AMD Patches Four GPU Vulnerabilities Within Shader Compiler
AMD has updated four serious vulnerabilities with the latest Adrenalin 2020 Edition 20.1.1 update. These are relatively common, with NVIDIA recently updating its own drivers to fix several security vulnerabilities in the last few months. We reported on that in a previous news video.
While AMD has made no mention of these as of this writing, Talos Intelligence has detailed them extensively.
- CVE-2019-5146: AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability
- CVE-2019-5147: AMD ATI Radeon ATIDXX64.DLL MOVC shader functionality denial-of-service vulnerability
- CVE-2019-5124: AMD ATI Radeon ATIDXX64.DLL shader functionality constant buffer denial-of-service vulnerability
- CVE-2019-5183: AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
The common thread here is the driver file ATIDXX64.DLL, which has an exploitable vulnerability that can be manipulated with malicious shader code, leveraging the entire shader compiler as an attack vector. That attack vector can then be used to attack the host machine from a VM, or there’s also a possibility of remote code execution. Suffice it to say, if you’re using a Radeon GPU, you’ll want to get patched up. Follow the links below to the respective CVE pages for more details.
Intel Record Earnings, Some Reduction in Volume
Intel recently reported its earnings for the previous quarter, overall reporting $72 billion in total revenue, calling it a “record year,” and forecast $73.5 billion for 2020. There are some negatives caused by AMD, like an overall trend of a 6% volume reduction year-over-year in desktops, 5% volume reduction year-over-year in notebooks, and 3% volume reduction in servers, where the money is most notable, but Intel’s had a strong year overall and is raising its dividend as a result. Of note, Intel had the most growth in its data center segment at 19%, had a 2% increase in fourth quarter PC sales, and has been shipping more 10nm parts. The company is losing some of its marketshare and volume to AMD, but that hasn’t materialized just yet. There may be a latent impact from AMD’s parts given how big Intel is and how many industries it’s invested in.
ASUS Finally Releases CES 2018 Product
Back at CES 2018, we did what we thought would be some throw-away coverage and looked at the ASUS bezel-free triple-monitor display setup. At the time, the video did really well for us, and we never quite understood why. Basically, ASUS made two lenses that sit between the borders of the left, right, and center monitors, and those lens leverage a 130-degree angle configuration to effectively hide the bezel while still allowing most of the light through. It was an interesting idea for a show product, but has actually become a real thing and isn’t just CES vaporware. The ASUS ROG Bezel Free Kit ABF01 costs $110 for the two lenses, with some of that pricing definitely being a result of owners of three big monitors having some money.
Opera Allegedly Involved in Predatory Lending
Since its IPO in 2018, browser maker Opera has been trying to expand outside of its core product, especially in the wake of declining revenue from its browser business. In recent years, the company has pivoted to the lending business. While that may seem innocuous enough, although odd for a browser company, a new report from Hindenburg Research suggests that’s not the case, and they’ve got some pretty damning evidence.
The Hindenburg report details Opera’s lending business, and sums it up as predatory short-term lending through a number of Android apps on the Google Play Store. The apps in question are OKash and OPesa in Kenya, CashBean in India and OPay in Nigeria, all seeming to serve areas where credit cards or more conventional loans are not common.
The report alleges that in some cases, the apps would advertise a maximum annual percentage rate (APR) of 33% or less, but then the APR would ratchet up to as much as 438% in some cases. Meanwhile, while the loan terms were advertised as anywhere from 91 - 365 days, they purportedly end up being much shorter -- anywhere from 29 - 15 days. If borrowers were to miss payments, interest rates soared to as much as 867%, while the app pillaged the user’s phone for contacts to harass.
These actions alone are in direct violation of Google’s Play Store policy regarding predatory lending apps, which are in place to protect users from deceptive and exploitative lending practices. Google requires at least a 60-day term, full disclosure of interest rates, and an example of the total cost of the loan.
Opera has unsurprisingly denied the research and findings in the report, going so far as to say the report contains “numerous errors, unsubstantiated statements, and misleading conclusions and interpretations." However, Opera has done little to actually refute the findings. Meanwhile, Hindenburg has stood by their research.
ASML Expects To Ship 35 EUV Systems in 2020
ASML, the world’s largest lithography equipment supplier, recently revealed in an earnings call that the company expects to ship 35 EUV systems in 2020. ASML has already delivered 26 EUV systems in 2019 as fabs continue to make progress with EUV. ASML has also set a lofty goal of raising EUV equipment sales by 40% annually, with a forecast of 45-50 EUV systems delivered in 2021.
Presently, TSMC is leading the charge at the 7nm level, with its N7+ node being the first to use EUV. TSMC’s previous N7 node relied on deep ultraviolet lithography, and the N7+ process should see TSMC use extreme ultraviolet lithography on up to four layers. As semiconductors shrink beyond 7nm, EUV will play an increasingly important role, hence ASML’s aggressive revenue goals for EUV equipment sales.
ASML’s most current EUV system is the TWINSCAN NXE:3400C, a successor to the TWINSCAN NXE:3400B. The TWINSCAN NXE:3400C is geared for EUV volume production at 7nm and 5nm, and offers a 300mm wafer throughput of 170 wafers per hour.
Rumor: Intel Expected To Cut CPU Prices in 2H20
A report from Digitimes claims Intel is planning to cut CPU prices at some point in the second half of the year, no doubt in anticipation of AMD’s Zen 3. While a price cut is often a rare move for Intel, at this point, it’s the only card Intel has left to play.
