Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 60 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
IEC

IEC

Elite Member
Super Moderator
Jun 10, 2004
14,328
4,913
136
LTC8K6 said:
Inspectre says there is a microcode update for my IB desktop system, but where do I find it?

The one listed above does not list IB desktop chips.
Click to expand...

You don't, unless you are lucky enough that your motherboard manufacturer supports microcode updates that far back (unlikely).

Microsoft worked with Intel to implement a microcode patch at boot (for Windows 10 and Server 2016) as a way to address vulnerability in older systems.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Summary:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Article:
https://www.tomshardware.com/news/microsoft-windows-spectre-patch-intel-cpus,36614.html
 
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
IEC said:
You don't, unless you are lucky enough that your motherboard manufacturer supports microcode updates that far back (unlikely).

Microsoft worked with Intel to implement a microcode patch at boot (for Windows 10 and Server 2016) as a way to address vulnerability in older systems.

https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates

Summary:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

Article:
https://www.tomshardware.com/news/microsoft-windows-spectre-patch-intel-cpus,36614.html
Click to expand...
OK, that explains why the 1231-V3 system is fully patched, but the 4790K and 3330 systems are not.

EDIT, no it doesn't.
 
R

rchunter

Senior member
Feb 26, 2015
933
72
91
Supermicro came out with the bios patches for their haswell based boards. I applied 2 yesterday, plus I updated the ipmi firmware on both my boards also.
 
  • Like
Reactions: wahdangun
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
Okay, went ahead and installed the new beta BIOS from ASUS for my Z-97A 4790K system.
Inspectre reports all good now.
 
J

jpiniero

Lifer
Oct 1, 2010
14,581
5,203
136
dualsmp said:
That seems highly unlikely given that a complete overhaul in chip architecture is required to actually fix Spectre and Meltdown. They can only "mitigate" the chip flaws until there is a new architecture.
Click to expand...

Yeah, a hardware mitigation instead of a real fix. But that might be good enough for now.
 
B

beginner99

Diamond Member
Jun 2, 2009
5,210
1,580
136
Panino Manino said:
How bad is this for AMD?
https://www.theregister.co.uk/2018/05/25/researchers_crack_open_amds_server_vm_encryption/

I know that there's some extraordinary conditions that are needed, but even so SEV should prevent the information to be extracted in plain text, that information should have come encrypted, right?
Click to expand...

I'm gonna say if you have a hostile server admin or a malware infected hypervisor, this problem is gonna me a tiny, tiny concern compared to all the other issues you will be facing.
 
  • Like
Reactions: DarthKyrie and moinmoin
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
4,944
7,656
136
Panino Manino said:
But SEV purpose was to prevent this from being possible?
Click to expand...
The primary purpose of SEV in cloud computing would be making it impossible for one VM to read the memory of another VM. That's not broken with this, the VM would still need to capture and fully control the HV first.

So it's a severe bug that ought to be fixed, but it doesn't affect SEV's current use case.
 
  • Like
Reactions: lightmanek
IntelUser2000

IntelUser2000

Elite Member
Oct 14, 2003
8,686
3,785
136
Fanatical Meat said:
Is it realistic to believe intel will have hardware fixes for new chips by the end of the year?
Click to expand...

From the Anandtech article:
their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.
Click to expand...

Meltdown and Spectre has variants. Some versions will be patched in hardware, while some will be patched in software. The software patched one is because it requires a bigger architecture change. They've known about this problem for some time, which is why they can have it by end of the year. But didn't know early enough to patch all.
 
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
thecoolnessrune

thecoolnessrune

Diamond Member
Jun 8, 2005
9,672
578
126
LTC8K6 said:
Yes, it's about 1.5 months old now. Not sure why it is being reported again?
It's part of this batch:

https://www.tomshardware.com/news/spectre-ng-vulnerabilities-intel-arm-amd,37002.html

We knew at the beginning that more variants of the flaws would likely be discovered over time.

None of them should be a problem for home users, though.
Click to expand...

That's a really simple answer. We didn't know anything about it then. The article you linked even noted everything was "scant on details".

Now we know some more due to disclosures. There's a small article on Toms Hardware giving a few details, including why it's being reported again. https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html
 
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
thecoolnessrune said:
That's a really simple answer. We didn't know anything about it then. The article you linked even noted everything was "scant on details".

Now we know some more due to disclosures. There's a small article on Toms Hardware giving a few details, including why it's being reported again. https://www.tomshardware.com/news/intel-processors-lazyfp-speculative-execution,37302.html
Click to expand...
I wish they would not release the info to the public until patches or mitigations are ready, but it seems headlines and clicks are more important.
 
  • Like
Reactions: ryan20fun
Mr Evil

Mr Evil

Senior member
Jul 24, 2015
464
187
116
mrevil.asvachin.com
LTC8K6

LTC8K6

Lifer
Mar 10, 2004
28,520
1,575
126
thecoolnessrune

thecoolnessrune

Diamond Member
Jun 8, 2005
9,672
578
126
LTC8K6 said:
I wish they would not release the info to the public until patches or mitigations are ready, but it seems headlines and clicks are more important.
Click to expand...

This was responsibly disclosed, and continues to be responsibly disclosed in about the most efficient way possible given the surrounding factors. Both the entities (Amazon Security Research and Cyberus) are highly reputable and have skin in the game (especially given the AWS Datacenter underpinnings Amazon Security Research supports). Why do you believe "headlines and clicks" are driving this effort? This disclosure, and many of the Meltdown / Spectre disclosures have been handled very well given the scope, especially compared to that farce of a disclosure that was Ryzenfall.
 
  • Like
Reactions: DarthKyrie and KompuKare
Mr Evil

Mr Evil

Senior member
Jul 24, 2015
464
187
116
mrevil.asvachin.com
LTC8K6 said:
Except that Intel's page is dated 6/13 and the Cerberus page is dated 6/6, so it was already public.
Click to expand...
As I stated, only the existence of the vulnerability was made public. It even says on the very page that you linked to:
https://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html said:
The Attack
This section is currently withheld by request from Intel.
Click to expand...
 
  • Like
Reactions: DarthKyrie
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom