Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#1201

I fear that AMD is vulnerable just like Intel, but AMD CPUs aren’t under as much scrutiny, for as long.


#1202

I certainly agree. Unfortunatly it is a waiting game at this point.


#1203

I’m sure this is the case. I noticed people tend to give AMD the benefit of the doubt more than Intel.

It’s the malware on Windows problem, I think, too. Intel vastly outweighs AMD in the cloud/enterprise market, so they’re the ones getting tested on PoCs and CVEs.


#1204

Something will come up sooner or later, just has to be seen how severe it will be. I figure it is coming soon too, just that the Intel stuff is a gold mine with all directions being exploited so itnwill take a while to really uncover it all.


#1205

The msSQL performance on e5-2666v3 (virtualization) dropped so far by around 41% (from first security patches.) – one certain SQL used for tracking, we had running on 4 cores, had aprox 30% cpu utlization after patches to get around same load it goes to 60-70’s, and since upgraded to 8 cores to keep same execution times.


#1206

I was wondering about performance in VM situations as the L1 mitigation should be really hurting there and I don’t see it tested in the article. 41% Is pretty huge as this could cause lots of companies to buy more hardware.


#1207

we’ll see, so far customers are obviously notified about it - so we don’t take it on ourselves. Tho in terms of performance we are back around Nahalem physical setup levels now. Other than SQL, i haven’t noticed much issues on IIS or utility servers running virtualized windows boxes. In the end its going to be customers who’ll hurt rather than companies.


#1208

Doubt it (as far as “just like intel” goes).

You can be damned sure that the very first thing intel would have done upon being notified of this vulnerability (or any vulnerability) would be to try it on competitor hardware in order to throw shade if they were also vulnerable (“It’s not just us! Look at AMD too!”).

I have faith at this point, that AMD have not made quite as retarded decisions. I’m not saying that AMD are immune to dumb shit, but from the meltdown stuff its clear that intel have been “pushing the boundaries” (read: blatantly disregarding) regarding security vs. performance trade-offs.

I think AMD are far more retarded in terms of marketing than engineering.


#1209

Fair argument, but just because an exploit doesn’t work on a chip, doesn’t mean they’re not similarly vulnerable. As in, it’s a similar class of exploit, but due to architectural differences, you can’t use the same one across platform.


#1210

Can’t say I have the same era of faith, but I’m willing to give them the benefit of the doubt. My experience with Ryzen 2 has been pretty pleasant. Curious to see what they’re going to do GPU wise.


#1211

We’ve got an AMD speculation thread for that (the GPU stuff), but I think you describe how I’m thinking about AMDs security very well.

I’ll give them the benefit of the doubt, but I won’t be surprised at all if there’s a major “oh fuck” moment.


#1212

Brace yourselves… it’s…

9700K is looking enticing right now.


#1213

Why is it with most of these things that they always ‘suspect’ amd processors are also impacted but never bother actually proving it.

Is it purely because they can’t be bothered?


#1214

2018%20hardware%20vulnerabilities%20summarized


#1215

PoC

Description

https://www.openwall.com/lists/oss-security/2018/11/01/4


#1216

Heh, how unexpected (not). OpenBSD disabled HyperThreading months ago for security reasons.


#1217

This will be very interesting if it turns out rumors of AMD’s Rome Epyc line are true and dual socket systems can push 128 real cores with no SMT.

The article from ZDNet quotes the researchers as specifically targeting SMT technologies and the desire to eliminate architectures’ use of it at all.


#1218

It’s still not over.


#1219

Awww. WTF. Intel :frowning: why you did whatyou did?


#1220

Bet those (previously) smug i9-9xxx users are regretting not just getting the i7 without hyperthreading now :smiley:

Security hard. Intel lazily chasing low hanging performance fruit at cost to security for last decade.