News Intel CPUs hit by four more security flaws

Wakka · 16 May 2019

edzieba said: ↑

Not yet. This research was funded by Intel (as with discoveries of past SPECTRE variants) so the researchers' focus has been on testing Intel CPUs. It may be some time before AMD replicate the research and verify if or if not their CPUs are affected. Last time around they jumped the gun by initially announcing they were not vulnerable to SPECTRE, then having to walk that back to just not vulnerable to Variant 3 (MELTDOWN).
Click to expand...

Funded?

Gareth Halfacree · 16 May 2019

Rebooted after installing the new kernel, ran the Spectre-checker script, and according to that AMD parts aren't affected:

Code:

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Not affected)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Not affected)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Not affected)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  YES  (Not affected)
* CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
* Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
* Kernel mitigation is enabled and active:  NO
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Not affected)

EDIT: Inb4 "what does some random script know:" it's the Linux kernel that's reporting my Ryzen chip isn't affected, the script's just reporting that fact.

EDIT EDIT: Same script, Intel laptop:

Code:

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality:  YES
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality:  YES
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality:  YES
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality:  YES
* Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active:  YES
* SMT is either mitigated or disabled:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)

edzieba · 16 May 2019

Does the 'Spectre checker script' actually attempt the attacks and report the results, or does it look for the presence (or absence) of known vulnerable hardware and known kernal and microcode patches against an internal list?

Gareth Halfacree · 20 May 2019

AMD has confirmed that its parts are not affected by any of the four vulnerabilities, just like wot the Linux kernel sed.

Wakka · 20 May 2019

A decent IPC uplift and clock boost on Zen 2 and we could very well see clock-for-clock parity in a lot of use cases in a few months... That will hurt Intel a lot.

Tyinsar · 21 May 2019

Jeff Hine said: ↑

How the heck did the 4690/K dodge that one...?
Click to expand...

RedFlames said: ↑

Just came to me -

Different list, the 4690K and 4790K were officially 'Devil's Canyon', not 'Haswell'
Click to expand...

Odd that the i7-4790K isn't on Intel's list at all: https://www.intel.com/content/dam/w...A00233-microcode-update-guidance_05132019.pdf

Tyinsar · 24 May 2019

Indeed but I find it disconcerting that they make no mention of if on their microcode update lists. I'm pretty sure these processors aren't immune to the flaws. I'd really like to see an official list that includes them as getting the microcode updates.

Pretizx · 24 May 2019

Intel and its vulnerabilities

Log in or Sign up

News Intel CPUs hit by four more security flaws

Wakka Yo, eat this, ya?

Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

edzieba Virtual Realist

Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

Wakka Yo, eat this, ya?

Tyinsar 6 screens 1 card since Nov 17 2007

Tyinsar 6 screens 1 card since Nov 17 2007

Pretizx What's a Dremel?

Share This Page

Log in or Sign up

News Intel CPUs hit by four more security flaws

Wakka Yo, eat this, ya?

Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

edzieba Virtual Realist

Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

Wakka Yo, eat this, ya?

Tyinsar 6 screens 1 card since Nov 17 2007

Tyinsar 6 screens 1 card since Nov 17 2007

Pretizx What's a Dremel?

Share This Page

Useful Searches