Two New Meltdown/Spectre Variants Found

Discussion in 'HardForum Tech News' started by DooKey, Feb 15, 2018.

  1. DooKey

    DooKey [H]ard DCOTM x4

    Messages:
    7,817
    Joined:
    Apr 25, 2001
    It appears that the meltdown/spectre rabbit hole is deeper and more twisted than we realized. Researchers from Princeton and Nvidia have found two new variants they call MeltdownPrime and SpectrePrime. The good news about these is current software mitigation should prevent any attack using the variants. The bad news is that this finding identifies further hardware corrections that need to be made in future processors. Intel, AMD, and others have got their work cut out for them. You can read the paper here.

    In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer's memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.
     
    DejaWiz likes this.
  2. RaxusCraxurFace

    RaxusCraxurFace [H]Lite

    Messages:
    93
    Joined:
    May 22, 2015
    Odin's Eye

    "Design blunders"
     
    cyclone3d likes this.
  3. Loose Nut

    Loose Nut Limp Gawd

    Messages:
    363
    Joined:
    Oct 21, 2009
    They have found, or they have made ? huge difference
     
    lostin3d and RaxusCraxurFace like this.
  4. trparky

    trparky Gawd

    Messages:
    975
    Joined:
    Jul 23, 2009
  5. Hallucinator

    Hallucinator Gawd

    Messages:
    562
    Joined:
    Nov 1, 2006
    whoever designed the Meltdown/Spectre ought to be in a very thick glass walled cell placed on Times Square with tons of cams pointed at the cell.

    No privacy at all for the idiot.
     
  6. shatterstar

    shatterstar Limp Gawd

    Messages:
    262
    Joined:
    Jul 19, 2011
    Has Meltdown and Spectre been patched/fixed release for the common the folks out there?


    Sorry I haven't really been keeping up with this.....
     
  7. chockomonkey

    chockomonkey [H]ardForum Junkie

    Messages:
    8,206
    Joined:
    Oct 11, 2003
    Last I heard Intel fucked up their patches and had to roll em back, but I'm also out of the loop a bit.
     
    thebufenator likes this.
  8. RPGWiZaRD

    RPGWiZaRD Gawd

    Messages:
    1,011
    Joined:
    Jan 24, 2009
    Gotta love how we've kept getting 5% or so perf improvement from a new generation Intel shift over course of several years and then comes these security holes that gets software patched and eats up that 4 year of performance progress in an instant. xD Perhaps I should be more concerned about the security aspect but I can't help the performance degredation aspect to be so fking annoying when the performance improvement (talking IPC) for my heavy non heavy threaded scenario needs where I could use a lot more still than the market offers.

    So where will we be with Spectre + Meltdown + Prime fixes, back at 3770K performance?
     
    ncjoe, chockomonkey and Master_shake_ like this.
  9. DF-1

    DF-1 2[H]4U

    Messages:
    2,519
    Joined:
    Jun 17, 2011
    will these cost $100 a year and be delivered in 2 days or less?
     
    heatlesssun likes this.
  10. buzzbomb

    buzzbomb Gawd

    Messages:
    594
    Joined:
    Sep 29, 2009
    Are you saying we should punish the security researcher that pointed out the exploitable weakness before the "bad guys" could get ahold of it, or the CPU designer that first implemented branch prediction?
     
    drescherjm likes this.
  11. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,078
    Joined:
    Dec 8, 2004
    Pretty certain he was bitching with no intelligent intent
     
    Tsumi, mashie and buzzbomb like this.
  12. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,913
    Joined:
    Oct 13, 2016
    Is the no end in sight to this steaming pile?

    Well, besides upgrading to the latest Intel is throwing at us or a new AMD build(my choice when the time comes) anyway.
     
  13. Wine

    Wine Limp Gawd

    Messages:
    487
    Joined:
    Dec 17, 2012
    Wait till they find MeltdownMegatron and SpectreMegatron, then the real fireworks will begin.
     
    86 5.0L likes this.
  14. Hallucinator

    Hallucinator Gawd

    Messages:
    562
    Joined:
    Nov 1, 2006
    *reads wiki*

    Thank you for correcting me.
     
  15. WhoMe

    WhoMe Gawd

    Messages:
    827
    Joined:
    Jan 3, 2018
    Yeah the meltdown has been done in the OSes (well recent ones anyway). But while I check everyday--nothing yet for the x99 platform and Spectre. Supposedly the new fix (after the botched first one) is now in beta.
     
    shatterstar likes this.
  16. naib

    naib [H]ard|Gawd

    Messages:
    1,252
    Joined:
    Jul 26, 2013
    Well spectre1 is mitigated in Linux and spectre2 mitigation is expected with Linux 4.16
     
  17. M76

    M76 [H]ardForum Junkie

    Messages:
    9,002
    Joined:
    Jun 12, 2012
    If it's just exploiting the same vulnerability in a different way then it is not a new variant is it?

    Using a tool differently doesn't make it into a new tool.