Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#1180

Not sure if i like Nvidea to get their grubby little fingers in to this honey pot, not that they’l try some gpp shit or something. You know cause transparency for gamers


#1182

That is new, isn’t it? It’s slow, like really sloooowwww, but …

Called NetSpectre by the team of Graz University engineers who discovered it, the weakness is a network-based version of the Spectre Variant 1 (bounds check bypass, CVE-2017-5753) flaw first publicised earlier this year.


#1183

Slow = doesn’t matter so much, but yeah, just reading about Netspectre now.

This will be interesting. Need to insert random jitter into the network it seems :smiley:


#1184

Despite Google’s own Project Zero being part of the discovery team for the Meltdown and Spectre vulnerabilities, Google itself wasn’t notified until 45 days after the initial report was sent to Intel, AMD and ARM.

Turns out when it comes to communication they all suck equally.


#1185

it just keeps coming out left right and centre.


#1186

Those seem to be new things and not part of the spectre or even spectre NG family.
Would you mind making a new topic about it?


#1187

Done :+1:t2:


#1188

oh intel :slight_smile:

(yes, another link re: the above).

So glad i went AMD this time.


#1189

It’s probably been said to death in this thread already and I will pretend I read all that and concur:

These are entire classes of bugs that just started being discovered. Don’t expect it to end any time soon. These systems are fundamentally flawed in principle. And they’re going to keep making them that way, because they don’t have a choice right now.


#1190

Well, in this case it was an intel optimisation decision: access resource prior to checking access rights (sure, it’s faster, but incredibly stupid and short sighted IMHO and proving to be so now).

AMD didn’t do that. Yes, spectre is across the board, but these meltdown style attacks (such as Meltdown, Foreshadow, etc.) are intel specific.

edit:
Foreshadow is directly related to the same root cause as meltdown…


#1191

I’m guessing the would rather have the optimization in hardware and disable it in software to satisfy the customers who are more worried about performance than security. It probably is an unattractive task to re-implement everything they’ve been building on top of this foundation for the past checks tree rings scratch that, I guess they may have bit that bullet already :smiley:

From the Ars article:

Longer term, Intel promises to fix the issue in hardware. Cascade Lake processors, due to ship later this year, will not suffer the L1TF (or Meltdown) issues at all, suggesting that the new processors will change how they handle the permission checks to prevent speculative execution from running ahead of permissions checks.


#1192

Will be interested to see how this impacts their “IPC advantage” vs. AMD.

AMD never did this stuff, and sure, its an optimisation… but at the cost of “doing it wrong”…

edit:
already the 2700x and 8700k are pretty close in terms of IPC, its just clocks now…