All Intel processors affected by memory leaking vulnerability

Blindaim

Master Member
Joined
Aug 27, 2007
Messages
3,745
Reaction score
361
https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI

AMD Performance won't be hit in Linux.

Update: Linus Torvalds has now ended up pulling the latest PTI fixes that also include the change to disable page table isolation for now on all AMD CPUs. The commit is in mainline for Linux 4.15 along with a few basic fixes and ensuring PAGE_TABLE_ISOLATION is enabled by default.

Kernel developer Thomas Gleixner wrote in the pull request of disabling KPTI on AMD hardware, "Not necessarily a fix, but if AMD is so confident that they are not affected, then we should not burden users with the overhead."
 
Last edited:

Psycovirus

Senior Member
Joined
Jan 3, 2007
Messages
1,756
Reaction score
332
TLDR of a TLDR;
2e4ksid.jpg



Here's Intel's press release :s13::s13:
dq51g3.jpg

Haha. Intel in full damage control mode.

I really hope AMD EYPC will succeed so that there's better competition in the server space and not being monopolized by Intel.
 

wwenze

Great Supremacy Member
Joined
Dec 2, 2002
Messages
73,372
Reaction score
18,271
People also said PS4 won't get exploit... :D

Is just how much effort hackers want to put in I guess. This cost vs benefit race has always been the spotlight when it comes to encryption.

And thanks to *cough*Windows*cough*Google*cough*Facebook*cough*fkingUber*cough* hackers have never needed to resort to hardware exploits. But yes, access to unauthorized memory location is always the start of hacking.

Haha. Intel in full damage control mode.

I really hope AMD EYPC will succeed so that there's better competition in the server space and not being monopolized by Intel.

DNA argument. More variety, less effect.

But DNA also means survival of the fittest and that's what killed all the rest of the makers...
 

Ferolare

High Supremacy Member
Joined
Feb 26, 2007
Messages
48,275
Reaction score
114
all take with a pinch of salt until Kernel 4.15 rolls out bah :s34:

as for me: i'll twiddle my thumb until Mint 19 or 18.04LTS bah

(but my money is on no impact whatsoever on my media pc :s13:)
 

Rock-kun

Senior Member
Joined
Sep 10, 2007
Messages
991
Reaction score
1
all take with a pinch of salt until Kernel 4.15 rolls out bah :s34:

as for me: i'll twiddle my thumb until Mint 19 or 18.04LTS bah

(but my money is on no impact whatsoever on my media pc :s13:)

Me using a self-built kernel 4.5 which I have no intention of ever updating or recompiling until another two or three years.

By then we will have moved on to kernel 5.x already.
 

Psycovirus

Senior Member
Joined
Jan 3, 2007
Messages
1,756
Reaction score
332
Intel CEO has inside intel for being inside intel and sold of 24 Million worth of stock in november.

Google has informed Intel months before it's CEO decided to get rid of part of his shares. And finally the bug came to light and intel's stock prices plummet...

Intel is as shady as ever. This is basically insider trading and highly illegal.

On the other hand, Microsoft patch has been pushed out. Intel need to push out a firmware update to fix the issue completely. There seem to be no performance hit on games according to recent Hardware Unboxed youtube video testing the latest patch on Intel's i7-8700K.
 

Encrypted11

Supremacy Member
Joined
Jun 9, 2012
Messages
5,731
Reaction score
116
The key executives can change their position on their shareholding. It's just that they need to do the relevant paperwork filing to the relevant securities exchange. In this case, the relevant SEC filing and presumably he did follow the standing order except the internet can spin it out of context.

I'd take the verbatim quote as half correct.

But overall he won't be sitting there for long, there's a reason why the ex. Qualcomm dude became Intel's $25million man. :s13:
 

ZrE0_Cha0s

Arch-Supremacy Member
Joined
Jun 21, 2011
Messages
16,705
Reaction score
25
Intel CEO has inside intel for being inside intel and sold of 24 Million worth of stock in november.

Google has informed Intel months before it's CEO decided to get rid of part of his shares. And finally the bug came to light and intel's stock prices plummet...

Intel is as shady as ever. This is basically insider trading and highly illegal.

On the other hand, Microsoft patch has been pushed out. Intel need to push out a firmware update to fix the issue completely. There seem to be no performance hit on games according to recent Hardware Unboxed youtube video testing the latest patch on Intel's i7-8700K.

so in other words the patch is only from Microsoft side and not intel's bug fix?
 

Psycovirus

Senior Member
Joined
Jan 3, 2007
Messages
1,756
Reaction score
332
so in other words the patch is only from Microsoft side and not intel's bug fix?

Kernel is affected thus Microsoft Windows, Linux and Apple's MacOS needed to be patched. Intel also needs to push out some sort of firmware/bios microcode too it seems.

Intel's official statement has so much crap. Thankfully, TheRegister has translated the crap statement to be truer. Such a good read.

