It's that time of month. Spectre returns with new vulnerabilities and corresponding performance-crippling mitigations for affected x86 Intel and AMD CPUs.
Retbleed: Arbitrary Speculative Code Execution with Return Instructions
"Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition...
Back in 2018, when the Spectre and Meltdown vulnerabilities were first publicized, many security experts feared that they opened a figurative Pandora's box. Those two exploits are part of a wider class of potential speculative execution flaws, and this week, those fears were realized, as...
The Linux 5.0 kernel has been released, and among other things, it officially adds support for freesync displays on AMD GPUs. Phoronix notes that AMD previously supported FreeSync on Linux, " via their hybrid driver package with its DKMS module in Radeon Software," but posted a tutorial for...
Some users have accused Nvidia of slowing down old graphics cards with recent driver updates. Tech YES City's viewers asked about that issue, and in a separate video, the YouTuber put it to the test. While he didn't find any evidence to corroborate those claims, he did find a discrepancy between...
Researchers at MIT have built a new security measure on top of Intel's Cache Allocation Technology. Dynamically Allocated Way Guard, or DAWG, is built to isolate programs from each other without the performance overhead of Intel's CAT. The technology only requires "minor modifications to the...
For sale/trade: offers welcome!
HEAT (6-0-0)
I am local to Torrance, CA.
PAYPAL, local cash/venmo accepted
Things I am looking for (I can add $$ on my end):
cheap, large capacity SSDs (>1.5TB per physical drive)
caldigit tb3 plus dock
who knows what else I may be interested in... drop me...
Michael Larabel from Phoronix has run three Intel Xeon and two AMD EPYC systems through a battery of testing including a virtual machine to determine the performance cost that security mitigation patches such as Spectre, Meltdown, and Foreshadow have had on the platforms under Linux. The Linux...
Intel has said they are working on hardware fixes for Spectre and Meltdown, but they haven't been very specific about things lately. Anandtech decided to give them a ring and Intel told them a few more things about their upcoming processors. Amber Lake will not have any hardware fixes since it...
Microsoft Patch Tuesday has implemented fixes and improvements to address the newly disclosed Intel L1 Terminal Fault (L1TF). AMD's Bulldozer and Jaguar processors reclaim lost performance as an issue that caused high CPU usage and degradation with Family 15h and 16h AMD processors was...
Intel has disclosed a new set of security flaws collectively called the L1 Terminal Fault (L1TF). These flaws were discovered in conjunction with researchers at KU Leuven University and other universities. The researchers call their discoveries Foreshadow and Foreshadow - Next Generation (NG)...
Remember our coverage of Spectre? Well researchers at the Graz University of Technology have a working model of how to read arbitrary memory over a network called NetSpectre. NetSpectre attacks have been shown to work over LAN and Google Cloud. The computers being attacked do not need to run...
The Google Security Blog has showcased a newly enabled Chrome feature that helps to protect against speculative execution side-channel attacks like Spectre. Site Isolation limits each renderer process to documents from a single site. To put this in context, previously Chrome allowed cross-site...
Intel has adopted a release schedule for new Spectre vulnerability disclosures. According to The Register, starting today new patches will be released quarterly to patch the latest exploits. This is akin to the Windows Patch Tuesday. I never thought that hardware would have a patch release...
For sale/trade: offers welcome!
HEAT (6-0-0)
I am local to Torrance, CA.
PAYPAL, local cash/venmo accepted
Things I am looking for (I can add $$ on my end):
cheap, large capacity SSDs (>1.5TB per physical drive)
Bose soundsport wireless
who knows what else I may be interested in... drop me...
Two questions:
How do you test or check for Spectre / Meltdown vulnerability?
Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example?
I ask the second question because it seems like new "variants" of the above...
There's a new Core processor vulnerability that Intel has just announced and they consider this one to be of moderate severity. The Lazy FP state restore technique is the cause of this vulnerability and Intel is recommending that developers use the Eager FP state restore instead of Lazy FP state...
Hey guys,
Back in January MSI put out a press release that they were coming out with a new BIOS for a ton of mobos - including my X99S XPOWER AC - http://www.guru3d.com/news-story/msi-releases-bios-updates-to-address-recent-vulberabilities.html - however, the firmware mentioned (E7881IMS.1C0)...
According to the folks over at c't spectre isn't over it's just moving on to the next generation. They say Spectre NG has been confirmed as eight flaws in Intel CPU's that haven't been revealed yet and that some ARM and possibly AMD vulnerabilities are possible as well. So watch out people...
