Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

catsay · January 18, 2018, 10:20pm

These logos make no damn sense. And look generally fuddy.

Intel based

Solaris based

First mention of the URL i can find anywhere so far:

Some further observations:

Domain registered only 8 days after meltdownattack.com yet is “based on the work highlighted by Meltdown and Spectre”. Doesn’t seems like enough time to have come up with something significant enough to give a name to.
Goes out of its way to copy the font used by meltdownattack.com and advertises itself with the names of meltdown and spectre, and their CVE IDs without listing its own. If what they say is true and followed responsible disclosure it should have its own CVE IDs reserved by now.
Unlike meltdown: Where are the mysterious OS patches talked about about if it’s going to be announced when “operating system vendors have prepared patches.”
If it’s actually important enough to be under “embargo”, why are they even hinting details on a public website about it. This is the most insane aspect.
The skyfall icon with it’s alpha color blank space…

And that’s about all we have for now.

Pholostan · January 18, 2018, 10:23pm

Yes? Pretty much the only thing Intel can do is to supply the microcode update? It has always been up to the vendor to support their customers.

For help-yourself people there are tools like UBU (all hail SoniX):
https://www.win-raid.com/t3352f47-First-Aid-by-CPU-Microcode-Update-via-UBU-Tool.html
https://www.win-raid.com/t154f16-Tool-Guide-News-quot-UEFI-BIOS-Updater-quot-UBU.html

And the microcode repo project:

catsay · January 18, 2018, 10:32pm

So now I know Tim Hall does and Rob possibly might also work for Oracle.

First mention of URL I can find anywhere.

noenken · January 18, 2018, 11:03pm

Tim’s answer is epic. xD

thevillageidiot · January 18, 2018, 11:05pm

uh… something else to track

Pholostan · January 18, 2018, 11:46pm

We believe that it is 99% sure this is maybe a joke.

torpcoms · January 19, 2018, 4:45am

@noenken When this reaches 1000 posts, can you add the megathread tag?

noenken · January 19, 2018, 7:06am

I guess bit does that do anything?

torpcoms · January 19, 2018, 7:07am

I don’t think so, I just think the thread has earned it at that point

Klingon00 · January 20, 2018, 5:52pm

So has anyone started seeing Spectre BIOS updates for AM4 motherboards yet? I wonder when we can expect to get those?

Steinwerks · January 20, 2018, 5:54pm

Hmm, ASUS just released a new 3404 BIOS for the Prime X370 Pro, but it just lists “Improve system performance;” for changes.

Pholostan · January 22, 2018, 1:08am

noenken · January 22, 2018, 1:12am

That would be bad, even more bad than it already is, by … like … a lot.

Vordreller · January 22, 2018, 5:36am

Meanwhile, on the LKML: https://lkml.org/lkml/2018/1/21/192

Intel just doesn’t care, it seems.

MazeFrame · January 22, 2018, 5:59am

What I take from this, is that management is pushing some bullshit agenda and engineers try their best to work arround that. The resulting clusterfuck is then pushed to everyone.

noenken · January 22, 2018, 6:54am

Damn, that is disappointing to read. I don’t have a clue about pretty much any of it but I do have the same feeling, @MazeFrame.

Would be nice to see at least some tech sites picking this up.
Intel seems to need a slap in the face … with a brick.

turin231 · January 22, 2018, 9:51am

The Aorus AX-370 k5 also released its last update in 8th of December. So nothing yet.

noenken · January 22, 2018, 12:08pm

Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes

kaanozt · January 22, 2018, 12:13pm

hello i dont know much about the software end of operating systems(when i say not much i mean i could not differantiate between the zodiac code and computer language) or how they procees different tasks but i have been reading up on Meltdown and Spectre lately to stay in the loop. As far as i understand it is a proccess that attacts the dumped processes a cpu has done because it thought it needed them but when it is done with them dumps them into the cache as unnecessary which these two attacks target.

My question is whether it is necessery for it to dump them into cache instead of overwriting them with the next process or deleting them instead, and what would the downside of not predicting the processes would be ?

this seemed like the most appropriate topic to ask this question however if this is not the case feel free to ignore or remove this post but i would appreciate it if you pointed me in the right direction as to where i can discuss this.

Regards
<Name

noenken · January 22, 2018, 12:20pm

Yeah, that sounds about how I understand it too.

Massive performance loss.