Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#729


#730

Hello good sir, did you get a chance to benchmark the 3930 pre and post patch? I have two here and wondering if I should patch them or not… I will eventually have too, just want to make sure i’m not killing the rest of the power I have :stuck_out_tongue:

Thanks!


#731

Please see below. but was already posted above.
not huge Difference


#732

Woops must have missed it while searching. Thank you sir!


#733

Yes if only I had a ryzen laptop. I hope intel gets its shit together. I havent looked into the details of the security flaw but the performance impact alone I feel might actually be noticeable. TO my knowledge however is that the attacks are simply informational aka read only attacks…

The real question is with such a huge bug affecting so much why are we just now discovering it?

I guess it brings to light the advantages of opening the architecture up a bit. I think once I watched a video discussion between lunduke and of course the rather more infamous RMS about how we continue to build and build architecture ontop of previous architecture whos bugs havent fully been discovered yet and that something like this might eventually occur. Its kind of funny to see that this all came into alignment.

I have already looked into patching my systems as of January 3rd


#734

@wendell Is there an up to date, compiled list of links or something I can give to my boss at work. I work in IT and he sent company wide email containing a Yahoo Money article Friday or something and I was like, "dude Ive been tracking this all week. " I want to hook him up with the good information not that crap he gets thats filtered by the MSM.


#735

Uhm, have you seen the first post of this thread?


#737

People are paying you for this as part of your job. Do the work and come up with the research and a report if needed.


#740

Well, I don’t care.

And speaking of …

Maybe don’t ask for help by starting with the words ‘I need’?


#741

you are correct. I will adjust my request post accordingly.


#742

Here is a list of the links I have so far for reference:

Summary

https://wccftech.com/intel-kernel-memory-leak-bug-speculative-execution-performance-hit/
https://newcmi.com/security-bulletin/intel-security-bug-meltdown-spectre/
https://thehackernews.com/2017/11/intel-chipset-flaws.html
https://thehackernews.com/2018/01/meltdown-spectre-patches.html
https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html
https://thehackernews.com/2018/01/intel-kernel-vulnerability.html
https://www.fsf.org/blogs/community/active-management-technology
https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
https://www.bankinfosecurity.com/intels-amt-flaw-worse-than-feared-a-9901
https://meltdownattack.com/
http://www.zdnet.com/article/how-linux-is-dealing-with-meltdown-and-spectre/
http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/
https://www.extremetech.com/computing/248919-major-intel-security-flaw-serious-first-thought
https://www.npr.org/sections/thetwo-way/2018/01/04/575573411/intel-acknowledges-chip-level-security-vulnerability-in-processors
https://www.wired.com/story/meltdown-and-spectre-vulnerability-fix/
https://seekingalpha.com/article/4135558-intel-security-risk-much-worse-management-commentary-indicates
https://www.tweaktown.com/news/58520/intel-cpu-engineer-leaves-20-years/index.html
https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html


#743

Yes, is that not normal?

A 2u rx2600 providing thermal mass in my basement. Was just starting to mentally part with it…


#744

Yeah, don’t hide it behind a spoiler, it accidentally clicks the link for those of us what want to open the links in a private window cause cookies.


#745

I see a few links related to the AMT problems in that list. Don’t confuse these with spectre and meltdown.


#746

The embargo is still up until tomorrow. I expect there will be more info then.


#747

Meltdown patch in action gallery:

Five graphs with source links. All I’ve seen so far. All pretty bad.
Graphs collected by /u/ceremony64.


#748

I included those to show how far back these problems have been. Most were not even aware of the AMT issues and we are trained to configure AMT on boards. I thought they should know.

Usually the spoiler does what the Details this does but it is now behind the Details.


#749

The sad reality of meltdown.

And why it makes most businesses no less secure than before :wink:


#750

Login without a password as usual :stuck_out_tongue:


#751
CVE Group GPZ number GPZ naming
CVE-2017-5715 Spectre variant 2 branch target injection
CVE-2017-5753 Spectre variant 1 bounds check bypass
CVE-2017-5754 Meltdown variant 3 rogue data cache load

Exploit homepages are spectreattack.com and meltdownattack.com, although both are the same.

Summaries so far


Here are some official pages from US Gov CERT or UK Gov CERT if that is more your thing. CERT-EU is just a glorified RSS/Atom reader, and doesn’t have a page.

@catsay also started a thread for trying to list CPUs that are not vulnerable at all, and I am trying to figure out what the situation is for POWER/PowerPC here.