ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Major Intel CPU vulnerability

    Scheduled Pinned Locked Moved IT Discussion
    260 Posts 29 Posters 41.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Obsolesce
      last edited by

      @tim_g said in Major Intel CPU vulnerability:

      Yeah, I guess we need to wait for more info... things just aren't making sense.

      My guess is the media is reporting this wrong... or Intel is leaking incorrect information.

      Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.

      ObsolesceO 1 Reply Last reply Reply Quote 1
      • ObsolesceO
        Obsolesce @scottalanmiller
        last edited by

        @scottalanmiller said in Major Intel CPU vulnerability:

        @tim_g said in Major Intel CPU vulnerability:

        Yeah, I guess we need to wait for more info... things just aren't making sense.

        My guess is the media is reporting this wrong... or Intel is leaking incorrect information.

        Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.

        Well yeah they both have so much to lose, especially Google.

        Google has a big reputation for being security-focused. Now that's all shot to pieces imo.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Obsolesce
          last edited by

          @tim_g said in Major Intel CPU vulnerability:

          @scottalanmiller said in Major Intel CPU vulnerability:

          @tim_g said in Major Intel CPU vulnerability:

          Yeah, I guess we need to wait for more info... things just aren't making sense.

          My guess is the media is reporting this wrong... or Intel is leaking incorrect information.

          Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.

          Well yeah they both have so much to lose, especially Google.

          Google has a big reputation for being security-focused. Now that's all shot to pieces imo.

          They are focused on THEIR security, just not ours.

          1 Reply Last reply Reply Quote 1
          • IRJI
            IRJ
            last edited by

            There are two different vulns. One is specifically Intel and one is all processors. The Intel vulnerability is much worse and requires firmware updates and OS patching. The other flaw can be fixed with just OS patches

            1 Reply Last reply Reply Quote 0
            • IRJI
              IRJ
              last edited by

              Driving at the moment I'll share more later

              1 Reply Last reply Reply Quote 0
              • IRJI
                IRJ
                last edited by

                Meltdown is Intel specific. Speculative execution affects all processors

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • MattSpellerM
                  MattSpeller
                  last edited by

                  Can someone TLDR this mess for me?

                  If stuff isn't getting BIOS updates to "fix" this is it worth keeping the hardware?

                  Anyone going full out replacements? With what?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @IRJ
                    last edited by

                    @irj said in Major Intel CPU vulnerability:

                    Meltdown is Intel specific. Speculative execution affects all processors

                    But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.

                    IRJI 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @MattSpeller
                      last edited by

                      @mattspeller said in Major Intel CPU vulnerability:

                      Can someone TLDR this mess for me?

                      If stuff isn't getting BIOS updates to "fix" this is it worth keeping the hardware?

                      Anyone going full out replacements? With what?

                      With AMD!

                      1 Reply Last reply Reply Quote 1
                      • IRJI
                        IRJ @scottalanmiller
                        last edited by

                        @scottalanmiller said in Major Intel CPU vulnerability:

                        @irj said in Major Intel CPU vulnerability:

                        Meltdown is Intel specific. Speculative execution affects all processors

                        But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.

                        Unlike Meltdown, which impacts mostly Intel CPUs, Spectre’s proof of concept works against everyone, including ARM and AMD. Its attacks are pulled off differently — one variant targets branch prediction — and it’s not clear there are hardware solutions to this class of problems, for anyone.

                        https://www.extremetech.com/computing/261439-spectre-meltdown-new-critical-security-flaws-explored-explained

                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @IRJ
                          last edited by

                          @irj said in Major Intel CPU vulnerability:

                          @scottalanmiller said in Major Intel CPU vulnerability:

                          @irj said in Major Intel CPU vulnerability:

                          Meltdown is Intel specific. Speculative execution affects all processors

                          But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.

                          Unlike Meltdown, which impacts mostly Intel CPUs, Spectre’s proof of concept works against everyone, including ARM and AMD. Its attacks are pulled off differently — one variant targets branch prediction — and it’s not clear there are hardware solutions to this class of problems, for anyone.

                          https://www.extremetech.com/computing/261439-spectre-meltdown-new-critical-security-flaws-explored-explained

                          But why is no one talking about processors in general, only those three specific ones?

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @IRJ
                            last edited by

                            @irj said in Major Intel CPU vulnerability:

                            https://www.extremetech.com/computing/261439-spectre-meltdown-new-critical-security-flaws-explored-explained

                            This article very clearly mentions processors from Intel, AMD, and ARM. They don't even suggest that it's a standard problem, but that it is something that these three did.

                            And nearly everyone when mentioning Intel points out that it is only some of their procs and not others, like IA64. They don't say IA64 isn't affected, they just say that Intel's x86_64 is the one affected, which isn't IA64.

                            And chips don't come "from" ARM, so that's confusing. Is it anyone using an ARM design?

                            Because whatever this is has to be a design thing, it's odd that they keep mentioning companies, not products.

                            It's like there is a fuel pump leak, and they mention that Chevy, Ford, and Bombadier are affected... but never mention which models or acknowledge that Bombadier makes parts, not cars.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Here is how ExtremeTech words it: "Over the past few days we’ve covered major new security risks that struck at a number of modern microprocessors from Intel and to a much lesser extent, ARM and AMD. "

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                What process is Google Parlance? "Meltdown is Variant 3 in ARM, AMD, and Google parlance."

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  This statement certainly makes Intel's design a flaw, contradicting Intel's own statements: "Intel is badly hit by Meltdown because its speculative execution methods are fairly aggressive. Specifically, Intel CPUs are allowed to access kernel memory when performing speculative execution, even when the application in question is running in user memory space. The CPU does check to see if an invalid memory access occurs, but it performs the check after speculative execution, not before."

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    This is useful, ARM is not impacted but "will be in the future": AMD and ARM appear largely immune to Meltdown, though ARM’s upcoming Cortex-A75 is apparently impacted.

                                    1 Reply Last reply Reply Quote 2
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      AMD Zen specifically has hardware that kills Spectre. So it's not a universal threat, even against procs that use all of the features that lead to it.

                                      1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

                                        1 Reply Last reply Reply Quote 1
                                        • ObsolesceO
                                          Obsolesce
                                          last edited by

                                          Anyone see this: https://www.phoronix.com/scan.php?page=article&item=linux-kpti-wine&num=1

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            Our database vendor just reached out to tell us that 10-15% is the measured impact for our database.

                                            ObsolesceO FredtxF 2 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 12
                                            • 13
                                            • 6 / 13
                                            • First post
                                              Last post