1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Intel warns of four security vulnerabilities

Discussion in 'Article Discussion' started by bit-tech, 10 Apr 2019.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    1,989
    Likes Received:
    39
    Read more
     
  2. Wakka

    Wakka Yo, eat this, ya?

    Joined:
    23 Feb 2017
    Posts:
    1,738
    Likes Received:
    444
    Intel chips got more vulnerable back-doors than a south American prison at this point...
     
  3. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,981
    Likes Received:
    1,582
    To be fair to Intel, only one of 'em is a chip flaw; the other three are firmware (one) and software (two) for which patches are already available.
     
  4. adidan

    adidan Avatar now in stock for xmas 2019

    Joined:
    25 Mar 2009
    Posts:
    13,358
    Likes Received:
    1,330
    Roll on my Zen 2 upgrade.
     
    Corky42 likes this.
  5. Knowbody

    Knowbody New Member

    Joined:
    15 Aug 2012
    Posts:
    6
    Likes Received:
    0
    They are all hardware flaws that require firmware/software workarounds.

    For example, the Meltdown vulnerability allows userspace code to read the CPUs cache, which often contains kernel memory.

    The workaround is essentially to keep deleting the kernel memory from CPU cache every time it wants to run userspace code, so that if the userspace code is reading the CPU's cache using the Meltdown vulnerability, there isn't any kernel memory there to read.
    And the act of deleting the kernel memory all the time takes extra time.

    But, it should never been able to just read CPU cache in the first place. A proper fix means modifying the architecture so that reading the CPU's cache like that isn't possible.

    It's kind of like, if there was a hole in a wall of a bank big enough to let anybody enter the vault, and the workaround was to check if anybody from the public happened to be walking near the hole and take all the money out of the vault every time it happened just in case they decided to stroll into the vault.
     
    Last edited: 17 Apr 2019
  6. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,981
    Likes Received:
    1,582
    Err... No, they're not. Unless you can explain which hardware flaw is only exploitable if you don't update the Intel Graphics Performance Analyser for Linux, or the Intel Media SDK?
     
  7. Knowbody

    Knowbody New Member

    Joined:
    15 Aug 2012
    Posts:
    6
    Likes Received:
    0
    No, Meltdown can be exploited by any userspace code, to read kernel memory it shouldn't be allowed to access.

    And like I said, the workaround is to keep deleting all of the kernel memory from the CPUs cache every time userspace code is executed.
    And that takes extra time, therefore you receive a performance hit.
    This has to be implemented by the OS kernel itself, not just by software running on top of the OS.

    The proper fix is to make sure that userspace code that doesn't have the right permissions doesn't get speculatively executed in the first place.
    And this has to be done with a redesign of the architecture and replacement of the CPU.
    Existing CPUs cannot be fixed, they have to apply the workaround.
     
    Last edited: 23 Apr 2019 at 05:38
  8. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,981
    Likes Received:
    1,582
    I genuinely can't tell if you're trolling or not. This article is not about Meltdown. Here, let me quote for your hopeful edification:
    In smaller words: a software flaw in the software installer for a piece of software. Absolutely nothing to do with any hardware flaw, and the fix is a fix, not a workaround.
    Again, a software flaw in a software development kit which can be fixed, not worked around, by installing the update.

    Neither of these are in any way related to Meltdown. Neither of these are in any way related to speculative execution. Neither of these are in any way related to hardware flaws.

    Next time you want to teach your grandmother to suck eggs, could you do me a favour and actually read the article?
     
  9. Knowbody

    Knowbody New Member

    Joined:
    15 Aug 2012
    Posts:
    6
    Likes Received:
    0
    The quote you originally responded to said this:
    Yes, this was referencing the hardware vulnerabilities.
    Notice the words "Intel chips" in the quote.
     
  10. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    11,981
    Likes Received:
    1,582
    Nice try at avoiding admitting you're wrong, but the message you originally replied to said:
    Anything else you need clarifying while I'm here?
     
Tags: Add Tags

Share This Page