> This is deceptive. In the first sentence it combines two statements: 1) bug/flaw in Intel products and 2) that it is unique to Intel. In the rest of the paragraph it then claims that the previous statements are incorrect, but only addressing the second point.
This is excellent analysis. I guess my follow up question is has there been anything to suggest that AMD/ARM are or are not vulnerable in a similar manner?
I read this as Intel trying to imply that other vendors weren't probed and/or may not have this specific design vulnerability but can still be vulnerable...which I consider a vapid statement designed to distract the reader.
True, when a 0-day is found and disclosed it doesn't mean that there aren't other 0-days that haven't been found yet...but that has no relation to the significance of the newly disclosed vulnerability.
I judge this statement even more harshly because the flaw is so serious it's under embargo until OS vendors can try to protect users. Additionally, AMD seems to have said their processors are not vulnerable (https://lkml.org/lkml/2017/12/27/2)...
Edit: Some more information from Google Project Zero:
Edit 2: So it seems there are two slightly different attacks along this vector: Spectre and Meltdown. From the Google article(s) it seems Spectre affects Intel, AMD, ARM while Meltdown only affects Meltdown. This would appear to contradict the AMD statement regarding their processors not being affected.
I am not hardware guy and information is still coming out...but I am judging this Intel press release slightly less harshly (although it still reads pretty vapid).
The patch that was under question was related to a workaround for Meltdown, which makes AMD's note regarding the lack of necessity in agreement with the paper.
The Spectre paper seems to be a bit less specific on how platforms might differ under explotation but very clearly states that it was verified to be possible. Workarounds for that problem will likely be much more application specific from what I can tell, but I have only skimmed that paper so far.
This is excellent analysis. I guess my follow up question is has there been anything to suggest that AMD/ARM are or are not vulnerable in a similar manner?
I read this as Intel trying to imply that other vendors weren't probed and/or may not have this specific design vulnerability but can still be vulnerable...which I consider a vapid statement designed to distract the reader.
True, when a 0-day is found and disclosed it doesn't mean that there aren't other 0-days that haven't been found yet...but that has no relation to the significance of the newly disclosed vulnerability.
I judge this statement even more harshly because the flaw is so serious it's under embargo until OS vendors can try to protect users. Additionally, AMD seems to have said their processors are not vulnerable (https://lkml.org/lkml/2017/12/27/2)...
Edit: Some more information from Google Project Zero:
https://security.googleblog.com/2018/01/todays-cpu-vulnerabi...
So maybe AMD and ARM are vulnerable?
Edit 2: So it seems there are two slightly different attacks along this vector: Spectre and Meltdown. From the Google article(s) it seems Spectre affects Intel, AMD, ARM while Meltdown only affects Meltdown. This would appear to contradict the AMD statement regarding their processors not being affected.
I am not hardware guy and information is still coming out...but I am judging this Intel press release slightly less harshly (although it still reads pretty vapid).