AMD has been hit with significantly fewer vulnerability reports than Intel, but a handful have still surfaced. In this case, regarding the Take A Way whitepaper, AMD is claiming that “these are not new speculation-based attacks” and have not released any software updates in response.
From our position, it’s unclear whether AMD or the researchers are correct until either AMD releases a patch, or someone releases an in-the-wild exploit. Either way, the researchers also state that the amount of data that can be exfiltrated is small. While they claim that it can work in real-world scenarios, that doesn’t mean that it will be worth doing in real-world scenarios.
Still, if it works and it can be patched, then it should be fixed.
“Still, if it works and it can be patched, then it should be fixed.”
Well, if the cost of the patch is a 10% performance loss and the exploit works but has little real-world implication, then should it be fixed ?