Article: "We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare"
 

Koenig168

Supremacy Member
Joined
Nov 4, 2007
Messages
9,030
Reaction score
1,151
Most consumers will not be heavy kernel users and hence not materially affected by the patch (when it comes from Microsoft). Interesting read from the Register.
 

Ark Law

Arch-Supremacy Member
Joined
Jan 29, 2013
Messages
11,540
Reaction score
495
Most consumers will not be heavy kernel users and hence not materially affected by the patch (when it comes from Microsoft). Interesting read from the Register.

I was reading on reddit (a day before Google PR release/2nd Jan) that it would have more drastic effects on heavy I/O users, i.e. cloud providers, i.e. MS Azure, Google, AWS etc.
 

Encrypted11

Supremacy Member
Joined
Jun 9, 2012
Messages
5,731
Reaction score
116
The intel problem is a security issue with the cpu switching into kernel mode and user mode.

If the spectre issue is interpreted correctly, it is a fundamental problem with how modern CPUs do branch prediction, prefetching (basically doing things the efficient way) in hardware. All the key vendors are affected because they all use some of these modern computing techniques to make the CPUs run faster if people looked at the research paper. Can't single out any vendor on this one and it will be a pandora's box.

It will take literally years for this to be completely mitigated in hardware at least.
 

Encrypted11

Supremacy Member
Joined
Jun 9, 2012
Messages
5,731
Reaction score
116
all take with a pinch of salt until Kernel 4.15 rolls out bah :s34:

as for me: i'll twiddle my thumb until Mint 19 or 18.04LTS bah

(but my money is on no impact whatsoever on my media pc :s13:)

Well precisely, wait for the response. Pertaining to 'spectre' the only solution is to wrap your smartphones, laptops and computer in tin foil but don't scream when we all get wifi/bt attenuation issues and check again if the sky is falling is it :s34:?

So overall tl;dr: they're out there and they're going to get us correct? :crazy:
 

Psycovirus

Senior Member
Joined
Jan 3, 2007
Messages
1,756
Reaction score
332
Link to the latest Windows 10 Build 1709 patch that solves the issue.

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

  • Addresses issue where event logs stop receiving events when a maximum file size policy is applied to the channel.
  • Addresses issue where printing an Office Online document in Microsoft Edge fails.
  • Addresses issue where the touch keyboard doesn’t support the standard layout for 109 keyboards.
  • Addresses video playback issues in applications such as Microsoft Edge that affect some devices when playing back video on a monitor and a secondary, duplicated display.
  • Addresses issue where Microsoft Edge stops responding for up to 3 seconds while displaying content from a software rendering path.
  • Addresses issue where only 4 TB of memory is shown as available in Task Manager in Windows Server version 1709 when more memory is actually installed, configured, and available.
  • Security updates to Windows SMB Server, the Windows Subsystem for Linux, Windows Kernel, Windows Datacenter Networking, Windows Graphics, Microsoft Edge, Internet Explorer, and the Microsoft Scripting Engine.

EDIT:

Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

This page has instructions on how to test if your system is affected using a PowerShell script.

Noteably,

Warning

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.

Just applying the patch isn't the fix until processor microcode or firmware is updated either through Microsoft update or BIOS update by intel/manufacturers.
 
Last edited:

Koenig168

Supremacy Member
Joined
Nov 4, 2007
Messages
9,030
Reaction score
1,151
I was reading on reddit (a day before Google PR release/2nd Jan) that it would have more drastic effects on heavy I/O users, i.e. cloud providers, i.e. MS Azure, Google, AWS etc.

Not just cloud providers but data centers in general. Like you said, heavy I/O users.

Anyway, I just installed the patch and no noticeable performance difference in general usage.
 

Psycovirus

Senior Member
Joined
Jan 3, 2007
Messages
1,756
Reaction score
332
Not just cloud providers but data centers in general. Like you said, heavy I/O users.

Anyway, I just installed the patch and no noticeable performance difference in general usage.

According to Microsoft, the patch isn't the end of it. More info can be found in the above link i edited in.

Warning

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.

And yea, normal usage as a consumer, we wouldn't notice the performance deficit but mainly the Data centers are the ones who have to worry about it.

Sent from OnePlus ONEPLUS A3000 using GAGT
 

Ferolare

High Supremacy Member
Joined
Feb 26, 2007
Messages
48,275
Reaction score
114
Well precisely, wait for the response. Pertaining to 'spectre' the only solution is to wrap your smartphones, laptops and computer in tin foil but don't scream when we all get wifi/bt attenuation issues and check again if the sky is falling is it :s34:?

So overall tl;dr: they're out there and they're going to get us correct? :crazy:
something something NSA is watching you :s34:

that said though, i've installed the latest windows patch and..

something something amd

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False

something something intel

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID optimization is enabled: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Follow the guidance for enabling Windows support for speculation control mitigations are described in https://support.microsoft.com/help/4072698


BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
 
Last edited:
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Community Guidelines and Standards, Terms of Service and Member T&Cs for more information.
Top