Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#1099

https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430 says this:

Smaller competitors, though, continue to struggle. DigitalOcean Inc., a cloud-services seller, said Jan. 19 it was still testing a fix for its customers. Rackspace Inc. said last Wednesday it has several teams working on a fix. The cloud company earlier in January told customers it understood the situation “can be frustrating.”

The DHS also stumbled with its initial guidance. The agency’s Computer Emergency Response Team first linked to an advisory stating the only way to “fully remove” the flaws was by replacing the chip. CERT now advises users instead to patch their systems.


#1100

Huh, imagine running across that just now. Cyxix (6x86) also did branch prediction and speculative execution: https://youtu.be/iWGAdoMz1c0?t=14m6s


#1101

Yup.


#1102

Are they sure about this? The I don’t remember seeing this on the DHS CERT page, only on the Carnegie Mellon CERT page.

US-CERT https://us-cert.gov
SEI CMU CERT https://kb.cert.org
are two different organisations, though DHS does sponsor the Carnegie Mellon site


#1103

#1104

It an out of band emergency patch as well. Possible lost of data :frowning: . That seems to be from the rebooting however.


#1105

Bummer… wait for it… AMD :rofl:


#1106

And there is the Intel told select partners (including companies in China) a year ago but not governments including the US. I dont think that so bad but the everyone is our enemy on the news makes it look bad.

I mean governments would not fix it only exploit it. Well Intel did not fix it either in that year so there is that.


#1107

I was reading that… That is not good.


#1108

Is Intel 486 and VIA affected?
I have a bunch of those machines.


#1109

#1111

grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline

One of the systems i have on an old ass AMD APU. When does V1 spectre get patched ? Will it even be required.


#1112

Peter Bright of Arse Technica was so right in putting the blame for the consequences of the week-early leak on ‘irresponsible’ The Register and AMD.


#1113

Do you think Intel, given that extra week, wouldn’t have borked their own patches? I’m guessing they would’ve released the same ones that have had to be rolled back anyway.


#1114

OMG. that is actually a thing. I can only give one like but you have my full gratitude.


#1115

no, considering they have known about it for almost a year. 9 month iirc


#1116

( ͡° ͜ʖ ͡°)


#1117

Agree, Intel has had to time to ponder a patch. They just didn’t it seems.


#1118

Yup. Not everyone missed this significant detail.


#1119

Honestly if you know how Intel + Vendors make their hardware ecosystem it’s pretty obvious that from a business standpoint industries in China will be among the very first to find out.

It’s just bound to happen.

A large part of their R&D and manufacturing is located in China.

As for informing the US Goverment/CERT etc. Those are all secondary to a multinational like Intel.

They have all the governments to worry about.

If anyone thought Intel was solely beholden to the US government first and foremost they are sorely mistaken. Most multinationals will work according to their Business structure and bottom line first and foremost.