If you read the article, it went undetected so long probably because it looks like you have to do 2 or 3 ‘illegal’ things in just the right order at just the
right time. (‘illegal’ as in ‘not supposed to work’. I did find the second article very interesting – the one that explained rowhammer.)
I mean, how long did it take my friends at ASU lo these many years ago to put together 3 little bits of information to realize the large hole that was left?
Oh, probably at least a year… So even with motivation and time AND all the information presented right there in front of you, it can take a while. THIS bug apparently involves doing stuff that isn’t really supposed to work.
(And Rowhammer is just SICK.)
From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org]
On Behalf Of Matthew Crews
Sent: Tuesday, January 02, 2018 3:39 PM
To: Main PLUG discussion list
Subject: Major Intel Memory Vulnerability
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
In a nutshell, it is a major security flaw in Intel hardware dating back a decade that is requiring a complete kernel rewrite for every major OS (Linux, Windows, Mac, etc) in order to patch out. It cannot be patched out with a CPU microcode update. Major enough
that code comments are redacted in the patches until an embargo period is expired. Also the reported fix will have a huge performance impact.
Also crucial to note is that AMD chips are not affected by this.
How the heck does something like this go unnoticed for so long?
Sent from ProtonMail, Swiss-based encrypted email.