Exploits for Intel CPUs (NOT AMD) Documented

Who wants to bet Intel will have a new CPU line launched by end of month?
Ill take that bet. Even if Intel started reworking their prediction unit last August there is no chance they have had time to fix it by now.
 
Who wants to bet Intel will have a new CPU line launched by end of month?
Ill take that bet. Even if Intel started reworking their prediction unit last August there is no chance they have had time to fix it by now.

The most recent consumer chip they had that doesn't appear vulnerable to Meltdown (Spectre is another story) looks to be the pre-Silvermont Atoms - so Bonnell due to the lack of out-of-order execution.

I bet they have the dies still and 32nm has got to be real cheap now. Wonder how high they would clock with real cooling and a higher TDP.
 
Well, right now, but it seems like to be useful (for targeting your average home user) it will need a malware tool kit (again I'm only talking home, not some server that has tons of users of various levels). Anyway glad I'm not running DB servers, but those server farms, yikes!

Well of course there are those kids who might use it to steal their parents passwords (the ones who can't unlock their parents phones with their faces anyway) ;).
Seems more suited for targeting specific computers, not a broad malware deployment. After all you have to sift trough the dumped memory and analyze it's contents. Seems they'd need lots of processing to find valuable information in a memory dump.

More like parents who want their kids social media passwords and aliases.
 
  • Like
Reactions: WhoMe
like this
Ill take that bet. Even if Intel started reworking their prediction unit last August there is no chance they have had time to fix it by now.

Live in Cali? Give me a place to sleep and I'll buy you a beer if you win :)

If you win, welcome to Canada, you can stay in my guest room and buy me a beer.

Edit: Also is this really that hard to fix? Could intel not just change something simple in their next processor that you know is already launching sometime this year to correct it?
 
Edit: Also is this really that hard to fix? Could intel not just change something simple in their next processor that you know is already launching sometime this year to correct it?
Only if they started working on it years ago. A hardware change of this magnitude could take several years from start to product on the market.
 
https://www.techpowerup.com/240274/...tatements-regarding-discovered-security-flaws

CPUs from AMD, ARM, and Intel affected. Confirmed by Google and Microsoft.

Intel confirms is working in patches that render systems inmmune to both Spectre and Meltdown

https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/

It seems linux devs are treating AMD as inmune to Meltdown (despite current status is "unclear": check https://meltdownattack.com). The current fix for Spectre consists on disabling branch prediction on Zen CPUs

https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html
 
Only if they started working on it years ago. A hardware change of this magnitude could take several years from start to product on the market.

So is this something embedded in the physical architecture or is it part of the firmware?

Apologies if I have the semantics incorrect, I'm genuinely curious about this architecture and how it is going wrong.
 
So is this something embedded in the physical architecture or is it part of the firmware?

Apologies if I have the semantics incorrect, I'm genuinely curious about this architecture and how it is going wrong.
Physical implementation. They would have to rework non-trivial parts of the architecture.
 
Crystal has never been very consistent for me on the os drive. I generally have to run it as a secondary drive to get consistent results. I think I'll do the same think with my intel 750, but push the que and threads. I'm well aware I never hit those loads with what I do.

This is why I never run it on the OS drives.

This isn't going to effect gaming and desktop applications as much as it'll effect datacenter operations, such as database and large data set workload applications.

We're already in talks with Cisco about upgrading our blades, but they don't currently offer AMD based solutions. That's going to change very quickly. ;)

That's not going to change as quickly as you'd think. QVL of server hardware and certification by software vendors takes a very long time. If they hadn't planned on releasing any AMD based solutions previously, it will take them months before they could starting from now or within the last couple of weeks.

This reminds me of the AMD Phenom TLB bug.
 
It's not AMD at all and only some arm processors which arm themselves have listed on their site.

As opposed to another chipmaker who is playing with fire.

I was mentioning what the CNN article said - not that it was correct or incorrect.
 
Holy crap the fan boys are out in droves! I still find it amazing people think this is a bug, as if speculative execution wasn't a performance feature on many of these processors. Somebody exploits it and suddenly it's a bug and was never supposed to be part of the architecture? Do we recall Windows all the time when some hacker finds an exploit? No, we patch it and move on without suing Microsoft over every little bug. It's amazing that people keep saying AMD is totally unaffected. That's where the fan boys truly come out and shine, believing what they want to believe without looking at facts and data. Spectre is much harder to execute and much more malicious and the verdict is still out.
 
Holy crap the fan boys are out in droves! I still find it amazing people think this is a bug, as if speculative execution wasn't a performance feature on many of these processors. Somebody exploits it and suddenly it's a bug and was never supposed to be part of the architecture? Do we recall Windows all the time when some hacker finds an exploit? No, we patch it and move on without suing Microsoft over every little bug. It's amazing that people keep saying AMD is totally unaffected. That's where the fan boys truly come out and shine, believing what they want to believe without looking at facts and data. Spectre is much harder to execute and much more malicious and the verdict is still out.

A bug is simply a flaw that produces unintended results. So yes, this is a bug in the speculative execution system of many processors with regard to how the data cache is handled when data has to be evicted for instructions to executed successfully. I don't think anyone is saying it shouldn't be part of the architecture, but there is concern that there may have been conscious design choices made to sacrifice security for performance (I personally don't believe this to be), and that despite know

The difference between a CPU with a bug and Windows with a bug is that Windows is fairly easily patched to resolve issues. CPU hardware, not so much. So if the workaround to avoid the bug causes a significant hit to performance, and consumers and businesses chose a processor based on that performance, what should they do?
 
A bug is simply a flaw that produces unintended results. So yes, this is a bug in the speculative execution system of many processors with regard to how the data cache is handled when data has to be evicted for instructions to executed successfully. I don't think anyone is saying it shouldn't be part of the architecture, but there is concern that there may have been conscious design choices made to sacrifice security for performance (I personally don't believe this to be), and that despite know

The difference between a CPU with a bug and Windows with a bug is that Windows is fairly easily patched to resolve issues. CPU hardware, not so much. So if the workaround to avoid the bug causes a significant hit to performance, and consumers and businesses chose a processor based on that performance, what should they do?

Yeah I think it's just the perspective you take on it, but I can see this being a bug. They definitely made this choice to increase performance, but will likely roll it back in the future. Hopefully not much performance loss!

Sounds like individuals won't see any impact, but yes, servers will definitely be having issues. I just don't see a massive recall in the future, which I hear a lot of people asking for.
 
Microsoft has released patches for Meltdown for Windows 7,8.1 and 10 which can be downloaded now. It's supposed to have started showing for Windows 10, looks like they released the Patch Tuesday build early, 16299.192 for the FCU, but I downloaded and installed manually on my sig rig and Surface Book 2, when smoothly with no issues. Play some Wolfenstein II NC and no problems. Did some before and after runs of CrystalDiskMark:

Funny how the other numbers are so different except that last one being 224.

AhZye3q.jpg

PmdszT1.jpg
 
Last edited:
Back
Top