Commercially, maybe, but there's no way intel agencies didn't know about this.It hasn't been used yet
Commercially, maybe, but there's no way intel agencies didn't know about this.It hasn't been used yet
No.http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
Quoted from a reddit thread.
This could be big. Many a sysadmin might have sleepless nights soon enough.
EDIT: Since news and clarification arrived, I'll add it here.
Official website with details: https://meltdownattack.com
TL;DR
There are two attacks exploiting similar ideas, called Meltdown and Spectre.
Meltdown affects all Intel CPU's going back a decade, and some select ARM CPU's. It is the more pressing issue of the two, and potentially compromises systems completely due to its power. Patches already went out on both Linux and Windows to mitigate it. Performance hit depends on workload, gaming not noticeably affected.
Spectre affects all CPU's aside from specialized microcontrollers and other low powered devices. It is harder to exploit but also harder to fix. The full consequences and effects of it are still unknown, but all major tech companies are taking steps to research and mitigate it.
Intel Press Release: https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
AMD Press Release: https://www.amd.com/en/corporate/speculative-execution
Apple Press Release: https://support.apple.com/en-us/HT208394
ARM Press Release: https://developer.arm.com/support/security-update
Plus, they said they couldn't detect if it was ever exploited, since there wouldn't be a log of it.
Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years
Countermeasures to protect apps from attack
By Thomas Claburn in San Francisco 5 Jan 2018 at 07:08
https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/
The article lays out a good timeline, and describes the attacks in good detail.
Meltdown & Spectre Updates Benchmarked, Big Slow Down for SSDs!
Hardware Unboxed
Published on Jan 6, 2018
Not much impact on gaming or application performance, but NVME and SSDs take another hit in performance.
So we have about 10,000 computers at work. Is Intel going to pay for some temp workers to patch their bios?
So we have about 10,000 computers at work. Is Intel going to pay for some temp workers to patch their bios?
there has got to be some kind of Endpoint management system in an organization this size. my work laptop was updated and restarted automatically, during work hours WHILE I WAS WORKING and i lost a little bit of work that wasn't saved yet.So we have about 10,000 computers at work. Is Intel going to pay for some temp workers to patch their bios?
To not to add that this is NOT the final fix, since is pretty likely to see more bugs incomming from the fix... I see that at the end of the month we will see the real impact of the patches.Yes....
https://www.ebay.com/sch/i.html?_od...&_trksid=m570.l1313&_nkw=xeon+server&_sacat=0Take that to P&N before it gets started. Please.
Meltdown is now out in the open. It's only a matter of time before non-state actors take advantage of it. The patches are hurting performance and possibly affecting people's livelihoods today. We don't need to muck around in the world of conspiracy to know that much.
If Intel mishandles this situation, they may lose significant market share in the server sector, which is their main source of revenue. And this while AMD and ARM are both attempting to make fresh incursions into that space. IBM is still pushing its POWER products, too.
I think your right - seems as though there are a few hundred thousand newly available intel servers on Ebay
https://www.ebay.com/sch/i.html?_od...&_trksid=m570.l1313&_nkw=xeon+server&_sacat=0
I think your right - seems as though there are a few hundred thousand newly available intel servers on Ebay
Any idea what the normal amount of Xeon's in ebay listings were before this incident?
Meltdown & Spectre Updates Benchmarked, Big Slow Down for SSDs!
Hardware Unboxed
Published on Jan 6, 2018
Not much impact on gaming or application performance, but NVME and SSDs take another hit in performance.
Wow that suck, fortunately we have transition to thing client so it was minimal, and the thinclient we use used arm CPU or 45nm Intel atom that still single core in-order .
Watch the video, the 850 EVO is affected. (as far as current benchmarks can tell)
Some ex-Intel employee did a detailed Tweets thread about this very topic: https://twitter.com/securelyfitz/status/949370010652196864Any guesses when we will see cpu's without this vulnerability?
Thread time! Why can't they just quickly patch #meltdown or #spectre and push out another cpu? Why could it possibly take years? Why don't they use AGILE or x/y/z? Lots of reasons: (note: my goal is not to criticize chip manufacturers - it's to defend the constraints they have)
Let's start with a standard software product many are familiar with and work off that. First, every time you hit 'build' it's called a 'stepping', costs millions of dollars & takes several months. If you want a profitable product, you may only get 10 chances to press 'build'.
On top of that, half those 'builds' are not 'full layer steppings' meaning you can't change any logic gates, just how they're connected. Even with a full layer stepping you can't shuffle stuff around anywhere like you can with library files and whatnot.
One way to think of it - imagine an ISA that only supports 8 bit jumps/calls. You can only go back or forth +- 128 bytes from your current address. you can't just plug in an extra 256 bytes of code between two existing blocks without lots of rework and significant timing impact
So what's an easy fix on silicon? 1 bit to a couple bytes. Equivalent of inverting a test, changing an immediate value in code, nopping out a bad instruction, or adjusting a branch destination. maybe reordering a simple if/else.
Any more than that, and you impact everything around you. Your extra power draw might heat up another gate that makes a latch work slower and causes every cpu to be speed rated 100mhz slower. The extra space you need might introduce propagation delays that can't be worked around.
So, the easiest possible fix means a couple months to 'build', a few months for you to test your fix, plus regression testing against 50 years of code that your CPU must support. Followed by ramping up high volume manufacturing. Let's say 6 months from fix to on the shelf.
But really, even a small fix means building, testing, fine tuning, building, testing, characterizing, and then releasing. So count on 2-3 steppings and we quickly get to 6 months to a year.
What about a minor new feature? If you'vea already got the architectural and specification stuff done, you need to implement it in HDL, simulate and verify it, and then put it through the build/test/production path. 2 years.
The reality is that new features are risky when you only get a few revisions. LOTS of features exist in silicon for generations before they're fully vetted and 'enabled'. So most features end up being more like 5 years to availability on a product with software supporting it.
But we're still not there. #meltdown and #spectre attack fundamental architecture features that have been built on for decades. We may need to go back to the drawing board. (old intel product lifecycle slide). Everything so far has been in the yellow 'development' phase.
Assuming we don't need too much new research, we amend the architecture, write new specifications, implement the architecture in HDL, fabricate the chip, and go through validation before selling it. Once again, we're talking 4 to 5 years.
Whats it all mean? My guess is there might be a few hardware 'quick fixes' that we could see as soon as this summer (one year after first rumblings). These would probably have a performance impact, but would be a smaller impact than the current software fixes.
Come 2019 and 2020, other products in the pipeline will have more involved fixes that again improve performance over the software and quick fixes. The solution everyone wants is a full fix with no performance impact. I can't imagine that coming any sooner than 2021.
I left Intel over 5 years ago - I know nothing that isn't public about current or upcoming products. This is all speculation based on general knowledge of CPU and silicon manufacturing. Thanks to @savagejen for asking me questions and encouraging me to post.