Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

So Ideally, what we need is a carefully crafted solution for Meltdown, for those of us who use intel, which explains how to modify a BIOS and inject the Microcode provided by intel (one for each CPU generation I would expect).
A step by step process would be the best.
Something anyone could do, with the microcode and Tools from verified sources. That is the most important for me.

 

As i'm reading it now : https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/ The Meldown Flaw is the one that is mitigated by OS updates, and the Spectre Flaw is the biggie which needs Bios/Microcode updates, and may not be patched at all for some older CPU's.

This is the sort of patchy information that is coming through.
Its as confusing as F*ck.

 

In nutshell this is spectre , it is Bobby tables,meaning there is possible exploit and developers need to sanitize their code, it is general purpose attack on speculative execution , yeah there is no patch for that just caution and good programming or completely getting rid of SE and that is not going to happen.

https://xkcd.com/327/

 

What I gathered is Meltdown cannot be patched out via microcode update -> software (OS kernel) workaround is necessary.

Spectre on the other hand can be patched via microcode/firmware update -> updated BIOS needed for protection.

AMD is only vulnerable to one variant of Spectre and I've read it could be even then only under Linux under specific circumstances.

Meltdown is the worse of the two.

 

Spectre variant-2 can be mitigate only with microcode update, an OS update is also required to complete the protection (actually the OS update do not work without the microcode update). This exploit has only not empirically demonstrated to work with AMD CPUs.

Spectre variant-1 is still unfixed and is still not clear what actions will be taken against it (the LLVM team is considering adding some changes in the backends). This exploit has been proved to work on many CPU architectures and from different IHVs (Intel, AMD, most variant s of ARM architectures, PowerPC, etc..).

Meltdown should be fixed on most OS running on Intel and Cortex A-75 CPUs (not sure if the "light" register only version has been patched too for the other ARM Cortex architectures).

 

I just looked and that installed on the 4th for me I never even noticed lol.

 

Amazing! So they don't have spare time to give us bios for z97 z87 z77 vs users? How long will it take them to fix 1 bios file for each mainboard from those series? 15mins? 1hour? 6hours? 12hours? 24? 48? 1 week? Never? .........

 

After I read description of Meltdown and Spectre I have impression that to use these vulnerabilities hacker should first get remote access to your OS by some other attack techniques.
Also both weaknesses doesn`t give instant access to all memory, preparations are needed.

 

i can see Intel will goes bankrupt in 1 year.big companys will sue them for billions of dollars and millions of customers will ask for thousands of dollars,.how much a bank will ask them for the damage or amazon or ebay and so on?and sony has a serious security problems couple years ago,and they could come up and say,that was because of the spectre and meltdown.i feel nice,just a day before this shitstorm i was upgraded my intel cpu and i was very happy with the incrase of the performance,now...........................................

 

of course, but the point is that unprivileged software can access privileged memory, ie it can steal your keys. Mozilla also confirmed a few days ago that malicious javascript from a webpage can exploit meltdown and spectre https://www.bleepingcomputer.com/ne...tion-vector-for-meltdown-and-spectre-attacks/

makes you want to not browse the web....

 

It stands to reason that this could be done through javascript. So visiting a malicious or compromised web page could do it.

I don't think anyone has demonstrated a javascript proof of concept for it yet. But it doesn't sound like this would be impossible.

 

Spectre definitely needs some preparations/training in order to work. I think Meltdown can be used without any preparation though. Spectre can also be mitigated by smart coding - basically, prevent reading sensitive data immediately after a conditional. Old apps probably won't be recoded though.

 

This is what requires a microcode update. Updating the applications alone won't help. Updating the microcode alone won't help. You need to update the microcode, the compilers and the applications. If one of those things isn't patched, the system remains vulnerable.

Which is why sandy bridge users are fu**ed.

 

If we assume malicious script just runs in browser without creating new independent process then basic protection against "slow" Spectre would be closing tabs in browser, closing browser itself when you done with Web.

I do not believe that access to memory gives opportunity to implement script which will steal sensitive information automatically. I mean it sounds like hacker should analyse a lot of memory dumps.

PS Also I am wondering how even java script can execute CPU instructions needed for all these side channel attacks.

PPS Also ain`t java code itself is executed in sand box? And ain`t java script code should be executed in even more "narrow" environment?

 

Not sure if this has been mentioned already, but I noticed that Nvidia has updated their security bulletin:
Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels

Saying their next branch of driver, coming during this week will include fixes against the vulnerability. At least, that's how I interpret it.

 

They could target application builds with known memory layouts that have not been hardened against this attack.

From what I can tell, the attack vector here is hijacking function returns and alter their jump target. If they know the memory offsets of the functions, then could exploit the bug to make the function jump into their own code, even if it's across process boundaries, which would make this a remote code execution exploit. It seems that to fix this bug, the compilers need to be updated, the applications need to be recompiled with the new compiler, and the CPU needs a microcode update so that the CPU actually respects the code the compilers are generating.

With that being said, I could be mistaken with the above. But that's how I understood the issue from the way the Linux ecosystem is trying to address this. There's patches in the GCC and Clang compilers for this, and applications need to be recompiled, and the new microcode needs to be in place.

 

Not really,but:

"Intel also tried to deflect lawyers by saying they follow industry best practices. They don’t and the AMT hole was a shining example of them putting PR above customer security.
Similarly their sitting on the fix for the TXT flaw for *THREE*YEARS* because they didn’t want to admit to architectural security blunders and reveal publicly embarrassing policies
until forced to disclose by a governmental agency being exploited by a foreign power is another example that shines a harsh light on their ‘best practices’ line. There are many more like this.
Intel isn’t to be trusted for security practices or disclosures because PR takes precedence over customer security.

Unfortunately security doesn’t sell and rarely affects marketshare. This time however is different and will hit Intel were it hurts, in the wallet."
https://semiaccurate.com/2018/01/04/kaiser-security-holes-will-devastate-intels-marketshare/

 

Thank you to share your opinion on my thoughts.iam just feels like i have lost trust in Intel,if its true that they cannot fixed this problems on hardware level.like i mentioned,a day befor the bad news,i upgraded my rig and i was very happy with it.it was like a nightmare what happend after,there is a chance that all the intel cpu user will loosing performance in the near future.i just have this feeling that they dont want to decrease the speed by 20-60% at once,step by step and they have a hope we will swallow this.

 

I planned to turn my Sandy to server. There it is safe without patching as only executed code will be OS + server app. So no random code from web and so on.