'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

The_Librarian said:
Of course it will affect consoles as well.

But consoles will be harder to crack, esp consoles which doesn't see internet for a long while. And even then ne'er-do-wells will be hard pressed to root/pwn a console.
Click to expand...

One for the peasants then :)
 
ginggs said:
The OS patches are workarounds, and come with a performance penalty.
Click to expand...

There's a lot of useful info in this podcast about this, from the 6th Jan.:

http://www.jupiterbroadcasting.com/121182/meltdown-spectre-ask-noah-43/

Doesn't appear to be the case that performance hits will be across the board. It apparently depends on what you're doing with your PC, so even video rendering & gaming won't be hit, and certainly normal computer work won't, but things to do with cloud services will. That's my understanding, and I'm certainly no expert. I'm not even a novice :)
 
The_Librarian said:
Nintendo's Wii running on a PowerPC CPU - wonder if it is vulnerable... :whistle: :D (because I've got two Wii's)
Click to expand...
Yes, PowerPC vulnerable to Spectre. Any CPU using speculative pre-processing is potentially open.

Here's IBM's statement: https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

IBM said:
On Wednesday, January 3, researchers from Google announced a security vulnerability impacting all microprocessors, including processors in the IBM POWER family.

This vulnerability doesn’t allow an external unauthorized party to gain access to a machine, but it could allow a party that has access to the system to access unauthorized data.
If this vulnerability poses a risk to your environment, the first line of defense is the firewalls and security tools that most organizations already have in place.

Complete mitigation of this vulnerability for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to this vulnerability and is a pre-requisite for the OS patch to be effective. These will be available as follows:

* Firmware patches for POWER7+, POWER8 and POWER9 platforms will be available on January 9. We will provide further communication on supported generations prior to POWER7+,* including firmware patches and availability.

* Linux operating systems patches will start to become available on January 9.* AIX and i operating system patches will start to become available February 12. Information will be available via PSIRT.

Clients should review these patches in the context of their datacenter environment and standard evaluation practices to determine if they should be applied.
Click to expand...

If you're using the Wii Enterprise Edition in a DC, perhaps disconnect. Otherwise I wouldn't worry. :p
 
Last edited:
Microsoft's Meltdown updates were reportedly bricking AMD PCs

https://www.engadget.com/2018/01/09/microsoft-halts-meltdown-spectre-amd-patches/

Microsoft has stopped them for now, blaming AMD documentation.
Following reports of unbootable machines, Microsoft has halted updates of its Meltdown and Spectre security patches for AMD computers, according to a support note spotted by the Verge. It made the move after numerous complaints from users who installed the patch and then couldn't get past the Windows 10 splash screen. "To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors," it wrote.

According to reports from users, the unbootable problem appears to happen with specific AMD models. "I have older AMD Athlon 64 X2 6000+, [and] after installation of KB4056892 the system doesn't boot, it only shows the Windows logo without animation and nothing more," said one user. The same issue was confirmed by other Athlon and Sempron-equipped PC owners.

Microsoft confirmed as much, blaming the issue on faulty AMD documentation. "After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown," the company said.

Obviously, this is the last thing that Microsoft and AMD need, especially since AMD has claimed that it is barely affected by the patch. Microsoft is working to resolve the issue, but if you already installed the patch and can't boot up, it has some links you can hit up to fix it here.
Click to expand...
 
This is why it's generally prudent to not have MS updates automatically do their thing. Even on Win 10, set your PC/laptop to metered where possible, and manually do updates a few days after "patch Tuesday" (is my recommendation). On Win 7 & 8.1 I have 2 machines set to never download auto., and then manually check for them a few days afterwards.
 
BayCityRoller said:
This is why it's generally prudent to not have MS updates automatically do their thing. Even on Win 10, set your PC/laptop to metered where possible, and manually do updates a few days after "patch Tuesday" (is my recommendation). On Win 7 & 8.1 I have 2 machines set to never download auto., and then manually check for them a few days afterwards.
Click to expand...

Does the metered connection thing really work to block them on Home editions as well? Because you can't disable automatic updates on it.
 
Ho3n3r said:
Does the metered connection thing really work to block them on Home editions as well? Because you can't disable automatic updates on it.
Click to expand...

I've found it does on a Win 10 HOME edition laptop I have, as long as you're using it on wi-fi (only?). Apparently if connected to ethernet, metered won't work.

I thereafter have to actively go into the update section & click on "Check for updates" or whatever it's termed ; I'm not currently using it so can't give the exact wording, but it always then checks for them and downloads the cumulative ones along with any others available at the time.
 
Last edited:
Steve Gibson talks about Spectre and Meltdown in Security Now. This problem was first raised in 1992. All modern CPUs using speculative execution are vulnerable, so this is an industry problem, not just an Intel problem.

The real hit of the OS fixes for the CPU TLB problem will be felt on servers, so DCs and cloud-based servers are where we'll see the largest performance impact.

Security Now, on TWiT, Episode 645
 
Last edited:
Arthur said:
Steve Gibson talks about Spectre and Meltdown in Security Now. This problem was first raised in 1992. All modern CPUs using speculative execution are vulnerable, so this is an industry problem, not just an Intel problem.

The real hit of the OS fixes for the CPU TLB problem will be felt on servers, so DCs and cloud-based servers are where we'll see the largest performance impact.

Security Now, on TWiT, Episode 645
Click to expand...

A few insights, but otherwise 2 hours of rambling discussions, adverts, product placement. Might help if there was a transcript. TL;DR

Edit: I did end up watching half an hour (his personality and experience are quite engaging), after which the topic changes to anti-virus. He is quite non-judgemental about the bug, and the inherent complexity of modern CPUs. DRAM is way slower than cache memory, which is the root of these issues...

P.S. He doesn't say why AMD CPUs are not vulnerable to Meldown. Presumably they have a separate cache/address table for kernel memory.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X