AMD Claims 'Near-Zero Risk' To Its Processors From Meltdown, Spectre Exploits

Chip manufacturer AMD Thursday said there is currently "near-zero risk" to its processors related to security flaws found in chips from multiple vendors that now have the tech industry scrambling to protect systems across the globe.

The Meltdown and Spectre security flaws, discovered by security researchers last year and publicized Wednesday by media reports, are found in chips from multiple vendors, including market leader Intel.

While Intel has announced plans for a "comprehensive" threat mitigation response to the flaws, an AMD spokesperson told CRN the company does not need to release any type of firmware or OS updates to address the Spectre and Meltdown issues.

[Related: 7 Things You Need To Know About Spectre And Meltdown Security Exploits]

"The security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants," AMD said in a statement. "Due to differences in AMD's architecture, we believe there is a near-zero risk to AMD processors at this time."

The three variants are called bounds check bypass, branch target injection and rogue data cache load. There was no impact to AMD regarding the branch target injection and rogue data cache load variants, while the spokesperson said other vendors it works with, such as Microsoft and Linux, have resolved the bounds check bypass through software and OS updates with "negligible performance impact expected."

Solution providers said the seemingly minimal impact to AMD processors could open the door for it to gain both mindshare and market share against Intel, its chief rival.

Rick Gouin, CTO at Winslow Technology Group, a Waltham, Mass.-based solution provider and Dell Titanium partner, said customers today have been asking about the availability of Dell products with AMD chips.

"It sounds like a lot of customers are going to be looking at AMD in light of the Intel issue," Gouin said.

The Meltdown and Spectre flaws could allow hackers to extract information such as encryption keys and passwords from operating systems. Patches have been released for many operating systems, although the updates could slow systems down.

AMD said it was working with other vendors across the ecosystem to help resolve the issue. Intel did not respond for comment on AMD's statement by press time.

Intel has lost $11.75 billion in market capitalization over the past two days, dropping to $207.51 Thursday, down from $219.26 billion January 2.

AMD gained $1.18 billion in market cap over the same time frame, growing to $11.77 billion Thursday, up from $10.59 billion on January 2.

Wall Street firm Mizuho Securities said on Wednesday that the impact of the security issue on Intel could be used as a "marketing edge" by competitors like AMD and Nvidia.

"Near-term, given some of the vulnerabilities on Intel processors, we believe AMD and Nvidia could use it has a marketing edge given differing architectures and no vulnerability yet," wrote Vijay Rakesh, an analyst at Mizuho. "It could be a tailwind for AMD and Nvidia which are not seeing similar issues because of a different architecture implementation."

Solution providers Thursday said customers were contacting them with their security concerns regarding Intel chip solutions.

"We are seeing a lot of activity in our support team and are assessing the extent of impact right now," said Robert Keblusek, CTO of Sentinel Technologies, a Downers Grove, Ill.-based solution provider and Cisco Gold partner ranked No. 117 on CRN’s 2017 Solution Provider 500 list.

The Spectre and Meltdown flaws represent the second significant hit in about a year for Intel. In early 2017, a flaw in its Atom processors was found to be the root of a widespread clock signal component problem that affected several vendors' products, including Cisco, which had to earmark more than $160 million to remedy the issue.

Winslow Technology's Gouin said the security issues will "definitely have an impact" on how customers buy data center solutions in the future.

"It's going to be a greater impact on people who are looking to deploy some new infrastructure. I don't know if this is going to make people run out and replace their old gear because they've been living with this flaw and they didn’t even know they had it," said Gouin. "I do think as customers are evaluating new gear for replacements and refreshes, they're probably going to take a look at AMD, when in the past, they probably wouldn’t have bothered."