Two New Meltdown/Spectre Variants Found

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
8,535
It appears that the meltdown/spectre rabbit hole is deeper and more twisted than we realized. Researchers from Princeton and Nvidia have found two new variants they call MeltdownPrime and SpectrePrime. The good news about these is current software mitigation should prevent any attack using the variants. The bad news is that this finding identifies further hardware corrections that need to be made in future processors. Intel, AMD, and others have got their work cut out for them. You can read the paper here.

In short, the team have discovered new ways for malware to extract sensitive information, such as passwords and other secrets, from a vulnerable computer's memory by exploiting the Meltdown and Spectre design blunders in modern processors. The software mitigations being developed and rolled out to thwart Meltdown and Spectre attacks, which may bring with them performance hits, will likely stop these new exploits.
 
Joined
Nov 1, 2006
Messages
558
whoever designed the Meltdown/Spectre ought to be in a very thick glass walled cell placed on Times Square with tons of cams pointed at the cell.

No privacy at all for the idiot.
 

shatterstar

Limp Gawd
Joined
Jul 19, 2011
Messages
264
Has Meltdown and Spectre been patched/fixed release for the common the folks out there?


Sorry I haven't really been keeping up with this.....
 

RPGWiZaRD

[H]ard|Gawd
Joined
Jan 24, 2009
Messages
1,094
Gotta love how we've kept getting 5% or so perf improvement from a new generation Intel shift over course of several years and then comes these security holes that gets software patched and eats up that 4 year of performance progress in an instant. xD Perhaps I should be more concerned about the security aspect but I can't help the performance degredation aspect to be so fking annoying when the performance improvement (talking IPC) for my heavy non heavy threaded scenario needs where I could use a lot more still than the market offers.

So where will we be with Spectre + Meltdown + Prime fixes, back at 3770K performance?
 

buzzbomb

Gawd
Joined
Sep 29, 2009
Messages
594
whoever designed the Meltdown/Spectre ought to be in a very thick glass walled cell placed on Times Square with tons of cams pointed at the cell.

No privacy at all for the idiot.
Are you saying we should punish the security researcher that pointed out the exploitable weakness before the "bad guys" could get ahold of it, or the CPU designer that first implemented branch prediction?
 

lostin3d

[H]ard|Gawd
Joined
Oct 13, 2016
Messages
2,043
Is the no end in sight to this steaming pile?

Well, besides upgrading to the latest Intel is throwing at us or a new AMD build(my choice when the time comes) anyway.
 

Wine

Limp Gawd
Joined
Dec 17, 2012
Messages
487
Wait till they find MeltdownMegatron and SpectreMegatron, then the real fireworks will begin.
 
Joined
Nov 1, 2006
Messages
558
Are you saying we should punish the security researcher that pointed out the exploitable weakness before the "bad guys" could get ahold of it, or the CPU designer that first implemented branch prediction?
*reads wiki*

Thank you for correcting me.
 

WhoMe

Gawd
Joined
Jan 3, 2018
Messages
827
Has Meltdown and Spectre been patched/fixed release for the common the folks out there?


Sorry I haven't really been keeping up with this.....
Yeah the meltdown has been done in the OSes (well recent ones anyway). But while I check everyday--nothing yet for the x99 platform and Spectre. Supposedly the new fix (after the botched first one) is now in beta.
 

naib

[H]ard|Gawd
Joined
Jul 26, 2013
Messages
1,289
Well spectre1 is mitigated in Linux and spectre2 mitigation is expected with Linux 4.16
 

M76

[H]F Junkie
Joined
Jun 12, 2012
Messages
10,671
If it's just exploiting the same vulnerability in a different way then it is not a new variant is it?

Using a tool differently doesn't make it into a new tool.
 
Top