Intel famously cut pricing for its Cascade Lake-X parts nearly in half, as a last ditch effort to take some of the shine away from AMD’s Threadripper 3000. This is a move Intel wouldn't have even dreamed of a few short years ago, when it had an iron-clad grip on the desktop and enthusiast segments. While those price cuts ultimaley couldn’t save Intel from Threadripper 3000, they needed to happen.
We can assume the rumored price cuts Intel could be plotting are for Comet Lake-S, as those are more 14nm CPUs that Intel will have to lean on until its 10nm silicon for desktop arrives next year. It’s also probably yet another line of CPUs Intel won’t be able to keep on shelves due to the pervasive 14nm CPU shortage Intel has been entrenched in. We’ll see.
Rumor: Intel ‘ATX12VO’ PSU Specification
Since the mid-1990s, the PSU hasn’t changed much, with the exception of ever-higher efficiency ratings.
As it turns out, according to a report from CustomPC, Intel is planning to introduce a new ATX12VO PSU specification at some point this year. The specification sounds more radical than it actually is; according to CustomPC, it stands for “ATX 12V Only.”
If true, it would certainly be the biggest change to PSU design in years, although in reality, it’s not that ground breaking or far-fetched. A 12V only PSU design would initially roll out to system integrators who want to streamline product offerings for retail channels, as well as reduce costs for PSUs and components. A PSU bereft of dedicated 5V and 3.3V rails could still power components that rely on the lower voltages with a step-down DC transformer. Some call this a DC-DC converter -- they’re the same thing. They take a primary, higher operating voltage and transform it down to a lower, secondary voltage. Most PSUs have these any way.
Alternatively, motherboards could also handle the voltage conversion for things like SATA and USB. The ATX12VO standard would purportedly eschew the 24-pin ATX connector for a more trim 10-pin connector, with an EPS connector for high-power systems (or overclockers) being optional. Again, the new standard seems mostly aimed at SIs and OEMs, so the DIY PC scene is likely not going to change much, assuming the veracity of the report.
HPE Expects Xeon Shortages To Endure All Year
Intel has been battling CPU shortages for well over a year and a half now, and though Intel continues to insist that those shortages will recede sometime in the second half of the year, there’s at least one of Intel’s partners that aren’t convinced.
HPE, the enterprise arm of Hewlett Packard, has issued a warning to its server customers that it expects Intel’s Xeon shortages -- Cascade Lake in particular -- to last throughout all of 2020. In a statement to The Register, HPE said the following.
“Based on demand, we are expecting supply will remain constrained through 2020. Server platforms which use these processors are affected. In order to minimise customer impact as a result of these supply constraints with Cascade Lake processors, HPE urges customers to consider alternative processors, which are still available. We are in constant dialogue with our partners at Intel and have a strong relationship with them, and we know they are working on the issue.”
According to The Register, Xeon Silver processors series 42xx are among the tightest in supply, which predominantly affects the following HPE server platforms: ProLiant DL360, ML350 and BL460, Apollo 4200, Synergy 480 and others. HPE’s current internal guidance is to steer customers towards the Skylake-SP Xeons, 14nm chips that date back to 2017.
Staying On Windows 7 Will Cost Germany $887K
As it turns out, a really great way to burn through $887,000 dollars is to just not migrate 33,000 Windows 7 machines to a new OS. Good news if you’re Microsoft, especially with that new carbon negative plan. Not such good news if you’re Germany.
According to reports, the German Federal Ministry has no less than 33,000 PCs running Windows 7. In case, like Germany, you somehow missed it, Windows 7 essentially went dark on January 14th, 2020. It’s now in EOL status, and will receive no more updates or security patches. However, business customers do have the privilege of paying for extended support, albeit for a finite amount of time (up to three years, as extended support ends Jan. 10, 2023) and at exponentially rising costs every year.
Hence, Germany is set to pay Microsoft somewhere between $25 and $50 per machine -- which is exactly what Microsoft charges, depending on the version of Windows 7 in use. Reports didn’t mention what Germany plans for 2021, but we would assume it would involve making the move to Windows 10, or perhaps a distro of Linux is in order.
Or, you could just continue to run an unsupported OS, like Russia and its Windows XP machines. What’s the worst that could happen? It’s not like there’s a dormant WannaCry crypto-worm sitting behind a killswitch waiting to infect exploitable operating systems in the event of an internet outage. Nope, that’s not a thing.
Counterfeit AMD Cooler on Market
A recent story originating from XFastest got traction on the web, but AMD has addressed the product as being counterfeit.
The short of it is that there were claims of a new AMD stock cooler coming to market, with the insinuation that a silent switch-over from the original stock cooler to this newer, allegedly better one would start applying to new orders. We personally saw AMD’s coolers being made at Cooler Master’s factory about a year ago, and it is our understanding that Cooler Master does not make the counterfeits found on XFastest. The photos indicated a 6-heatpipe design rather than a 4-heatpipe design, which would theoretically be better if all else is equal, but AMD has issued a statement on the matter to PC Gamer. AMD told PC Gamer the following:
“It has come to our attention that third-party coolers using six heat pipes that are designed to look like an official AMD Wraith Prism solution, including the illegitimate use of AMD branding, are now entering the market. Please be aware that those solutions are not genuine AMD products and have not been tested and validated by AMD to meet our build quality and performance requirements. We are actively investigating the source of these products and will take necessary actions to enforce our rights to ensure users receive genuine AMD products. If you have any questions about the origin of a cooler, please verify the solution here."
Of course, it’s sensible that AMD would pursue misuse of its assets, but the likelihood of that having any bearing to a moonlighting factory in China is extremely low.
Editorial: Eric Hamilton
Host: Steve Burke
Video: Josh Svoboda, Keegan Gallick