Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#978

These logos make no damn sense. And look generally fuddy.

Intel based

Solaris based

First mention of the URL i can find anywhere so far:

Some further observations:

  • Domain registered only 8 days after meltdownattack.com yet is “based on the work highlighted by Meltdown and Spectre”. Doesn’t seems like enough time to have come up with something significant enough to give a name to.

  • Goes out of its way to copy the font used by meltdownattack.com and advertises itself with the names of meltdown and spectre, and their CVE IDs without listing its own. If what they say is true and followed responsible disclosure it should have its own CVE IDs reserved by now.

  • Unlike meltdown: Where are the mysterious OS patches talked about about if it’s going to be announced when “operating system vendors have prepared patches.”

  • If it’s actually important enough to be under “embargo”, why are they even hinting details on a public website about it. This is the most insane aspect.

  • The skyfall icon with it’s alpha color blank space…

image

And that’s about all we have for now.


#979

Yes? Pretty much the only thing Intel can do is to supply the microcode update? It has always been up to the vendor to support their customers.

For help-yourself people there are tools like UBU (all hail SoniX):
https://www.win-raid.com/t3352f47-First-Aid-by-CPU-Microcode-Update-via-UBU-Tool.html
https://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html

And the microcode repo project:


#980

So now I know Tim Hall does and Rob possibly might also work for Oracle.

image

First mention of URL I can find anywhere.


#981

Tim’s answer is epic. xD


#982

uh… something else to track :frowning:


#983

We believe that it is 99% sure this is maybe a joke.


#984

@noenken When this reaches 1000 posts, can you add the megathread tag?


#985

I guess bit does that do anything?


#986

I don’t think so, I just think the thread has earned it at that point :slight_smile:


#987

So has anyone started seeing Spectre BIOS updates for AM4 motherboards yet? I wonder when we can expect to get those?


#988

Hmm, ASUS just released a new 3404 BIOS for the Prime X370 Pro, but it just lists “Improve system performance;” for changes.


#990

image


#991

That would be bad, even more bad than it already is, by … like … a lot.


#992

Meanwhile, on the LKML: https://lkml.org/lkml/2018/1/21/192

Intel just doesn’t care, it seems.


#993

What I take from this, is that management is pushing some bullshit agenda and engineers try their best to work arround that. The resulting clusterfuck is then pushed to everyone.


#994

Damn, that is disappointing to read. I don’t have a clue about pretty much any of it but I do have the same feeling, @MazeFrame.

Would be nice to see at least some tech sites picking this up.
Intel seems to need a slap in the face … with a brick.


#995

The Aorus AX-370 k5 also released its last update in 8th of December. So nothing yet.


#996

Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes


#997

hello i dont know much about the software end of operating systems(when i say not much i mean i could not differantiate between the zodiac code and computer language) or how they procees different tasks but i have been reading up on Meltdown and Spectre lately to stay in the loop. As far as i understand it is a proccess that attacts the dumped processes a cpu has done because it thought it needed them but when it is done with them dumps them into the cache as unnecessary which these two attacks target.

My question is whether it is necessery for it to dump them into cache instead of overwriting them with the next process or deleting them instead, and what would the downside of not predicting the processes would be ?

this seemed like the most appropriate topic to ask this question however if this is not the case feel free to ignore or remove this post but i would appreciate it if you pointed me in the right direction as to where i can discuss this.

Regards
<Name


#998

Yeah, that sounds about how I understand it too.

Massive performance loss.