Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#833

I am going to wait and see this coroborated elsewhere first before I believe it

also…

if amd TRULY wanted to capitalise on this it would offer a bounty of say $1m to ANYONE who could deliver a viable proof of concept… and I am not just talking about a ‘yep, its doing SOMETHING it shouldnt!’ I am talking actual data theft from the machine.


#834

https://forum.level1techs.com/clicks/track?url=https%3A%2F%2Fwww.phoronix.com%2Fscan.php%3Fpage%3Dnews_item%26px%3DNVIDIA-GPU-Driver-Spectre-Fixes&post_id=2238564&topic_id=123044


#836

About to reboot after patching the PC. Fingers crossed, worst case scenario I have to crank up the clock speed to offset whatever performance I lose.


#837

No

I am talking about A bounty against themselves

If amd believe they are so immune to this then offer a bounty for someone to try and crack ryzen

sorry if I am typing /explaining myself poorly, on the train on a very diddy tablet - hard to type

If they are certain of their immunity then its just VERY AWESOME free publicity which raises their profile in the data centre :smiley:

Sure its balsy and not without danger of back firing if someone out there is smarter than all of amd’s cpu experts… but I think it’s an acceptable risk.


#838

Yeah, took a while… I need coffee. xD


And that was the last time we heard from the captain. :disappointed_relieved:


#839

well well well, seems like it might be legit :smiley:

…funniest thing about that article is that the driver also contains a bug fix for…

DUN DUN DUN!

ARKHAM KNIGHT

Cracked me up, bit f*cking late for that :smiley:


#840

#841

Truth be told, Arkham Night is about as bad as Spectre and Meltdown combined


#842

Well, it didn’t brick them on 4.9.75, it simply locked up threads so hard that it “hard” soft locked.


#843

While that is true (they can’t change the silicon at that point obviously), they could have at least provided them with the microcode update that helps with the mitigation, no?

Then again 99,9% of people would not patch if MS wasn’t babysitting them, and they would still be on whatever release version of their OS they have.

You could think that the title and that paragraph are misleading, because they are. MS has only stopped the rollout for affected CPUs.

Of course I have neither seen the datasheets nor MS’ code, but as I understand they didn’t say they were outdated, just that the chipsets did not work the way they were documented. Or in other words: they got wrong information in the documentation. If that’s true or not is a different story, but if it is then I see nothing wrong with them pointing the finger. They can only work with the documentation they have at hand.

You can choose to not do the update though last time I checked (well, depends how you set up windows update I guess). But it is possible. If not in the Windows Update side of things it’s possible with group policy. Then again… Windows 10 Home users are at a loss there.

The hardware is immune according to nvidia. They just patched the driver because basically every software has to be patched. So they’re doing the right thing for once and still get the blame? :confused: (If what they say is true that is)


#845

That’s how I’ve been reading it too. Seems that its not good enough to do the right thing anymore, you also need a good PR team to also help explain it.


#846

lol Nvidia and good PR now that is a joke in and of its self.


#847

I guess that article about IBM answers my earlier question, about if IBM knew in advance:

Either that or just the development teams was told, but not customer service?
It really doesn’t make any sense to me.


#848

#849

AMD have updated their statement:
AMD Processor Security

For Spectre type 2:

AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks.

So, look out for BIOS/UEFI updates or microcode updates. I spotted a bugfix on LKML for updating Zen ucode, so you’ll probably need a Linux kernel update with this fix as well as the updated firmware.


#850

You can solve this by having automatic updates on by default. This factor does not justify windows home not giving you the choice to either disable them and an easy way to rollback (at least for important system updates) afterwards.


#851

I havent read whole topic but i want to share something. Ive seen that Asus and MSI annouced that they released some Spectre patches for their BIOSes. I wrote to Asrock with a little colored history of my attempt to buy new rig this year with Taichi mobo. And some intereresting thing came out on this conversation :smiley:

My fist message:

ASROCK response

My response with links

[quote]Heres MSI link
https://www.msi.com/news/detail/QBtu17JtU-SNqngsOFiiFbZZE0aYFIicVzCJZ7BDuyfHcZnxQNrE3uwkiUor437JtN5UyEv_PKbKx1DpEUNxNA~~?utm_source=facebook&utm_medium=social&utm_campaign=mb-post&utm_content=0111-z370-security-update]

As for Asus its a little bit more complicated as i haven seen one info about it as MSI did but ive seen user reports from some IT forums i follow. It would be hard to find those claims because topics about Spectre/Meltdown have many pages and most of them are in Polish. But heres a link to bios udpdate site based on report of one of the users i found now.
Oh and one more thing. It would not hurt you if you would release some short info on your website and facebook that you already workin on the problem. Customers would know that you dont have their interests in your back but you care about their security.

PS. Is there any chance that Asrock Z68 pro3 will also get this patch?


[/quote]

And AROCKs very interesting response :smiley:

Offcourse i checked some of the MSI files and indeed their dates are from December!

//EDIT
MSI Poland keeps deleting my comment about this on Facebook page :smiley:


#852

Brilliant.


#853

I know for a fact that Dell has released patches for their servers. Probably not public mind you, but if you have a support contact you already have patches.


#854

Can somebody can check do MSI bioses have 80 microcode not 7C as Asrock claim? Because some users report that those bioses has newer date in flash tool despite of file date.