• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 76 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Hitman928

Diamond Member
Apr 15, 2012
3,432
3,614
136
I'm not engineer and don't know how critical this Ring vulnerability is, but it sounds like it only affect Intel because of Ring. Is it fixable via bios update? Don't tell me this would lead to some other bit of performance lost......
They couldn't 'fix' this with a BIOS update. They may be able to mitigate it to some degree, but it will have some sort of performance penalty associated with it.
 

DrMrLordX

Lifer
Apr 27, 2000
17,031
6,001
136
The exploit relies on the ring bus protocol itself. Can they even modify that behavior with microcode updates?
 

moinmoin

Platinum Member
Jun 1, 2017
2,369
2,941
106
Looks like it uses some instruction code previously used by AMD's 3DNow! extension. I guess having some software already use an instruction Intel never acknowledged makes for a good camouflage for new instructions of this kind. Security by obscurity at its finest...
 
  • Like
Reactions: lightmanek

chris george

Junior Member
Apr 13, 2021
1
0
6
https://pythonsweetness.tumblr.com%2Fpost%2F169166980422


Quoted from a reddit thread.

This could be big. Many a sysadmin might have sleepless nights soon enough.

EDIT: Since news and clarification arrived, I'll add it here.
Official website with details: https://meltdownattack.com
TL;DR
There are two attacks exploiting similar ideas, called Meltdown and Spectre.

Meltdown affects all Intel CPU's going back a decade, and some select ARM CPU's. It is the more pressing issue of the two, and potentially compromises systems completely due to its power. Patches already went out on both Linux and Windows to mitigate it. Performance hit depends on workload, gaming not noticeably affected.

Spectre affects all CPU's aside from specialized microcontrollers and other low powered devices. It is harder to exploit but also harder to fix. The full consequences and effects of it are still unknown, but all major tech companies are taking steps to research and mitigate it.

Intel Press Release: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

AMD Press Release: https://www.amd.com/en/corporate/speculative-execution

Apple Press Release: https://support.apple.com/en-us/HT208394

ARM Press Release: https://developer.arm.com/support/security-update



Updated title of the thread to include other CPU companies.


esquared
Anandtech Forum Director
good info
 

ASK THE COMMUNITY