FTA AMD confirms nothing. It just states that the company believes it's not vulnerable to the SPOILER vulnerability due to AMD's processor architecture.
Mods, could you please fix the title? Not only does the article confirm nothing but it's also specific to a single vulnerabilty.
Unfortunately the actual page's title is simply `SPOILER', so I did my best given the HN guidelines on titles. The mod-updated title also seems fair to me.
I previously tried to post it with the exploit name included but it didn't show up on HN when I was logged out, neither did it show with a (dead) or (dupe) flag. I thus assumed that 'SPOILER' triggered a key word spam filter.
I think it's safe to say that if the processors do not use partial address matches above address bit 11 when resolving load conflicts then they would not be vulnerable to an exploit which can gain access to partial address information above address bit 11 during load operations.
FTA AMD confirms nothing. It just states that the company believes it's not vulnerable to the SPOILER vulnerability due to AMD's processor architecture.
Mods, could you please fix the title? Not only does the article confirm nothing but it's also specific to a single vulnerabilty.
"doesn't have the vulnerability" is an unfalsifiable claim, so the onus is on researchers to prove that it does have the vulnerability.
You mean "unprovable". It's falsified when someone finds a way to exploit the vulnerability.
Ah, indeed. Thanks for correction.
Unfortunately the actual page's title is simply `SPOILER', so I did my best given the HN guidelines on titles. The mod-updated title also seems fair to me.
The very first sentence of the article is:
"We are aware of the report of a new security exploit called SPOILER (...)"
I previously tried to post it with the exploit name included but it didn't show up on HN when I was logged out, neither did it show with a (dead) or (dupe) flag. I thus assumed that 'SPOILER' triggered a key word spam filter.
I'd wait for a 3rd party to confirm this.
I think it's safe to say that if the processors do not use partial address matches above address bit 11 when resolving load conflicts then they would not be vulnerable to an exploit which can gain access to partial address information above address bit 11 during load operations.
The paper, from the authors that found SPOILER, already states they were unable to exploit AMD processors:
“The analyzed ARM and AMD processors do not show similar behaviour”. [1]
[1] https://arxiv.org/pdf/1903.00446.pdf
Title would be improved by adding reference to SPOILER. There's too many processor vulnerabilities bouncing around right now.
Added. Thanks!