In May of last year, senior performance architect at Netflix, Brendan Gregg posted an interesting article about how the "%CPU" metric is wrong, and is progressively getting worse. Now, Brendan expands on his findings in a 5 minute video from the Southern California Linux Expo. The UpSCALE...
A report from PCWorld states that Intel has finished with its microcode updates for the Spectre vulnerability found in its processors, however unfortunately, Intel has not provided updates for all of them. According to the Intel Microcode Revision Guidance paper, last updated April 2nd, Penryn...
Intel has released a document that explains which CPUs will not receive a Spectre / Meltdown patch. Chipzilla believes that these CPUs are typically implemented in closed systems and are expected to have a lower likelihood of exposure to vulnerabilities. Also it was deemed not practical to...
AMD has a nice little sign set up in their booth over at Cloudfest in Germany. In a nut shell they take a nice little shot at Intel over their Spectre/Meltdown woes. You have to see it to believe it and I'm sure you'll love it as much as I did. Check out the twitter post that brought this to...
Microsoft isn't the most loved company around, but this time they are doing something good and putting their money where their mouth is and offering up to a $250K bounty for finding vulnerabilities like Spectre. Intel is offering the same kind of cash and I guess Microsoft thought it might be a...
Brian Krzanich (Intel CEO), stated that Intel will be releasing new server chips (Cascade Lake) this year that block Spectre attacks in hardware. They are including partitioning technology in the new chips that prevents snooping between applications. Hopefully this new technique they are using...
Microsoft has admitted that it incorrectly updated some Windows 10 machines to version 1709 despite users having paused update operations in their OS settings according to a report from BleepingComputer. Only users that were on V1703 were affected, in that version Microsoft added special...
According to Intel's Microcode Revision Guidance paper, they have released new microcode updates for Sandy Bridge and Ivy Bridge to deal with the Spectre and Meltdown vulnerabilities. Next up are Westmere Xeons, Nehalem Xeons, as well as some Arrandale and Clarkdale CPUs, with Arrandale...
Microsoft is making some Intel microcode updates available for the Fall Creators Update, but these are only for specific Skylake processors. This update is currently available here. Also, Microsoft isn't letting up on antivirus companies and they are going to continue with stringent...
There are many of us that have "old" Intel CPUs that are wondering when we will see UEFI updates for those Broadwell and Haswell based systems that address Spectre security exploits. Microcode for those is now in the wild and hopefully with motherboard manufacturers to qualify so that those...
Back in January after the Meltdown/Spectre threat became public knowledge members of Congress sent letters to Intel and others to ask them why they didn't tell the government about the problems. According to letters sent back to Congress it came down to the fact that Intel didn't feel it was...
Intel has announced that it has released production microcode updates to OEM manufacturers for Kaby Lake, Coffee Lake, and Skylake platforms. Along with this announcement, Intel has finally given us a schedule and availability table for the microcode revisions that can be found here.
Nice to...
It appears that the meltdown/spectre rabbit hole is deeper and more twisted than we realized. Researchers from Princeton and Nvidia have found two new variants they call MeltdownPrime and SpectrePrime. The good news about these is current software mitigation should prevent any attack using the...
Navin Shenoy, of Intel, says they have found the problem with the reboot issue on Broadwell and Haswell firmware updates and they have released more microcode for their Skylake platforms to the OEMs. The plan is to continue to test the updates and release them as soon as possible to the field...
Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon. We all know this is coming, but just when has been the real question. As Intel is scrambling to get fixes out that do not cause more problems than those...
Congress has some questions about Meltdown and Spectre, and they are calling out those involved. Members of the Committee on Energy and Commerce have drafted letters to the heads of several companies involved in the security flaw. The companies whose CEO's received letters are; Apple, Amazon...
Slashgear is reporting that intel plans to have versions of its processors that address the Spectre and Meltdown security flaws on the market later this year. News on the processor update came during the earnings call with Intel CEO Brian Krzanich, after the company announced...
In a public email chain, the Linux inventor Linus Torvalds, and David Woodhouse, engineer at Amazon in the UK discuss Intel's "fix" for Meltdown/spectre. Never one to pull punches Torvalds exclaims "the patches are COMPLETE AND UTTER GARBAGE."
I can't even pretend to understand the technical...
As we reported back on January 12th, there were widespread reports of Intel's Meltdown and Spectre patches causing spontaneous reboots on systems. (I think we have dealt with the issue here once in the past week.) Now Intel is suggesting that you NOT roll out those patches as those seem to be...
A report from BleepingComputer states that Microsoft is resuming the rollout of security updates for AMD devices to patch the Meltdown and Spectre vulnerabilities. Microsoft had halted the rollout for AMD-based machines on January 9th, after their patch left users with PCs that were crashing...