New Intel vulnerability: SPOILER

[Dirk Diggler]

Spoiler: New Intel Vulnerability

 

[Rroff]

meltdown is the worst one so far, spectre realistically cannot be exploited, meltdown itself is difficult enough that I have kept mitigation disabled on my main rig. Not looked into this new one yet so no comment on that. But what I will say is whenever something is patched its my view a cost vs benefit assessment should always be carried out, sadly it seems to have become the trend where people are just told to patch every single "possible not necessarily live" exploit out there regardless of the actual risk and cost of doing so.

Yeah a lot of these aren't very useful unless you are logged in directly at the machine i.e. remote/virtual desktop and have some idea what you are targetting. Which is why I've not worried too much on my gaming systems, etc. aslong as "easy" remote vectors like web browsers are covered.

The biggest at risk really are companies with expensive industrial/commercial IP, etc. that could make them viable targets for bigger hacking groups and nation state actors.

 

[Nutella33]

AMD have issued a statement on it.

Article Number
PA-240
We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.