Spectre variant 2 was a little more interesting in that it can trick the processor into speculative execution of something that's not a valid execution path for the victim context (by confusing it about the target of an indirect branch), but it still relies on the speculative execution happening in a context that is meant to have access to the targetted data. It's sort of halfway between this and the other Spectre variants; it can be fixed in hardware or software.

All three of these latest vulnerabilities are like Meltdown and L1TF in that they just allow speculative execution to completely ignore hardware-level access protections and read data from a completely different process, and there's nothing that can be done about it at the software level. (Originally, the comment you're replying to was posted on a discussion about all three, if I remember rightly.) All of these affect Intel but not AMD. It's not like modern AMD chips are exactly poor performers either.

> All three of these latest vulnerabilities are like Meltdown and L1TF in that they just allow speculative execution to completely ignore hardware-level access protections and read data from a completely different process

Not really. These attacks are completely different from Meltdown and L1TF in that they don't involve reading from memory at all. They involve hidden processor state that contains values that were recently used in another context. The attacker never explicitly specifies an address they are interested in -- they just get whatever's floating around.

A comparable (but much more obvious) bug would be if the OS failed to clear registers when switching contexts. Although the values in those registers may have at one point been read from memory, the attacker recovering those values isn't directly accessing the victim's memory.

Your comments seem to be arguing that AMD isn't affected by these bugs for the same reason they weren't affected by Meltdown. But these bugs operate in a totally different way and exploit totally different components. There doesn't appear to be any reason to believe they are related.

I think the reason AMD isn't affected likely has to do with the fact that these attacks are targeting specific implementation details of Intel processors, which AMD processors probably just happen to implement differently. (Indeed, Fallout appears to be attacking outright unintentional behavior -- it would be surprising if multiple CPUs had the same bug.) It seems likely to me that AMD has different bugs which haven't been found yet, perhaps mostly because researchers haven't focused on them.

(Disclosure: I own some AMD stock. I don't own Intel stock. I have no other affiliation with either company.)

The "hidden processor state" is the memory contents belonging to other processes, stored as part of the CPU's memory access machinery. Every single one of these vulnerabilities involves Intel speculatively filling memory read requests from one process with data from another process without doing access checks first, and it turns out they do this all over the place: they do it from L1 cache, they do it if there's an L1 cache miss, they do it when the actual desired memory is uncacheable, they do it with store-to-load forwarding... almost every conceivable method of fulfilling a memory read on modern Intel CPUs is happy to speculatively leak secret data from other processes that shouldn't be accessable. More interestingly, AMD don't seem to do this anywhere that anyone's been able to find. (Well, technically that's not quite true... there's a speculative bypass of x86 segment limits on AMD which no-one cares about because no-one uses those anyway.)

And ARM had one design that had a Meltdown variant, and both of IBMs', POWER and mainframe as well. Every vendor with speculative out-of-order designs is vulnerable to Spectre.