'Kernel memory leaking' Intel processor -- a serious cpu bug!?!

Configure and optimize you computer for Audio.
Post Reply New Topic
RELATED
PRODUCTS

Post

The only thing we know is kernel space (the OS) memory normally inaccessible to user space (programs) becomes visible to user space (a bad program) if it does "something".

Thinking "out of order execution" would be going waaaay out on a limb. At best you could read the Linux kernel source-code, but you'll have to note these are incomplete patches and not verified to work in all cases. So you can't just read the source and fully understand exactly how the problem is set up to occur.

The only thing we definitely know to be a fact is that it is a security issue where customers are suddenly allowed to peak inside the bank vault and read confidential information. That's it. We don't know how they get inside, but it is claimed that the bank vault is flawed and the whole security system must be redesigned to cure this issue.

That's like the vault having a stone floor so that you can tunnel underneath and get inside. So they're having to put steel plate on the floor now too.

Post

aciddose wrote: Thinking "out of order execution" would be going waaaay out on a limb.
https://googleprojectzero.blogspot.co.n ... -side.html

Post

Yes which is something potentially totally unrelated and not at all verified to have anything to do with this issue. So that's going waaay out on a limb.

You can't just point at something random and assume it's connected. You need proof.

Post

Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws https://www.bleepingcomputer.com/news/s ... tre-flaws/

Post

All CPUs since ever are vulnerable to "the power was shut off" flaw, stop the presses!!!

So I'm sure this Intel flaw must be related to the power being switched off flaw.

Post

Maybe this is getting on the right track then?
https://it.slashdot.org/comments.pl?sid ... d=55853035

Post

Yes well that's obvious just by reading the patch, it is exactly what I said.

All we know is:
- Userspace code does "something" which allows it to read kernel space addresses. Someone from AMD replied to this to state AMD chips are not affected... Both Intel people and AMD people know exactly what is going on, so you wouldn't expect them to be posting something inaccurate to a public mailing list and embarrassing themselves.

That said it really doesn't provide any useful information at all. We still don't know all the details that have been researched by experts for approximately six months. They're going to publish the information in the coming weeks. The purpose of withholding this information is to make it impossible to reproduce the issue or test its effects. This is called a "zero-day" exploit: they're withholding details of how to produce the exploit until the patches are released.

My speculation: You won't see details in the releases along with patches either. It'll just be well known that the patches can be examined to identify what changes have been made, and by reverse-engineering from that point it will be possible for "bad actors" to reproduce the exploit given enough time. So the releases will include enough information to convince people of the severity of the exploit and encourage them to patch systems that are vulnerable. That'll include your "how to tell if your system is affected?" and similar information.

We won't be seeing detailed documentation for a while... perhaps never. There is absolutely no reason to publicly publish exploit information that isn't beneficial to those running vulnerable systems in protecting those systems. It's like handing nukes over to the local terrorist organization: "here you go guys! have fun!!!"

End of line.

Post

bmrzycki wrote:
EvilDragon wrote:Of course Intel would want to downplay the issue, and suck in all the competitors. I don't trust them one bit. Onset looks like a typical PR machination.
I don't trust Intel one bit either. Still, it's strange that the Intel patches were fast-tracked into mainline and as of today the AMD patch has not:

https://www.phoronix.com/scan.php?page= ... -4.15-Test
https://www.phoronix.com/scan.php?page= ... le-x86-PTI
Let me try to make this more clear. AMD is insecure on Linux only if the system is not setup right, if you set it right you won't have any problems. On Intel is a totally different story, you are insecure no matter what.

Also, there are 2 bugs out there guys, try not to confuse them. There is Meltdown which affects Intel and not AMD and there is Spectre which affects all CPUs but on AMD only partially. Spectre is not big deal as Meltdown, but can't be patched. I've heard it can be avoided by developers when they make their apps. So the big problem is with Meltdown.

Here for more information: https://meltdownattack.com/

Post

nIGhT-SoN wrote:
bmrzycki wrote:
EvilDragon wrote:Of course Intel would want to downplay the issue, and suck in all the competitors. I don't trust them one bit. Onset looks like a typical PR machination.
I don't trust Intel one bit either. Still, it's strange that the Intel patches were fast-tracked into mainline and as of today the AMD patch has not:

https://www.phoronix.com/scan.php?page= ... -4.15-Test
https://www.phoronix.com/scan.php?page= ... le-x86-PTI
Let me try to make this more clear. AMD is insecure on Linux only if the system is not setup right, if you set it right you won't have any problems. On Intel is a totally different story, you are insecure no matter what.

Also, there are 2 bugs out there guys, try not to confuse them. There is Meltdown which affects Intel and not AMD and there is Spectre which affects all CPUs but on AMD only partially. Spectre is not big deal as Meltdown, but can't be patched. I've heard it can be avoided by developers when they make their apps. So the big problem is with Meltdown.

Here for more information: https://meltdownattack.com/
As far as I understand it Meltdown is already patched in High Sierra 10.13.2, but no word on previous OS X versions.

Post

nIGhT-SoN wrote:
bmrzycki wrote:
EvilDragon wrote:Of course Intel would want to downplay the issue, and suck in all the competitors. I don't trust them one bit. Onset looks like a typical PR machination.
I don't trust Intel one bit either. Still, it's strange that the Intel patches were fast-tracked into mainline and as of today the AMD patch has not:

https://www.phoronix.com/scan.php?page= ... -4.15-Test
https://www.phoronix.com/scan.php?page= ... le-x86-PTI
Let me try to make this more clear. AMD is insecure on Linux only if the system is not setup right, if you set it right you won't have any problems. On Intel is a totally different story, you are insecure no matter what.

Also, there are 2 bugs out there guys, try not to confuse them. There is Meltdown which affects Intel and not AMD and there is Spectre which affects all CPUs but on AMD only partially. Spectre is not big deal as Meltdown, but can't be patched. I've heard it can be avoided by developers when they make their apps. So the big problem is with Meltdown.

Here for more information: https://meltdownattack.com/
My understanding from reading through that is that in the long term Spectre is a very big deal because it will require a completely new processor architecture to avoid it.

Post

Mac mini m4 pro, Reaper, too many plugins, Modal Argon8, Novation Circuit Mono Station and now a lovely Waldorf Blofeld.

Post

PapaLazarou wrote:Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws https://www.bleepingcomputer.com/news/s ... tre-flaws/
Oh, so they ("they" probably meaning a advertising agency) have created 2 fancy names for this things now. Who would have thought. :lol:

From another thread here:
chk071 wrote:BTW, what surprises me most is that they haven't engaged a advertising company to develop a fancy name for this bug already. But, they probably already did, and just wait a few days to present the name, just like with Heartbleed.
Last edited by chk071 on Thu Jan 04, 2018 12:30 pm, edited 1 time in total.

Post

lnikj wrote:As far as I understand it Meltdown is already patched in High Sierra 10.13.2, but no word on previous OS X versions.
I found a beta Sierra security update last night (2018-001) which presumably addresses this. So I expect 10.11 and 10.12 will get security updates soon.

Post

10.13.2 is partially fixed, more work on that coming in 10.13.3.

Post

gnu23 wrote:Intel's official statement about the issue.
El Reg translation of this:

https://www.theregister.co.uk/2018/01/0 ... notations/

Post Reply

Return to “Computer Setup and System Configuration”