Intel CPU Bug (Meltdown and Spectre)

[V_R]

Some possibly very bad news for Intel.

If the reports are accurate, it appears that Intel might have a pretty severe chip-level security bug on its hands that cannot be simply swatted away with a microcode update. The bug affects all modern Intel processors dating back at least a decade.

We should note that squashing the bug requires a patch at the OS level; and Linux patches have already been distributed (with redacted comments). Microsoft is expected to address the bug in its monthly Patch Tuesday update. The circumstances surrounding the exploit are currently under embargo, but some details are starting to make their way to the public spotlight, thanks to reporting over at Python Sweetness and The Register.

Source

More:

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Source

Initial benchmarks: https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

 

[Ian]

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Ouch... some of those benchmarks take a significant hit. I wonder if this is due to it being a quick patch to fix the vulnerability, which can be optimised at a later date, or if it's a hit we just have to suck up. I'll be keeping a close eye to see how this affects the server CPU.

 

[V_R]

Yeah the numbers don't sound too good tbh.

You probably understand this better than I do to be honest, but from what I read it seems its going to be more the server/enterprise and VM users that suffer the most.

 

[Ian]

I bet there's a lot of panic with cloud computing providers - Amazon S3, Azure and the likes . Hopefully the performance impact isn't as bad as it sounds.

 

[V_R]

50%

https://news.sky.com/story/computers-face-global-slowdown-due-to-flaw-in-intel-chips-11193992

Lol Sky, stick to Brexit....

 

[V_R]

https://www.windowscentral.com/microsoft-pushing-out-emergency-fix-newly-disclosed-processor-exploit

 

[V_R]

Looks like desktop users are pretty much unaffected: Servers/datacentres might be more affected though.

Just as well as I got the update this morning as I posted the link above.

 

[bootneck02]

I am so glad I installed a AMD CPU

 

[V_R]

Well I must admit, following the emergency update yesterday morning I've not noticed any issues/slowdown etc here. Had a couple of rounds of BF1 and its ran just as good as ever.

Think this has been blown out of proportion a little perhaps.

Edit: Ah. Well thats a lot of hardware that won't be fixed then isnt' it. Even my Mb hasn't had a BIOS update since 2014.

https://support.microsoft.com/en-gb...ive-execution-side-channel-vulnerabilities-in

Warning

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.
Note Surface customers will receive a microcode update via Windows update.

 

[Ian]

I just hope we don't see anything exploiting this in the wild any time soon, as this mess is going to take a while to sort out.

How long before we see new hardware without these flaws? Is it too early to assume the next CPU generation will have fixes in place?

 

[Abarbarian]

I am so glad I installed a AMD CPU

Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS, so we advise customers to seek guidance from those vendors.

 

[muckshifter]

I am so glad I installed a AMD CPU

well, actually, you are 'vulnerable' ... it's just that someone will need to be at your PC to use the 'bug' ... if they at your PC, then you more than dorked.

 

[EvanDavis]

Crapple are affected as well.

http://money.cnn.com/2018/01/04/technology/business/apple-macs-ios-spectre-meltdown/index.html

 

[V_R]

Everyone is, even ARM.

 

[bootneck02]

well, actually, you are 'vulnerable' ... it's just that someone will need to be at your PC to use the 'bug' ... if they at your PC, then you more than dorked.

Oh bugger.

 

[bootneck02]

Just wondering what is your view on these Meltdown and Spectre viruses on Linux, Windows and other devices. Are the software developers for all distro's /Operating Systems well behind the curve as this has been in extence for some time.

 

[V_R]

The windows side of it is patched, as is Linux I think. But you will still need a 'Processor Microcode' update to protect you from the bugs.

http://www.techradar.com/news/intel...own-and-spectre-after-latest-security-updates


List of affected CPU's. (Spoiler alert: they should have saved some time and just listed the ones that aren't affected)

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr


Also something worth reading: http://www.techradar.com/how-to/how-to-protect-against-the-meltdown-and-spectre-cpu-security-flaws

Update: Apple has now admitted that Meltdown and Spectre flaws affect its Mac and iPhone products, so we've updated our advice in the relevant sections.

Already running the January security update on my Pixel 2XL.

 

[V_R]

https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/

 

[V_R]

 

[nivrip]

I've downloaded the Windows patch, KB4056892, on 06-01-2018 and all seems well.

Does this give total protection from the problem or is it only partial cover? Or no cover at all?