Major Intel CPU vulnerability
-
@irj said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
@irj said in Major Intel CPU vulnerability:
Meltdown is Intel specific. Speculative execution affects all processors
But they aren't listing all processors, anywhere. Only three very specific ones. Not even all Intels, just some.
Unlike Meltdown, which impacts mostly Intel CPUs, Spectre’s proof of concept works against everyone, including ARM and AMD. Its attacks are pulled off differently — one variant targets branch prediction — and it’s not clear there are hardware solutions to this class of problems, for anyone.
But why is no one talking about processors in general, only those three specific ones?
-
@irj said in Major Intel CPU vulnerability:
This article very clearly mentions processors from Intel, AMD, and ARM. They don't even suggest that it's a standard problem, but that it is something that these three did.
And nearly everyone when mentioning Intel points out that it is only some of their procs and not others, like IA64. They don't say IA64 isn't affected, they just say that Intel's x86_64 is the one affected, which isn't IA64.
And chips don't come "from" ARM, so that's confusing. Is it anyone using an ARM design?
Because whatever this is has to be a design thing, it's odd that they keep mentioning companies, not products.
It's like there is a fuel pump leak, and they mention that Chevy, Ford, and Bombadier are affected... but never mention which models or acknowledge that Bombadier makes parts, not cars.
-
Here is how ExtremeTech words it: "Over the past few days we’ve covered major new security risks that struck at a number of modern microprocessors from Intel and to a much lesser extent, ARM and AMD. "
-
What process is Google Parlance? "Meltdown is Variant 3 in ARM, AMD, and Google parlance."
-
This statement certainly makes Intel's design a flaw, contradicting Intel's own statements: "Intel is badly hit by Meltdown because its speculative execution methods are fairly aggressive. Specifically, Intel CPUs are allowed to access kernel memory when performing speculative execution, even when the application in question is running in user memory space. The CPU does check to see if an invalid memory access occurs, but it performs the check after speculative execution, not before."
-
This is useful, ARM is not impacted but "will be in the future": AMD and ARM appear largely immune to Meltdown, though ARM’s upcoming Cortex-A75 is apparently impacted.
-
AMD Zen specifically has hardware that kills Spectre. So it's not a universal threat, even against procs that use all of the features that lead to it.
-
-
-
Our database vendor just reached out to tell us that 10-15% is the measured impact for our database.
-
@scottalanmiller said in Major Intel CPU vulnerability:
Our database vendor just reached out to tell us that 10-15% is the measured impact for our database.
That's substantial...
-
@scottalanmiller said in Major Intel CPU vulnerability:
Our database vendor just reached out to tell us that 10-15% is the measured impact for our database.
So does it affect performance only “after” it’s been patched?
-
-
@danp said in Major Intel CPU vulnerability:
Not surprising, unfortunately there is no way that they wouldn't be sued. If a patch has been developed this quickly, then there is clearly something majorly broken, but easily remedied.
-
@fredtx said in Major Intel CPU vulnerability:
@scottalanmiller said in Major Intel CPU vulnerability:
Our database vendor just reached out to tell us that 10-15% is the measured impact for our database.
So does it affect performance only “after” it’s been patched?
Yes
-
-
Good article about how the likes of Vultr, Digital Ocean, Linode, and others are working together to try and solve the issues this creates. Sounds like they learned same time we did.
-
@zachary715 said in Major Intel CPU vulnerability:
Good article about how the likes of Vultr, Digital Ocean, Linode, and others are working together to try and solve the issues this creates. Sounds like they learned same time we did.
Which means Intel wasn’t disclosing to key vendors.
-
From my reading, they were disclosing to the big boys at Amazon, Microsoft, Google, but not to these other guys. So now they're scrambling.
I guess in reality you can't really reach out to EVERYONE affected immediately. You have to draw the line somewhere of who knows ahead of time and who doesn't. I just would have thought some of these providers were large enough to justify disclosure
-
@zachary715 said in Major Intel CPU vulnerability:
From my reading, they were disclosing to the big boys at Amazon, Microsoft, Google, but not to these other guys. So now they're scrambling.
Right, and that's what I think is terrible. Some customers (not us) get to know about security problems and we (and likely most of our vendors), do not. It's Intel's right to treat some customers like total shit, and it's our right to see them as dishonest pieces of crap that I don't trust at all.