New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
The Spectre saga continued this week after researchers revealed details on two new variations of the vulnerability, dubbed Spectre 1.1 and Spectre 1.2. Again, both take advantage of speculative execution: the former delivers “code that overflows CPU store cache buffers in order to write and run malicious code,” while the latter “can be exploited to write to CPU memory sectors that are normally protected by read-only flags.”

Intel and ARM have publicly acknowledged that some of their CPUs are vulnerable to Spectre 1.1. AMD has not published a statement, but AMD has been historically slow at reviewing security issues. Since all Spectre attacks affected AMD CPUs, it is safe to assume that these new ones also affect AMD's portfolio as well. Researchers didn't release information on CPUs impacted by Spectre 1.2.
 
Spectre Mitigation Update
7/13/18

This week, a sub-variant of the original, Google Project (GPZ) variant 1 / Spectre security vulnerability was disclosed by MIT. Consistent with variant 1, we believe this threat can be mitigated through the operating system (OS). AMD is working with the software ecosystem to mitigate variant 1.1 through operating system updates where necessary. We have not identified any AMD x86 products susceptible to the Variant 1.2 vulnerability in our analysis to-date. Please check with your OS provider for the latest information.

https://www.amd.com/en/corporate/security-updates
 
Patching is easy, unless you were dumb when you built the environment. The main issue is cumulative performance hits. It's past the point where large environments are starting to have capacity issues and need more hardware thrown at them. I dealt with a hype cluster yesterday where, in the last 6 months, it went from humming along happily (even during holidays) to a stuttery mess that's constantly trying to re-balance (in mid-summer). It's now had most of it's VMs pinned in an attempt to calm the cluster down while the customer works through their RFC to get more CPU resources in place. Sadly, this pretty much defeats the point of running a hype cluster. Their is a lot of money being pumped into just maintaining performances levels from a year ago.

Honestly, from a data center perspective, these vulnerabilities are selling a lot of processors for Intel. Whether it's finally populating that extra socket, or swapping to more cores per socket, I've seen tons of CPU upgrades recently.

Still waiting to see an Epyc in production.
 
I heard that if you're playing a game and Windows update is running in the background, your Intel system will crawl due to the Meltdown patches. Apparently the Windows Update feature will access the kernel often and trigger a massive slow down.
 
Patching is easy, unless you were dumb when you built the environment. The main issue is cumulative performance hits. It's past the point where large environments are starting to have capacity issues and need more hardware thrown at them. I dealt with a hype cluster yesterday where, in the last 6 months, it went from humming along happily (even during holidays) to a stuttery mess that's constantly trying to re-balance (in mid-summer). It's now had most of it's VMs pinned in an attempt to calm the cluster down while the customer works through their RFC to get more CPU resources in place. Sadly, this pretty much defeats the point of running a hype cluster. Their is a lot of money being pumped into just maintaining performances levels from a year ago.
Patching is easy, scheduling downtime because no shared storage in qa/dev environment is hard. :p
 
This is why our users are on thin clients and can only run approved executables on a VM. BYOD, but nothing touches our servers.
 
Strange how people can word an article to convey a desired sentiment. This is about Spectre, but somehow it is made about AMD. People think journalists are objective, but they're not in this case at least. AMD is least affected, yet is made out to be the villian here. Really?
 
Is it possible to have speculative execution without these flaws? At what point do we need to either scrap the whole idea and try something different for performance, or just live with the vulnerabilities?
 
Damn it I just got done patching all our shit at work.


didnt you read the notice from intel, just last week if i remember right, about how they were going to start quarterly patches for this?

QUARTERLY, as in continuing patches.. for the foreseeable future.
 
Updated bios for my asus 170 pro but why bother, it's working flawless and with all these new variants the patch will be obsolete it would appear.
I am not on any shared network so if I did get it nobody else would per say so it's not really broke to the point I need to fix it.
 
so chrome is now sandboxing every website/tab to help protect against this

does firefox have any similar abilities?

the zero days are going to be a slaughter
 
Don't panic! Remember that in order for these exploits to work, the attacker first needs to gain local code execution. The biggest threat is to cloud based services where you can't control who else is running code on the same server as you; some malware in another VM can use these exploits to exfiltrate your data.
 
Back
Top