Jump to content

All my products and services are free. All my costs are met by donations I receive from my users. If you enjoy using any of my products, please donate to support me. Thank you for your support. Tom Speirs

Patreon

Meltdown and Spectre / Intel responds to the CPU kernel bug


tthurman

Recommended Posts

Quote
 
 

Kernel-memory-leaking Intel processor design flaw forces Linux,

Final update A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

 

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

https://www.pcworld.com/article/3245508/components-processors/intel-responds-to-the-cpu-kernel-bug.html

 

 

https://meltdownattack.com/

 

 

Link to comment
Share on other sites

It's a vulnerability in the way OS handles virtual memory correct?  So if I have my computer configured to not use virtual memory, I shouldn't have any issues right?  Granted, I don't know much about these things, least of all the problem here.  But I've got my system configured to not use virtual memory because I always felt that using it was actually more detrimental to my systems speed.  At least in my experience.  It still sounds like a vulnerability that needs to be exploited, and like most exploits would require a direct interaction from the end user to initiate it.  To my knowledge, no exploits are out yet, and I'm pretty safe with my computers.  Ad-blockers, nightly virus scans, I only visit well known web pages, I only open email from people I know, and never open the attachments if I'm not expecting them.  The problem is too many internet amateurs.  Gotta go ruin it for all.

Link to comment
Share on other sites

The exploit is a result of the CPU design / functionality.  They are trying to address it with OS changes, but it appears it will come at a performance hit.

https://venturebeat.com/2018/01/04/cert-only-way-to-fix-meltdown-and-spectre-vulnerabilities-is-to-replace-cpu/

 

Then there's this.....

http://www.businessinsider.com/how-hackers-can-compromise-your-computer-monitor-darkly-cybersecurity-ssl-mr-robot-red-balloon-security-2017-11

no such thing as "safe" anymore so it seems.

 

 

Link to comment
Share on other sites

Aparantly, it's a huge vulnerability. Intel cpu users are vulnerable from the internet, regardless of settings. AMD is vulnerable from local access, so hackers would need physical access to your computer. The exploit was discovered by a professional hacking service that brings them to the attention of the companies it affects. From what I gather, it has not yet hit the nefarious hacking community yet, but they will start attacking the fix once they get a look at what it does (revealing the exploit itself). So until Intel, ARM, and AMD fix their physical CPU architecture, this will continue to be a security risk requiring regular OS level updates to keep ahead of the hackers. So, expect a 5-30% performance hit for current CPU's. The new architecture is going to be 5% faster without any advances in technology, other than fixing the flaw. So annoying.

Link to comment
Share on other sites

I especially like the idea that CERT (a company directly funded by Homeland Security) posted a statement saying the only way to fix it was to get a new CPU, then later removing it saying all CPUs have the same problem so buying a new one won't fix the problem.  Then they're worried that the public might start demanding replacements.  Seems like there's more going on here.  Like somebody is trying to put a fear out to the public even though there is no way to fix it.  And OS speeds dropping, that's just BS.  They'll have to sell those faster processors at the same price as the current ones and just re-market them as a slower speed.

Link to comment
Share on other sites

Well that's the thing. It disproportionately affects older CPUs. The older (within the last 10 years - the relevant ones) are affected more than the newer faster models. So yeah, there is perhaps a fear factor there, but I think it's driven more out of necessity than coercion. Tests show that the patch doesn't seem to as noticeable in normal user scenarios as was initially feared (Browsing internet, gaming, and file management). Where it becomes noticeable is when the CPU is usually operating near 100%, like in servers or data centers. I wonder about video encoding. That one gets me as it's the primary reason I bought a fast CPU (Intel i7-4790K). It already takes a buttload of time to encode mp4 home movies in hitfilm.

Link to comment
Share on other sites

Agreed.  I just recently dropped +$500 on a Xeon CPU for my server for similar reasons.  Encoding videos, and streaming takes a CPU hit, and typically only allows one active process at a time.  And even with this awesome chip, I'm still hitting 100% CPU usage quite frequently.  Gonna suck if the speed drops too significantly..  this is the top of the line, best CPU I can get for this motherboard.  That's the other kicker.  Upgrading the CPU once they fix the problem at the hardware level WILL require you to upgrade the motherboard too, which includes upgrading RAM also.  Gonna suck all around.

Link to comment
Share on other sites

Good read! I saw brainsmoke's tweet on the 3rd and knew that didn't look good... More surprised it wasn't a deliberate backdoor forced into architecture by Homeland Security... Or was it? Lol

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...