Major Intel CPU vulnerability
-
It's VERY fishy that this flaw is mentioned over and over again as being Intel and a flaw and unique to the Intel-only platform of x86_64, but then claimed to be on AMD and ARM chips... which just happened to be names that the public knows well. But never, ever mentioned on IA64, Power, or Sparc64. Things don't add up. If it is a flaw in Intel's downstream implementation, how is it affecting others? Why is it only big consumer-known products affected and not other products from the same and other vendors? If other architectures are affected, why is only Intel's architecture named?
-
@tim_g said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@tim_g said in Major Intel CPU vulnerability:
To me it's looking like AMD64 is AMD's version of x86_64. So, perhaps it duplicated the same vulnerability... but maybe not.
Other way around. AMD64 is the architecture. x86_64 is an Intel marketing name for compatibility with AMD64 extended on top of the IA32 (aka x86) architecture. AMD64 came first and is never x86_64, AMD64 is what you compile to. x86_64 is a scam name used by Intel to try to pretend that they weren't using an AMD designed chip after the disaster of Itaniam (aka IA64.) X86_64 was a reference to AMD64 calls on top of Intel's Pentium IV 32bit chip. Later they called their own implementation of AMD64, x64, because they refused to acknowledge that they were the copy cats so closely following their huge "Genuine Intel" campaign claiming that clones were inferior.
For the 64bit era, Intel has been the clone, and it is "Genuine AMD".
Ahh, i see.
Then either:
- Intel did a bad job of duplicating the AMD64 architecture, inventing the vulnerability in the process.
or
- AMD64 had the vulnerability to begin with, and Intel replicated it.
Right, but if it was #2, it is being reported wrong and the flaw is in AMD64, not x86_64. But neither case would explain how ARM is involved.
-
Yeah, I guess we need to wait for more info... things just aren't making sense.
My guess is the media is reporting this wrong... or Intel is leaking incorrect information.
-
@tim_g said in Major Intel CPU vulnerability:
Yeah, I guess we need to wait for more info... things just aren't making sense.
My guess is the media is reporting this wrong... or Intel is leaking incorrect information.
Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.
-
@scottalanmiller said in Major Intel CPU vulnerability:
@tim_g said in Major Intel CPU vulnerability:
Yeah, I guess we need to wait for more info... things just aren't making sense.
My guess is the media is reporting this wrong... or Intel is leaking incorrect information.
Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.
Well yeah they both have so much to lose, especially Google.
Google has a big reputation for being security-focused. Now that's all shot to pieces imo.
-
@tim_g said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@tim_g said in Major Intel CPU vulnerability:
Yeah, I guess we need to wait for more info... things just aren't making sense.
My guess is the media is reporting this wrong... or Intel is leaking incorrect information.
Given that Intel and Google both reported only after getting busted for having information about vulnerabilities that they had not released, the one thing we know is that neither can be trusted. Google and Intel got caught with their pants down and seem to be claiming anything to lessen the blow to their integrity.
Well yeah they both have so much to lose, especially Google.
Google has a big reputation for being security-focused. Now that's all shot to pieces imo.
They are focused on THEIR security, just not ours.
-
There are two different vulns. One is specifically Intel and one is all processors. The Intel vulnerability is much worse and requires firmware updates and OS patching. The other flaw can be fixed with just OS patches
-
Driving at the moment I'll share more later
-
Meltdown is Intel specific. Speculative execution affects all processors
-
Can someone TLDR this mess for me?
If stuff isn't getting BIOS updates to "fix" this is it worth keeping the hardware?
Anyone going full out replacements? With what?
-
@irj said in Major Intel CPU vulnerability:
Meltdown is Intel specific. Speculative execution affects all processors
But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.
-
@mattspeller said in Major Intel CPU vulnerability:
Can someone TLDR this mess for me?
If stuff isn't getting BIOS updates to "fix" this is it worth keeping the hardware?
Anyone going full out replacements? With what?
With AMD!
-
@scottalanmiller said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
Meltdown is Intel specific. Speculative execution affects all processors
But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.
Unlike Meltdown, which impacts mostly Intel CPUs, Spectre’s proof of concept works against everyone, including ARM and AMD. Its attacks are pulled off differently — one variant targets branch prediction — and it’s not clear there are hardware solutions to this class of problems, for anyone.
-
@irj said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
Meltdown is Intel specific. Speculative execution affects all processors
But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.
Unlike Meltdown, which impacts mostly Intel CPUs, Spectre’s proof of concept works against everyone, including ARM and AMD. Its attacks are pulled off differently — one variant targets branch prediction — and it’s not clear there are hardware solutions to this class of problems, for anyone.
But why is no one talking about processors in general, only those three specific ones?
-
@irj said in Major Intel CPU vulnerability:
This article very clearly mentions processors from Intel, AMD, and ARM. They don't even suggest that it's a standard problem, but that it is something that these three did.
And nearly everyone when mentioning Intel points out that it is only some of their procs and not others, like IA64. They don't say IA64 isn't affected, they just say that Intel's x86_64 is the one affected, which isn't IA64.
And chips don't come "from" ARM, so that's confusing. Is it anyone using an ARM design?
Because whatever this is has to be a design thing, it's odd that they keep mentioning companies, not products.
It's like there is a fuel pump leak, and they mention that Chevy, Ford, and Bombadier are affected... but never mention which models or acknowledge that Bombadier makes parts, not cars.
-
Here is how ExtremeTech words it: "Over the past few days we’ve covered major new security risks that struck at a number of modern microprocessors from Intel and to a much lesser extent, ARM and AMD. "
-
What process is Google Parlance? "Meltdown is Variant 3 in ARM, AMD, and Google parlance."
-
This statement certainly makes Intel's design a flaw, contradicting Intel's own statements: "Intel is badly hit by Meltdown because its speculative execution methods are fairly aggressive. Specifically, Intel CPUs are allowed to access kernel memory when performing speculative execution, even when the application in question is running in user memory space. The CPU does check to see if an invalid memory access occurs, but it performs the check after speculative execution, not before."
-
This is useful, ARM is not impacted but "will be in the future": AMD and ARM appear largely immune to Meltdown, though ARM’s upcoming Cortex-A75 is apparently impacted.
-
AMD Zen specifically has hardware that kills Spectre. So it's not a universal threat, even against procs that use all of the features that lead to it.