Papermaster now says the second Spectre vulnerability, called branch target injection, is applicable to AMD processors, although exploiting the vulnerability would be difficult. The company is this week providing optional microcode updates for its Ryzen and EPYC processors and plans to offer such patches on other processors over the coming weeks. It is working with the software vendors to bring patches to customers as well.
AMD had previously said there was no impact on its processors from the branch target injection and rogue data cache load variants. An AMD spokerson had told CRN at the time that the vendors AMD works with, such as Microsoft and Linux, have resolved the bounds check bypass through software and OS updates with "negligible performance impact expected."
Microsoft temporarily halted distribution of patches for some older AMD Opteron, Athlon and Turion X2 Ultra processors, but is expected to resume updates next week, AMD said. Linux vendors are also now patching their operating systems for AMD processors, Papermaster wrote.
Papermaster also said AMD's processors are not susceptible to the rogue data cache load vulnerability known as Meltdown due to its use of privilege level protection with its paging architecture, and as a result, it sees no need to provide any mitigation.
AMD does not expect issues with its Radeon GPU architectures as they do not use the speculative execution feature at the heart of the Spectre and Meltdown processor vulnerabilities, he wrote.
"We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats," he wrote.
AMD did not respond to a CRN request for further information by press time.
Alec Shirkey and Mark Haranas contributed to this story.