It has been Mark Papermaster, current Vice President of AMD and Chief Technology Officer, who has taken the reins of this situation and commented on the following:- The public disclosure on January 3 that several investigative teams had discovered security problems related to how modern microprocessors handle speculative execution has revealed the constant vigilance necessary to protect and secure the data. These threats seek to bypass the controls of the microprocessor architecture that preserve secure data. “At AMD, safety is our top priority. And for that reason, we work continuously to guarantee the safety of our users as new risks arise. As part of that surveillance, I wanted to update the community on our actions to address the situation”.
Variant 1 of Google Project Zero (GPZ) is applicable to AMD processors
We believe that this threat can be contained with an operating system (OS) patch and we have been working with operating system vendors to address this problem. Microsoft is distributing patches for most AMD systems now. We are working closely with them to correct a problem that stopped the patch distribution for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We hope that this problem will be corrected shortly. Microsoft should resume updates to these earlier processors for next week. For the latest details, check the Microsoft website. Linux providers are also implementing patches on AMD products now.
GPZ Variant 2 is applicable to AMD processors
While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps, through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat. AMD will make optional microcode updates available to our customers and partners for the Ryzen and EPYC processors starting this week. We hope to make the updates available for our products of the previous generation in the coming weeks. These software updates will be provided by system providers and operating system providers. Linux providers have begun to implement patches of the operating system for AMD systems, and thry are working closely with Microsoft at the right time to distribute their patches. They are also working closely with the Linux community in the development of mitigations of the “Trampoline Return” software (Retpoline).
GPZ variant 3 is not applicable to AMD processors
We believe that AMD processors are not susceptible due to our use of privilege level protections within the paging architecture and no mitigation is required.
There have also been doubts about the graphics architectures. AMD Radeon GPU architectures do not use speculative execution and, therefore, are not susceptible to these threats. We will provide more updates as appropriate on this site, as AMD and the industry will continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.”