Hacker News new | ask | show | jobs
by Certhas 3089 days ago
No.

- If you have an AMD CPU or run a Kernel with KPTI you are protected from Meltdown.

- If you have an AMD CPU or compile the browser with retpoline you are protected from the second variant of Spectre (branch misprediction).

- If you have site isolation you are protected from the first variant of Spectre (bound check).

Thus, as it stands (and my understanding is that more variants will inevitably be found), this feature alone mitigates the known attacks on AMD hardware.

Of course the real mitigation is to air-gap your computer and only run code you have proven to be secure by hand. But Google can never suggest that. /s
1 comments
dralley 3089 days ago
Not true, the second variant of Spectre is harder to exploit on AMD, but possible.

AMD is pushing microcode updates to close those holes, too.

link
kllrnohj 3089 days ago
https://www.amd.com/en/corporate/speculative-execution

"Variant Two

Branch Target Injection

Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date."

And although Project Zero had multiple AMD test machines they did not make any claims that AMD was also vulnerable to variant 2. Can you link to any PoC that has gotten variant 2 to work on AMD?

link