Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

Freaksmacker · January 4, 2018, 5:19am

https://lists.vmware.com/pipermail/security-announce/2018/000397.html

https://xenbits.xen.org/xsa/advisory-254.html

Freaksmacker · January 4, 2018, 6:00am

just circling my way in

Freaksmacker · January 4, 2018, 6:11am

https://source.android.com/security/bulletin/2018-01-01

lessaj · January 4, 2018, 6:13am

FTFY due to redirect.

Freaksmacker · January 4, 2018, 6:15am

I believe I got that off bleepingcomputers. ty

tjw · January 4, 2018, 6:16am

Can’t wait for this to get applied to 0.1% of devices.

Freaksmacker · January 4, 2018, 6:20am

Excellent point.

catsay · January 4, 2018, 6:41am

Yikes.

I got 8 popular links from just this one thread alone. That has never happened before.

Y’all are clicking like crazy.

anon54210716 · January 4, 2018, 6:55am

Some people just want to watch the world burn.

Yea_boom · January 4, 2018, 6:57am

Currently doing some benchmarks (Superposition Benchmark) on a 3930k pre and post.
i have removed the overclock to see the worst.

I just tried to install the update finding that the PC had updated to the Fall update. God Fucking Damit Microsoft.

I will re run the some of the benchmarks to see if i need to rerun all.
if i have time, i may be able to do LGA 771/775 benchmarks on the weekend. aka 10+ yeas ago

Marten · January 4, 2018, 7:04am

I gave up it never burns. Remember this

ANC - The Ultimate Vulnerability that just killed Javascript entirely CPU

Address Space Layout Randomisation (ASLR) The term probably doesn't ring a bell, but it's the principle all modern CPU's use to streamline performance, and it's even considered a security feature. It's actually a hardware feature, basically the CPU contains a cache memory that holds the memory page table, and the random attribution of memory blocks to processes is stored there. Now imagine that there is a system that allows a very simple unsuspected script to "ping" that hardware cache and thus, by pinging different regions one by one at random, can derandomize and reverse engineer the memory allocation table and it's usage by applications. That means that the memory space occupied by running applications, even system applications that are protected by the strongest software protection mechanisms like role-based access control systems, can be profiled, and this information can then be used to gain privileges or to take control over processes or to steal data, etc... Well, this script is called AnC, short for "ASLR and Cache", and is a basically very simple javascript based attack developed by the VUSec group of the Vrije Universiteit Amsterdam in the Netherlands. It basically means that - whatever operating system and security measures you're rocking - you're a sitting duck as long as you allow javascript on your machine, at least as long as you allow javacsript execution that is not your own. This means that every ad, every webpage with javascript, every app or even GUI front, even that webbased control page of your router or your RGB lighting, is a direct and highly dangerous attack vector. The only thing you can do is avoid all javascript execution ever. And the coolest thing is: there is absolutely nothing that can be done against it, because every single modern CPU has this exact vulnerability, it's a hardware vulnerability even many times worse than the two main Intel hardware vulnerabilities (cross-core bleed and NSA-style RNG's) that have alrea…

Its always separation of church and state err kernel and user land. We seem to get by in the end cause Facebook and twitter

anon54210716 · January 4, 2018, 7:11am

Yeah I do remember something like that, a podcast covered it pretty well. 256 random locations is not a big search space in early iterations of ASLR. Is it still like that?

Seperation of kernel and user? Too slow. Microsoft loves putting things in the kernel. People demand fast loading webpages. And webpages are full of javascript to push adverts. We look at adverts and buy stuff. So really we are to blame.

Marten · January 4, 2018, 7:20am

This is very similar where user-land get access to kernel pages when the CPU should through an exception error like AMD does. Intel doesnt.

Then there is reaper still similar and a x64 issue maybe but needs another fix which I dont have info on .

Same info from start of year year recap on kernel and page tables.

Down into to problem intel has starts about hear in the same video. Where there hardware not checking ring levels ie 3 user space. 0 kernel and -3 IME.

anon54210716 · January 4, 2018, 7:23am

Yup thats where I heard about it last time. I haven’t watched/listened to this one yet. Maybe this weekend.

mihawk90 · January 4, 2018, 8:01am

Except Intel stocks aren’t falling, in fact they are currently going up…

Yea_boom · January 4, 2018, 8:06am

here are the results. Pre Patch

post patch

so there is a little decrease at 1080p but not at 8K
and it’s not running crossfire, Humm
only one benchmark but still.

doman18 · January 4, 2018, 8:12am

So patch is already prepared for older versions?

Yea_boom · January 4, 2018, 8:14am

Yep for enterprise.
for home Manual install win 10 is via https://www.catalog.update.microsoft.com/Search.aspx?q=KB4056892

patch is
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

mihawk90 · January 4, 2018, 8:15am

In civilized countries this is called insider trading and a criminal offense.

doman18 · January 4, 2018, 8:24am

I was rather thinking about Windows 7, Vista and maybe XP. A LOT of institutions and companies still run windows 7.