Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

https://www.wsj.com/articles/intel-warned-chinese-companies-of-chip-flaws-before-u-s-government-1517157430 says this:

Smaller competitors, though, continue to struggle. DigitalOcean Inc., a cloud-services seller, said Jan. 19 it was still testing a fix for its customers. Rackspace Inc. said last Wednesday it has several teams working on a fix. The cloud company earlier in January told customers it understood the situation “can be frustrating.”

The DHS also stumbled with its initial guidance. The agency’s Computer Emergency Response Team first linked to an advisory stating the only way to “fully remove” the flaws was by replacing the chip. CERT now advises users instead to patch their systems.

Huh, imagine running across that just now. Cyxix (6x86) also did branch prediction and speculative execution: https://youtu.be/iWGAdoMz1c0?t=14m6s

1 Like

Yup.

Are they sure about this? The I don’t remember seeing this on the DHS CERT page, only on the Carnegie Mellon CERT page.

US-CERT https://us-cert.gov
SEI CMU CERT https://kb.cert.org
are two different organisations, though DHS does sponsor the Carnegie Mellon site

It an out of band emergency patch as well. Possible lost of data :frowning: . That seems to be from the rebooting however.

Bummer… wait for it… AMD :rofl:

2 Likes

And there is the Intel told select partners (including companies in China) a year ago but not governments including the US. I dont think that so bad but the everyone is our enemy on the news makes it look bad.

I mean governments would not fix it only exploit it. Well Intel did not fix it either in that year so there is that.

I was reading that… That is not good.

Is Intel 486 and VIA affected?
I have a bunch of those machines.

1 Like
1 Like

grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline

One of the systems i have on an old ass AMD APU. When does V1 spectre get patched ? Will it even be required.

2 Likes

Peter Bright of Arse Technica was so right in putting the blame for the consequences of the week-early leak on ‘irresponsible’ The Register and AMD.

Do you think Intel, given that extra week, wouldn’t have borked their own patches? I’m guessing they would’ve released the same ones that have had to be rolled back anyway.

1 Like

OMG. that is actually a thing. I can only give one like but you have my full gratitude.

1 Like

no, considering they have known about it for almost a year. 9 month iirc

2 Likes

( ͡° ͜ʖ ͡°)

2 Likes

Agree, Intel has had to time to ponder a patch. They just didn’t it seems.

2 Likes

Yup. Not everyone missed this significant detail.

Honestly if you know how Intel + Vendors make their hardware ecosystem it’s pretty obvious that from a business standpoint industries in China will be among the very first to find out.

It’s just bound to happen.

A large part of their R&D and manufacturing is located in China.

As for informing the US Goverment/CERT etc. Those are all secondary to a multinational like Intel.

They have all the governments to worry about.

If anyone thought Intel was solely beholden to the US government first and foremost they are sorely mistaken. Most multinationals will work according to their Business structure and bottom line first and foremost.