Intel CPU Bug (Meltdown and Spectre)


V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,563
Reaction score
1,881
Some possibly very bad news for Intel.

If the reports are accurate, it appears that Intel might have a pretty severe chip-level security bug on its hands that cannot be simply swatted away with a microcode update. The bug affects all modern Intel processors dating back at least a decade.

We should note that squashing the bug requires a patch at the OS level; and Linux patches have already been distributed (with redacted comments). Microsoft is expected to address the bug in its monthly Patch Tuesday update. The circumstances surrounding the exploit are currently under embargo, but some details are starting to make their way to the public spotlight, thanks to reporting over at Python Sweetness and The Register.
Source

More:
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Source

Initial benchmarks: https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2


 
Ad

Advertisements

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,799
Reaction score
1,458
Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Ouch... some of those benchmarks take a significant hit. I wonder if this is due to it being a quick patch to fix the vulnerability, which can be optimised at a later date, or if it's a hit we just have to suck up. I'll be keeping a close eye to see how this affects the server CPU.
 

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,563
Reaction score
1,881
Yeah the numbers don't sound too good tbh.

You probably understand this better than I do to be honest, but from what I read it seems its going to be more the server/enterprise and VM users that suffer the most.
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,799
Reaction score
1,458
I bet there's a lot of panic with cloud computing providers - Amazon S3, Azure and the likes :eek:. Hopefully the performance impact isn't as bad as it sounds.
 
Ad

Advertisements

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,563
Reaction score
1,881
Looks like desktop users are pretty much unaffected: Servers/datacentres might be more affected though.

Just as well as I got the update this morning as I posted the link above.

 

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,563
Reaction score
1,881
Well I must admit, following the emergency update yesterday morning I've not noticed any issues/slowdown etc here. Had a couple of rounds of BF1 and its ran just as good as ever.

Think this has been blown out of proportion a little perhaps.

Edit: Ah. Well thats a lot of hardware that won't be fixed then isnt' it. Even my Mb hasn't had a BIOS update since 2014. :rolleyes:

https://support.microsoft.com/en-gb...ive-execution-side-channel-vulnerabilities-in

Warning

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.
Note Surface customers will receive a microcode update via Windows update.
 

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,799
Reaction score
1,458
I just hope we don't see anything exploiting this in the wild any time soon, as this mess is going to take a while to sort out.

How long before we see new hardware without these flaws? Is it too early to assume the next CPU generation will have fixes in place?
 

Abarbarian

Acruncher
Joined
Sep 30, 2005
Messages
10,949
Reaction score
1,185
I am so glad I installed a AMD CPU:lol:
Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” that affect many modern processors and operating systems, including Intel, AMD, and ARM.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS, so we advise customers to seek guidance from those vendors.

:p
 
Ad

Advertisements

Joined
Jul 11, 2010
Messages
5,758
Reaction score
552
Just wondering what is your view on these Meltdown and Spectre viruses on Linux, Windows and other devices. Are the software developers for all distro's /Operating Systems well behind the curve as this has been in extence for some time.
 
Ad

Advertisements

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,563
Reaction score
1,881
The windows side of it is patched, as is Linux I think. But you will still need a 'Processor Microcode' update to protect you from the bugs.

http://www.techradar.com/news/intel...own-and-spectre-after-latest-security-updates


List of affected CPU's. (Spoiler alert: they should have saved some time and just listed the ones that aren't affected)

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr


Also something worth reading: http://www.techradar.com/how-to/how-to-protect-against-the-meltdown-and-spectre-cpu-security-flaws

Update: Apple has now admitted that Meltdown and Spectre flaws affect its Mac and iPhone products, so we've updated our advice in the relevant sections.
Already running the January security update on my Pixel 2XL. :thumb:
 
Ad

Advertisements

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
10,044
Reaction score
2,008
I've downloaded the Windows patch, KB4056892, on 06-01-2018 and all seems well.

Does this give total protection from the problem or is it only partial cover? Or no cover at all? :D
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top