Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

It´s true that every CPU ships with small bugs but we are not talking about a small one, we are talking about a gigantic critical flaw in the CPU!!!... Bugs like this shouldn´t happen...

As for you biggest question, i find it hard to believe that Intel didn´t know about this issue months ago or even more... They probably tried to keep it under wraps while trying to solve the issue in house but they failed and others noticed it and Intel had not option but to admit it...

 

And so it begins , AMD rebukes Intel , says flaw poses " near zero risk " to it's chips. You go girl @ Lisa Su !

https://www.cnbc.com/2018/01/03/amd-rebukes-intel-says-flaw-poses-near-zero-risk-to-its-chips.html


Better grab the biggest bag of popcorn , this is going to last for a long time as the internet it's ablaze and on fire with this news:








I am ready with mine

 

what are these "Specific" workloads? I use VM from time to time to "test" windows builds from time to time before I put them on my machines and when I i testing i dont want done on my actual system. so the malware or chance of virus stays on the VM.

beyond that my system is only used for gaming and web surfing

 

Apparently there are two serious bugs that have been found out recently:

Meltdown that only applies to Intel CPUs and Spectre that Apparently affects every modern CPU including AMD and ARM!!!

Info here for those interested: https://arstechnica.com/gadgets/201...orcing-numerous-patches/?comments=1&start=280

 

Meltdown and Spectre whitepapers:

https://meltdownattack.com/

 

from the new details available , it would seem that even if the malicious code was running in a vm, it would be able to read higher privileged memory , that may contain data like passwords stored in other programs, or even programs running on the host machine outside the vm



doesn't appear to be able to write or execute , but still a serious security problem, what the patch in this case does is keep privileged data from being leaked through the tlb cache, by causing it to flush it every time something privileged is being called.( roughtly along those lines, haven't read into it too much) which is why there is a performance hit.

disk I/O perf seems to be the most impacted by this patch/workaround, probably wont be much of an issue unless you paid for fancy nvme drives, in which case you'll probably lose quite a bit of throughput.

 

Interesting reads. Meltdown is truly scary (can read from kernel memory, including passwords) but is easier to mitigate, while Spectre is far more benign (can only leak data from a target application which the CPU has been trained to mispredict) but is difficult to counter. Both are kind of worrying, but I would say meltdown is by far the more dangerous exploit.

 

I'd like to ask the question, does this affect IGPU users more or less or don't we know yet? I must say, GURU users are more mature and most here have a level head about this whole issue. More so then other site's i visit which seem to have a "SKY is falling" mentality.

 

ARM cpu's are affected by this too and have made a statement just now:

https://developer.arm.com/support/security-update

AMD newly released updated statement just now:

https://www.amd.com/en/corporate/speculative-execution


Meanwhile at Intel :

 

I didn't think you hung out there too, I seen that earlier today.

 

I am not building a new rig to to patch this maybe will get lucky and FW updates on MB that will patchs this? and aviod the hit?

 

Yeah i do once in a while .



More emerging news:


According to the researchers, including security experts at Google and various academic institutions, the Meltdown flaw affects virtually every microprocessor made by Intel, which makes chips used in more than 90 percent of the computer servers that underpin the internet and private business operations...

Source: https://www.nytimes.com/2018/01/03/business/computer-flaws.html

 

Since this issue was known from summer and been reported to Intel, was Coffee Lake released without patching it?
Guess this issue requires major CPU redesign to fix it.

If Ryzen+ manages to patch Spectre, that would be even bigger plus for AMD.

 

I find it funny how Intel is deliberately trying to blur the lines, making it seem like other CPU manufacturers have the same vulnerabilities. It's obvious that only Intel CPUs are susceptible to the potentially catastrophic Meltdown exploit, but they are trying to conflate it with the far less dangerous Spectre exploit, which exists on AMD and ARM as well.

Nice try, but no cigar.

As a professional computer programmer, I will lose no sleep over Spectre (its use case is so limited and specific that I can't imagine it would pose any danger in real-life scenarios). I'm absolutely terrified of Meltdown though, and will apply the patch as soon as it's available.

 

Umm, I'm no programmer(by any means)!!!
But the fix will probably come in the form of a windows update, hence why it will affect all CPU'S that are windows updated.

 

Exactly this^^ , agree 100% with your statement.

Also just now google project zero just posted new information and it does not looks good at all :/ , Intel knew about this since June 1 , 2017. " We reported this issue to Intel, AMD and ARM on 2017-06-01 " ...

Link: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html

Edit: more and more news emerging by the minute , this time Microsoft is responding with an emergency windows update(KB4056892 update) expected to roll out today at 5:00pm. Panic mode is ON !

https://www.onmsft.com/news/microso...cessor-exploits-now-rolling-out-emergency-fix

and : https://www.windowscentral.com/microsoft-pushing-out-emergency-fix-newly-disclosed-processor-exploit

"" the security update is set to automatically roll out to all Windows 10 desktops today starting at 5 PM ET, and later to other Windows 7 and Windows 8 on January 16th ""

That's 13 more days of vulnerabilities for windows 7 and windows 8.

 

This is what happens when all you do is go for all out performance and you start cutting corners to get it

 

@chispy

Are you certain they didn't upload the update on their site so people can manually install it? (Windows 7/8)

Edit: Is this it?
https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897

https://support.microsoft.com/en-us/help/4056898/windows-81-update-kb4056898

 

Welp , there is another patch freshly baked also for Windows and it has been just posted now at Microsoft Update catalog as a critical update ( KB4058702 ) it is so new and fresh out of the oven it does not have any description n/a and posted January 4, 2018. I do not know how many Windows patches , critical updates , windows security updates we will get as it seems they still working on them currently at this time ...

https://www.catalog.update.microsoft.com/Search.aspx?q=kb4058702

@swISS i'm not sure at this moment there are a whole bunch of critical updates appearing now. Let's wait a bit more to see what Microsoft recommends.

 

Looks like they were pushed at the same time as the Windows 10 ones. Another marketing plot on Microsoft's part to get people to use Windows 10 because they get patches earlier via Windows Update?

... I hope not :- )