved that these lawsuits are a joke in Juangra's first comment. AMD never changed their statements, Project Zero never successfully exploited Spectre 2 vulnerability on AMD systems, and AMD said there was near-zero chance of exploiting Spectre 2, and released a patch to further mitigate chances of exploitation. They never said it was impossible, so it's all a big pile of BS.
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information/page-6.html#20607192

Edit: AMD stock is up 3.5%, and higher than their purchase price of $12.24 on Jan. 8th. These lawsuits will be laughed out of court.
RpcPVbp.png
 


AMD changed the statements in an update and this change was reflected in the market reaction immeditately after AMD changes

42686696-151588760093464.png
 

AMD did not change their statements which can still be found here!
https://www.amd.com/en/corporate/speculative-execution
The drop in price happened in After Hours under very low volume! As I've commented before, this drop corrected itself in less than 24 hours after the market opened the next day which amounted to less than a 1% drop in stock price, and like Tom's Hardware said:
AMD’s stock took an insignificant hit in after-hours trading on the day it announced its BIOS updates, but its has since recovered.
You are trying to make a mountain out of a mole hill, and trying to validate ridiculous FUD.

Edit: AMD stock today even after all the ridiculous FUD.
YWpIoML.png
 


Ayyy


As far as the lawsuits... they don't change the fact that there are vulnerabilities. I haven't read through them yet, but it seems like people just want cash from a skimming of this thread
 
^ This. Let's keep the lawsuits out of this thread. Unless something newsworthy actually happens. Which will likely take years.
 
Status
Not open for further replies.