For those of us who still have SPECTRE issues from 2018 fresh in our minds, there now are NEW Spectre-v2 attacks also known as kernel exploits which bypass previous half-baked mitigations. It also affects the Linus kernel as well. The Intel processors affected are listed at this link. Please note that 10th generation and newer Intel CPU's are affected which makes MOOT, the argument Microsoft is giving for their strict CPU security requirements for Windows 11.
Please note from the article:
For a complete list of mitigation recommendations, check out this dedicated page, while a list of all the affected processor models is available here.
Confusing this indeed is, as was the first round. BHI-affected processors is the reference to the NEW Spectre vulnerability and the proof of concepts that are already known but not yet seen in the wild. The processors affected in BOTH Intel and AMD listing would be related to everyday users and enterprise in the same manner. The usage of the hardware won't make any difference since its the same hardware with the same issues.
The current report IS contradictory indeed. The "microcode" patches released for the former Spectre earlier were better suited by AMD in preventing performance losses and now confirmed, as not closing the door to Spectre in the first instance. Both AMD and Intel, are susceptible to the new issues. Disabling CPU "privileged mode" has to be done through new microcode patches per each specific OEM which they should provide. That is the reommendation. CVE-2202-0001, CVE-2022-002 represent the MITRE assignments for those yet to be released patches. Again, developers will be the targets for abuses and the way they code containers with their software and how it runs against security in Windows and Linux.
I have on laptop and one gaming rig, both CPU's are on the listing as they were when the original Spectre issues were reported. Microsoft released the microcode patches with Windows updates at the time so I would think the same will be the case with these new side channel issues. One reason being is the Linux kernel is also involved, Windows now that Linux kernel has been added to Windows it makes things more of a mixed bag. That entity is directed more toward the developer communities.
I'm watching for those "C" band update to arrive this month as they did before. I don't think Intel nor AMD will stand idle on this for an extended time frame.
My computer has an Intel processor, but I'm a bit confused about the current status for AMD processors.
Am I correct that this is a backported AMD patch for the old Spectre Variant 2 vulnerability (Spectre-V2 / CVE-2017-5715) and not the new Spectre-BHI/BHB vulnerabilities (CVE-2202-0001, CVE-2022-002) that were made public last week?
The Neowin.net article you referenced <above> is based on the 11-Mar-2022 Phoronix article The Performance Impact Of AMD Changing Their Retpoline Method For Spectre V2 . What I took from that Phoronix article is that while researchers were testing AMD processors they found that the AMD processors were not susceptible to the new Spectre-BHI/BHB vulnerabilites (which is what UVSec also reported <here> but which seems to contradict the information in the 09-Mar-2022 BleepingComputer article Intel, AMD, Arm Warn of New Speculative Execution CPU Bugs you referenced in your original post). However, Phoronix also discovered that AMD's strategy for the old Spectre-V2 vulnerability (i.e., "AMD/LFENCE" Retopline) was inadequate, and advised that systems with an ADM processor should switch to the "generic" Retpoline approach used by Intel since Win 10 v1809. The good news is that this Phoronix article shows that using the "generic" Retpoline mitigation to patch AMD processors against this old Spectre-V2 vulnerability generally has less impact on system performance than it has on Intel processors.
-----------
Dell Inspiron 15 5584 * Intel i5-8265U CPU * 64-bit Win 10 Pro v21H2 build 19044.1586 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.5.175-1.0.1621
Regarding the new Spectre-BHI/BHB vulnerability (an offshoot of the older Spectre -V2 / CVE-2017-5715 vulnerability) that was made public last week, I confirmed that my Intel i5-8265U CPU is listed on the 2022 tab of Intel's Affected Processors table. However, the "Mitigations" section of Intel's Security Advisory Branch History Injection and Intra-mode Branch Target Injection / CVE-2022-0001, CVE-2022-0002 / INTEL-SA-00598 is filled with technical jargon ("On BHI-affected processors, Intel recommends disabling unprivileged eBPF, enabling eIBRS and enabling SMEP...) and seems to be directed at network server administrators rather than typical home consumers.
Have you seen any announcements on whether chipmakers and/or vendors like Microsoft plan to release software/firmware updates to mitigate these new Spectre-BHI/BHB (Branch History Injection / Brand History Buffer) vulnerabilities for home consumers (e.g., like Microsoft's "generic" Retpoline Spectre- Spectre V2 software mitigation described in the 15-May-2019 BleepingComputer article Windows 10 Spectre 2 Mitigation Now Uses Retpoline By Default)?
I'm hoping that the Gibson Research Corporation (GRC) InSpectre v8 utility (rel. 21-Apr-2019) that checks for Spectre and Meltdown patches will eventually be updated for this new Spectre-BHI/BHB variant.
-----------
Dell Inspiron 15 5584 * Intel i5-8265U CPU * 64-bit Win 10 Pro v21H2 build 19044.1586 * Microsoft Defender v4.18.2201.10-1.1.18900.3 * Malwarebytes Premium v4.5.5.175-1.0.1621