Jump to content

Extraordinarily bad bug in Intel CPU memory management


Rotareneg

Recommended Posts

The technical details for this exploit (and another one that's also very severe and effect virtually all modern CPUs, not just Intel) have been released: https://meltdownattack.com/

 

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

 

https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/

 

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

 

There's a severe vulnerability in Intel CPUs that is suspected to involve user mode processes being able to read kernel mode memory. That means that, in theory, some java script running in the background on a web page you've got open in your browser might be able to read the operating systems memory to get various "secure" pieces of data, like passwords, cryptographic keys, etc. Potentially far worse, it would allow processes running on virtual machines to read memory outside the VM, which would, for example, make cloud computing potentially insecure.

 

There's a patch for the Linux kernel out already which apparently has a noticeable performance hit as it causes caches related to virtual memory (TLB) to be purged any time the processor switches between user mode and kernel mode processes, which happens pretty much any time any program does any I/O operations: sound, video, network, storage, etc.

 

Found some benchmark results on Linux, the good news is there doesn't seem to be a noticeable performance hit for gaming:

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

 

Some benchmarks, like video encoding or comping the Linux kernel, didn't take a hit, but others like PostgreSQL, did:

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

Edited by Rotareneg
Link to comment
Share on other sites

 

Gaming seems to be mostly unaffected, and desktop users probably mostly have little to fear. It is server centres that may face headaches over performance drops, and certain desktop productivity tasks.

 

I want Intel getting sued for releasing their brandnew 8th generation CPU although knowing since many months that it is affected by this hardware misdesign as well. It is not a continuation of an old product line, but opening a brandnew one although knowing it is porked.  The only valid option would have been to delay the release and rework the hardware design. Kick their balls for this betrayal.

 

I read that at least one CEO of Intel has sold all his Intel stocks except the legal minimum already in early November.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...