1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Intel CPUs hit by four more security flaws

Discussion in 'Article Discussion' started by bit-tech, 15 May 2019.

  1. Jeff Hine

    Jeff Hine Nothing special

    Joined:
    8 May 2009
    Posts:
    929
    Likes Received:
    102
    I went there for confirmation of the list in the Intel article link
     
  2. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    11,222
    Likes Received:
    1,358
    Just came to me -

    Different list, the 4690K and 4790K were officially 'Devil's Canyon', not 'Haswell'
     
    Jeff Hine likes this.
  3. Jeff Hine

    Jeff Hine Nothing special

    Joined:
    8 May 2009
    Posts:
    929
    Likes Received:
    102
    Indeed they were - wasn't Haswell a slightly later/revised iteration...?

    EDIT:
    Nope - DC was aka 'Haswell Refresh'; the top end of the Haswell family (I searched).
     
    Last edited: 15 May 2019
  4. WarrenJ

    WarrenJ Well-Known Member

    Joined:
    14 Oct 2009
    Posts:
    2,698
    Likes Received:
    204
    After re-reading my reply I can see where you're coming from. I did mean processors produced over the last 10 years not just pocessors prior to 2008, for which I apologise for.

    The main item I wanted to address was how long should a manufacturer offer support for their products in such a high speed industry. 1 Generation, 2 Generations, 10 Generations?
     
  5. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,402
    Likes Received:
    1,814
    I guess it depends what market you're distributing to. If you want companies to build your processors into embedded stuff that's likely to sit there for years, you'd better support it for years - just look at how long Microsoft supported Windows XP 'cos it ran the world's ATMs and POSes. For that matter, look at my MicroServer: the version of Linux that's on there now has just EOL'd five years after release, and the next version I'm upgrading to won't EOL for ten.

    It's perfectly reasonable, especially for a company as big as Intel and with as healthy a profit margin, to expect a decade's worth of support - perhaps less on the desktop.
     
  6. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,184
    Likes Received:
    284
    Not yet. This research was funded by Intel (as with discoveries of past SPECTRE variants) so the researchers' focus has been on testing Intel CPUs. It may be some time before AMD replicate the research and verify if or if not their CPUs are affected. Last time around they jumped the gun by initially announcing they were not vulnerable to SPECTRE, then having to walk that back to just not vulnerable to Variant 3 (MELTDOWN).
     
  7. Wakka

    Wakka Yo, eat this, ya?

    Joined:
    23 Feb 2017
    Posts:
    1,940
    Likes Received:
    546
    Funded?
     
    adidan likes this.
  8. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,402
    Likes Received:
    1,814
    Rebooted after installing the new kernel, ran the Spectre-checker script, and according to that AMD parts aren't affected:

    Code:
    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Not affected)
    
    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Not affected)
    
    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Not affected)
    
    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * CPU supports the MD_CLEAR functionality:  UNKNOWN  (is cpuid module loaded?)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Not affected)
    
    EDIT: Inb4 "what does some random script know:" it's the Linux kernel that's reporting my Ryzen chip isn't affected, the script's just reporting that fact.

    EDIT EDIT:
    Same script, Intel laptop:

    Code:
    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
    * CPU supports the MD_CLEAR functionality:  YES
    * Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
    * Kernel mitigation is enabled and active:  YES
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)
    
    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
    * CPU supports the MD_CLEAR functionality:  YES
    * Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
    * Kernel mitigation is enabled and active:  YES
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)
    
    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
    * CPU supports the MD_CLEAR functionality:  YES
    * Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
    * Kernel mitigation is enabled and active:  YES
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)
    
    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Clear CPU buffers; SMT vulnerable)
    * CPU supports the MD_CLEAR functionality:  YES
    * Kernel supports using MD_CLEAR mitigation:  YES  (md_clear found in /proc/cpuinfo)
    * Kernel mitigation is enabled and active:  YES
    * SMT is either mitigated or disabled:  NO
    > STATUS:  NOT VULNERABLE  (Mitigation: Clear CPU buffers; SMT vulnerable)
    
     
    Last edited: 16 May 2019
    adidan likes this.
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,184
    Likes Received:
    284
    Does the 'Spectre checker script' actually attempt the attacks and report the results, or does it look for the presence (or absence) of known vulnerable hardware and known kernal and microcode patches against an internal list?
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,402
    Likes Received:
    1,814
  11. Wakka

    Wakka Yo, eat this, ya?

    Joined:
    23 Feb 2017
    Posts:
    1,940
    Likes Received:
    546
    A decent IPC uplift and clock boost on Zen 2 and we could very well see clock-for-clock parity in a lot of use cases in a few months... That will hurt Intel a lot.
     
  12. Tyinsar

    Tyinsar 6 screens 1 card since Nov 17 2007

    Joined:
    26 Jul 2006
    Posts:
    2,287
    Likes Received:
    28
  13. Jeff Hine

    Jeff Hine Nothing special

    Joined:
    8 May 2009
    Posts:
    929
    Likes Received:
    102
    46- and 4790K are both - officially - Devil's Canyon, not Haswell... might be how they escaped.
     
  14. Tyinsar

    Tyinsar 6 screens 1 card since Nov 17 2007

    Joined:
    26 Jul 2006
    Posts:
    2,287
    Likes Received:
    28
    Indeed but I find it disconcerting that they make no mention of if on their microcode update lists. I'm pretty sure these processors aren't immune to the flaws. I'd really like to see an official list that includes them as getting the microcode updates.
     
  15. Pretizx

    Pretizx Member

    Joined:
    10 Feb 2017
    Posts:
    51
    Likes Received:
    5
    Intel and its vulnerabilities:duh::duh:
     
Tags: Add Tags

Share This Page