Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 58 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

JimKiler

Diamond Member
Oct 10, 2002
3,557
205
106
Is there a list of CPU's that got patches/micro code updates. I have a 4790K and have no idea if MS gave me a patch or not. I searched google but there are too many news headlines even when i search spectre & meltdown CPU patch list.
 

Shamrock

Golden Member
Oct 11, 1999
1,438
558
136
I also have a 4790K, and Windows 7 does have a mess of a patch, I have NOTHING in regards to a bios update (MSI Z97 Gaming 5 mobo). And without it, the Win7 patch screws up bad, such as BSODs, applications crashing, or unactivating.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
Is there a list of CPU's that got patches/micro code updates. I have a 4790K and have no idea if MS gave me a patch or not. I searched google but there are too many news headlines even when i search spectre & meltdown CPU patch list.
Inspectre will tell you if you are patched and it will give some other info about patches for your system.

https://www.grc.com/inspectre.htm
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
Any updates until when we will see processors that have protection built in for a noob like me?
Intel has said fixed processor will appear by the end of 2018. AMD made a similar statement as well, I believe.

Home users really don't need to worry about it, anyway. It was never really going to be a problem for typical home PC users.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
4770 windows10 up to date = vulnerable
Haswell systems should only be vulnerable to Spectre at this point, and that's even less to worry about than Meltdown for most users.
My 4790K and E3-1231 V3 systems showed Meltdown protection a while ago.
 

Tarkin77

Member
Mar 10, 2018
70
147
106
Last edited:

Gideon

Golden Member
Nov 27, 2007
1,608
3,572
136
It looks like 8 new vulnerabilities, all requiring patches.
Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches - probably they all get their own names. Until then, we will jointly call them the Spectre-NG gaps in order to distinguish them from the problems known so far.

So far we only have concrete information on Intel's processors and their patch plans. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether and to what extent the closely related AMD processor architecture is susceptible to the individual Spectre-NG gaps.

Intel is already working on some Spectre-NG patches itself; others are being developed in cooperation with the operating system manufacturers. When the first Spectre-NG patches will be released is not yet clear. According to our information, Intel is planning two patch waves: The first is scheduled to start in May; a second is currently planned for August.

At least one of the Spectre-NG patches has already been scheduled: Google's Project Zero has found one of the gaps again and on May 7 - the day before the Windows patchday - the 90-day deadline, which they typically allow the manufacturer before a release, expires. Google's elite hackers are quite uncompromising when it comes to such deadlines, and after their expiration they have already published information on vulnerabilities for which the manufacturer has not yet finished patches. If there is a second gap, Intel itself expects information to be made public at any time. So patches for these two gaps should be released sooner rather than later.
Some ARM CPUs are vulnerable, most probably AMD is also affected by at least some of them (though remains to be tested), as they were affected by the previous spectre problems.
 

naukkis

Senior member
Jun 5, 2002
701
569
136
New vulnerabilities probably affects Meltdown-vulnerable cpu's, Intel and some ARM. KTPI only isolated address spaces, if caches aren't flushed(high performance penalty) data is still accessible from caches, as Meltdown vulnerable cpu's are fundamentally broken.
 

Shamrock

Golden Member
Oct 11, 1999
1,438
558
136
I haven't even gotten my BIOS update (Z97) for my Mobo yet, and round 2 is coming? Great. Thanks MSI
 

snstr

Member
Aug 16, 2017
29
7
36
Last edited:

ksec

Senior member
Mar 5, 2010
420
117
116
Could we start / break it into another thread instead? It is a little hard to follow once this gets longer.

I wonder how long has the SpectreNG been known?
 

formulav8

Diamond Member
Sep 18, 2000
7,004
522
126
Having an Arm CPU for their Secure Processor features, there will likely be at least something from these exploits that affects AMD as well.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
Inspectre now reports my Haswell systems as fully patched with good performance.
 

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
Remember to update it and run it again, after the details for the new security issues have become public.
I'm hoping that the patches will work for upcoming variants as well.

Ivy Bridge system still not patched for Spectre yet, and performance is reported as "slower", however, I have not noticed anything being slower.
 

rchunter

Senior member
Feb 26, 2015
933
72
91
Just patched my Asus X99 WS board last night. They finally released it.
The only patches i'm still waiting for now is for my 2 supermicro haswell boards.
Asus X58 mb will probably never get one. I'm fine with that.
 
  • Like
Reactions: snstr