Major Intel Memory Vulnerability

Jerry Snitselaar dev at snitselaar.org
Thu Jan 4 16:22:56 MST 2018


On Thu Jan 04 18, der.hans wrote:
>Am 03. Jan, 2018 schwätzte Matthew Crews so:
>
>moin moin,
>
>good writeup on memory management and how this is an issue from before the
>bug details were released and a follow up article from the same guy about
>the bugs.
>
>https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
>
>If I were still teaching sysadmin that article would be required reading.
>
>https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
>
>ciao,
>
>der.hans
>

The writeup from the project zero folks: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html


>>I would be more concerned IF the next gen CPU has this fixed. All's I know is that if Intel wants to fix the very next gen, they will need to scrap a lot of silicon that has already been finished.
>>
>>Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.
>>
>>-------- Original Message --------
>>On Jan 3, 2018, 15:35, Nathan O'Brennan wrote:
>>
>>>I'm more curious to know which versions of Intel's upcoming chips have been fixed already. I would like to upgrade my current workstation in the next year and will stick with Intel despite any performance impact over AMD.
>>>
>>>On 2018-01-03 00:43, Aaron Jones wrote:
>>>
>>>>
>>>>I read the performance hit for Intel chips will be %35 or so after the fix.
>>>>
>>>>On Jan 2, 2018, at 7:49 PM, Eric Oyen <eric.oyen at icloud.com> wrote:
>>>>
>>>>>so, does this mean that the UEFI might get patched first? OR, does the OS ecology have to do so first? Lastly, how much of a performance hit will this represent?
>>>>>
>>>>>-eric
>>>>>from the central offices of the Technomage Guild, the "oh look! yet another bug!" Dept.
>>>>>
>>>>>On Jan 2, 2018, at 3:39 PM, Matthew Crews wrote:
>>>>>
>>>>>>https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>>>>>>
>>>>>>In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
>>>>>>
>>>>>>Also crucial to note is that AMD chips are not affected by this.
>>>>>>
>>>>>>How the heck does something like this go unnoticed for so long?
>>>>>>
>>>>>>Sent from [ProtonMail](https://protonmail.com/), Swiss-based encrypted email.
>>>>
>>>>---------------------------------------------------
>>>>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>To subscribe, unsubscribe, or to change your mail settings:
>>>>http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>-- 
>#  https://www.LuftHans.com   https://www.PhxLinux.org
># An architect who does not believe in privacy may also lack faith
># in keeping out the rain" -- John M. Ford, Growing Up Weightless

>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>To subscribe, unsubscribe, or to change your mail settings:
>http://lists.phxlinux.org/mailman/listinfo/plug-discuss



More information about the PLUG-discuss mailing list