Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

[Stuka87]

It all seems to be about accessing page tables which happen through the mmu and the translation look aside buffer and page tables in main memory.
This is about that.
https://lwn.net/Articles/569635/
Do you have detailed information about this Intel bug ?
It seems i have missed something when reading your post.

The one mentioned in the OP is on NDA until tomorrow, so we don't have exact details. The issue seems to be with Intel CPUs speculatively processing code before doing a permissions check which allows user level code to potentially have access to kernel level code.

The issue mentioned in the video is an attack on the MMU which can give access to memory addresses. This can allow an attacker to circumvent ASLR and read in memory contiguously that otherwise would have been randomized.

 

[Despoiler]

Im not yet convinced, MANY, MANY software protections like Denuvo runs behind Vms.

Don't forget the server side of online games. Anything cloud or database is going to take a hit.

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

Here, check out AC:O, weren't they bashed for DRM? Doesn't seem to be affecting it.

Well ya because most gamers are on the GPU limited side of things.

 

[PottedMeat]

lol

https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1553070.html

2) Namespace

Several people including Linus requested to change the KAISER name.

We came up with a list of technically correct acronyms:

User Address Space Separation, prefix uass_

Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix
fuckwit_

but we are politically correct people so we settled for

Kernel Page Table Isolation, prefix kpti_

Linus, your call

 

[realibrad]

So if it's correct what I saw in this? thread, that this very same flaw was publicly demonstrated at some conference in 2016, and would likely therefore be known by large hacker groups for perhaps sometime before that and certainly after, could this be tied to some of the more recent data hacks, like Equifax and others?

I'm not too familiar with how those breaches occurred, but was wondering if some these $$billion screw-ups lead back to a *potentially known* flaw in Intel's architecture, if these companies will start going after Intel for compensation.

...I'm also concerned that this design was an active decision to introduce false performance metrics to remain competitive against their more secure rival, for a decade and more. That would be extremely troubling.

I doubt it was known, partly for the reason you gave, but also because the performance gap was so large between AMD and Intel that only a fool would leave it out after Core launched. What I imagine is that someone messed up, but nobody realized how and saw that it was faster so they ran with it.

I just have a hard time imagining that they knew for this long and did nothing.

 

[Schmide]

IMO games will be effected. In 2005 or so MS moved graphics out of the kernel and that was a good thing. However the implication of this is for an isolated process to execute anything over local housekeeping the kernel and another process must be involved. nVidia has a very optimized multi-threaded software driver that resides adjacent to both the kernel and the game. The data to call ratio is most likely low enough to keep the performance hit small, but I think it will be noticeable.

 

[William Gaatjes]

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

Here, check out AC:O, weren't they bashed for DRM? Doesn't seem to be affecting it.

This is a lot more revealing.
Read before about the speculative loading and PTI but as long as it is not confirmed...

 

[Herr Kutz]

Will this slow down my i3-530 and i5-5200u?

 

[Topweasel]

Will this slow down my i3-530 and i5-5200u?

Quick answer is yes. If today you are able to use a system with a Intel Processor and are using Windows 7 or later, when this patch comes out, whatever affect it is going to have on any given application, your system will receive that performance penalty. The question now is what the actual application impact we will see.

 

[William Gaatjes]

The one mentioned in the OP is on NDA until tomorrow, so we don't have exact details. The issue seems to be with Intel CPUs speculatively processing code before doing a permissions check which allows user level code to potentially have access to kernel level code.

The issue mentioned in the video is an attack on the MMU which can give access to memory addresses. This can allow an attacker to circumvent ASLR and read in memory contiguously that otherwise would have been randomized.

Thank you.
I noticed that one link i posted is from 2013. That gives an explanation of how and why but it also confirms what was written there cannot be it.
The computerbase.de article is revealing.
I have been reading more about it form these articles to understand what is going on (In chronological order) :
https://lwn.net/Articles/738975/
https://lwn.net/SubscriberLink/741878/78d70a9fed62f496/

 

[Roger Wilco]

What's the probability of a class action lawsuit? Everyone and their mother has an Intel CPU in something.

 

[R0H1T]

Get your tinfoils & seat belts ready https://twitter.com/statuses/948561799875502080

 

[PingSpike]

What's the probability of a class action lawsuit? Everyone and their mother has an Intel CPU in something.

The class action lawsuit will be irrelevant next to what they'll have to deal with from their huge data center customers. Those guys bought a lot of cpus, use them for things where the performance impact is worse and are large companies that have actual legal teams. Whether you and I see a $2.27 check 9 years from now or not, those guys are going to make real demands.

 

[zinfamous]

I doubt it was known, partly for the reason you gave, but also because the performance gap was so large between AMD and Intel that only a fool would leave it out after Core launched. What I imagine is that someone messed up, but nobody realized how and saw that it was faster so they ran with it.

I just have a hard time imagining that they knew for this long and did nothing.

Um, isn't that actual "very large performance gap" encompassed by the "performance increase" that this bug introduces to the architecture at the expense of security? That is the actual claim: has nothing to do with ignoring it because of inherent performance, but that the security compromise was designed in to create that performance.

I admit that this is the razor's edge of wacko conspiracy, but it really would be nothing new in the proven shadiness of how Intel does things.

 

[realibrad]

Um, isn't that actual "very large performance gap" encompassed by the "performance increase" that this bug introduces to the architecture at the expense of security? That is the actual claim: has nothing to do with ignoring it because of inherent performance, but that the security compromise was designed in to create that performance.

I admit that this is the razor's edge of wacko conspiracy, but it really would be nothing new in the proven shadiness of how Intel does things.

But only a small part in reality. If AMD were within 5% or so then I could see this, but the gap was huge a few times and it would have been better to fix it then. Leaving it open for 10+ years is a bit much even for Intel, because of how it exposes them.

Unless the person that knew of this left the company and it was forgotten.

 

[jpiniero]

https://twitter.com/aionescu/status/948609809540046849

This guy claims that Apple supplied a fix in OSX 10.13.2 which was released in early December.

 

[Rifter]

we have any windows benchmarks yet?

 

[Malogeek]

we have any windows benchmarks yet?

Windows hasn't been patched for Insiders yet.

 

[naukkis]

So it seems that little behaviour exploit whole kernel memory to usermode programs, cpu_unsecure well earned. But big question to ask is whether that fuckwit_ can be made full secure for cpu with such a serious errata?

 

[Dayman1225]

we have any windows benchmarks yet?

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/
https://www.hardwareluxx.de/index.p...er-sicherheitsluecke-im-prozessor-design.html

 

[Dayman1225]

Intel has responded:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

 

[LTC8K6]

Intel has responded:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

They don't seem too worried.

 

[Rifter]

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/
https://www.hardwareluxx.de/index.p...er-sicherheitsluecke-im-prozessor-design.html

Thanks!

 

[Dayman1225]

They don't seem too worried.

Name dropping AMD is a bold move after an engineer claims they are not affected.

 

[Atari2600]

Core CPU's are just as effected as Xeons.

I know Core iSomethings are affected.

My point is - the majority of those running cores will never hear of this, not to mention grasp how important it could be.

Those running Xeons however, or rather, the IT departments that are responsible for them, aren't so ignorant.

 

[Rifter]

Intel has responded:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

Thats complete BS, maybe they should look at the actual benchmarks before responding they would look alot less like idiots.