This just got worse: there's another security hole. This one affects all CPUs, Intel, AMD, and the ARM processors in your smartphones. The previous flaw in the OP is called Meltdown. The new flaw that affects all processors is called Spectre.
How much is the Spectre patch going to affect your performance, you ask? It won't, because there is no fix. You'll need new hardware. Spectre has been living quietly with us for decades, so there's no way to just use older hardware. Once the attack method gets out... yeah.
In summary, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!)) and Spectre, which affects all (to include the ARM processors in your smartphones) systems. There is no known fix for Spectre, besides new hardware.
So yeah, we're all screwed once Spectre leaks.
EDIT2:
AMD says risk for their processors from Spectre's two attacks is "zero, and almost zero" because of the way their processors are designed: - we'll see :
Wow, I went into the windows insider program a month ago just to see new features and noticed my boot-up time slowed way down. Figured it came with the territory but I guess it was the patch they were beta testing before screwing the rest of the world over. This sucks.
Calarand77lurking in general forumsJoin Date: 2016-01-22Member: 211786Members
Well, I'm not gonna pretend I understand what and how, but what the smarter people out there say is very troubling. With my dated system already struggling, losing as much as 30% of performance will be crippling for most of my gaming experiences. I mean - I can stand playing a very good game at 28-30 FPS, but lower than that? I doubt anyone could. Happy New Year, I guess.
now that we know that ours cpu is going to become 5% to 30% slower because Kernel-memory-leaking.
maybe later intel can release a update that make our cpus 5% to 15% faster
(if they make the code more secure and efficient)
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running them.
As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data. We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web. These efforts have included collaborative analysis and the development of novel mitigations.
We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation. The full Project Zero report is forthcoming.
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.
Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
So far, there are three known variants of the issue:
But... I don't want to run windows updater on my win7, they just patch win10 over it without asking.
There's ways to limit updates to the current version of Windows (even between versions of Windows 10). You need to update for this fault because once knowledge of the details get out, there will be exploit attacks that use it.
I've heard gaming is barely affected, and most of it is virtualization (so, the Interwebs just got 30% slower, most of Google, Amazon etc are all Intel-based and virtualized (if you didn't know, Amazon hosts like half the web, and Google the rest - not really but it's a huge amount -- also, CloudFlare? same thing))
Can't tell for sure until benchmarks come out though. Also, hitting AMD with the same patch even though their CPUs are not affected is a really, really low blow (but might be just to get the fix out, thoroughly test AMD, then release another patch to let AMD chips have their performance back -- if not, then something really rotten is going on between Intel and OS developers.
I've heard gaming is barely affected, and most of it is virtualization (so, the Interwebs just got 30% slower, most of Google, Amazon etc are all Intel-based and virtualized (if you didn't know, Amazon hosts like half the web, and Google the rest - not really but it's a huge amount -- also, CloudFlare? same thing))
Can't tell for sure until benchmarks come out though. Also, hitting AMD with the same patch even though their CPUs are not affected is a really, really low blow (but might be just to get the fix out, thoroughly test AMD, then release another patch to let AMD chips have their performance back -- if not, then something really rotten is going on between Intel and OS developers.
This just got worse: there's another security hole. This one affects all CPUs, Intel, AMD, and the ARM processors in your smartphones. The previous flaw in the OP is called Meltdown. The new flaw that affects all processors is called Spectre.
How much is the Spectre patch going to affect your performance, you ask? It won't, because there is no fix. You'll need new hardware. Spectre has been living quietly with us for decades, so there's no way to just use older hardware. Once the attack method gets out... yeah.
In summary, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!)) and Spectre, which affects all (to include the ARM processors in your smartphones) systems. There is no known fix for Spectre, besides new hardware.
This just got worse: there's another security hole. This one affects all CPUs, Intel, AMD, and the ARM processors in your smartphones. The previous flaw in the OP is called Meltdown. The new flaw that affects all processors is called Spectre.
How much is the Spectre patch going to affect your performance, you ask? It won't, because there is no fix. You'll need new hardware. Spectre has been living quietly with us for decades, so there's no way to just use older hardware. Once the attack method gets out... yeah.
In summary, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!)) and Spectre, which affects all (to include the ARM processors in your smartphones) systems. There is no known fix for Spectre, besides new hardware.
I would say gaming will be affected. Meltdown appears to require the kernel code and data being in a different page table from a user process. That means whenever a program does a system call, the user process page table will likely have to be saved and a kernel process page table loaded. Caching of those could reduce the impact. However, any computer used in the way most servers and workstations are used--including for gaming--will be impacted. Some changes in kernel and other OS code could make the impact a bit less, but there's going to be impact.
The only "good" thing about both issues, Meltdown and Spectre, is they are local exploits. A malicious program has to be running on the machine to take advantage of them. Even with both present, some changes in the way kernel code (like for passwords) and other code operate can reduce the impact by wiping critical information in memory ASAP, for kernel code perhaps in tight code that locks out interruption and thus being spied upon.
Comments
http://reddit.com/r/intel/comments/7npcfx/kernel_memory_leaking_intel_processor_design_flaw/
EDIT:
TechPowerUp article with quotes from Linus Torvalds (creator of Linux, extremely smart) at the end among other goodies.
Also,
EDIT2:
AMD says risk for their processors from Spectre's two attacks is "zero, and almost zero" because of the way their processors are designed: - we'll see :
https://www.amd.com/en/corporate/speculative-execution
EDIT3:
Linux excludes AMD from Meltdown patch: (as they claim they aren't affected by it)
http://reddit.com/r/Amd/comments/7nzts4/linux_accepts_excluding_amd_from_pti_if_amd_is_so/
Sold my Barton 2500+, Venice 3800+ and C2D-E6420 mang \o/
"fuck"
You made me laugh for 30 minutes straight man
But at least subnautica is well optimized now so I don't have to worry about a thing
Eh, sorry for the rant, just really sad here.
You wanna start a fight or something \o/
kek
that's a shitty move, all across the board of kernel devs
maybe later intel can release a update that make our cpus 5% to 15% faster
(if they make the code more secure and efficient)
"Several Days" is a LOT of time for somebody nefarious out there to cause a TON of damage.
But... But, Google's motto is "Don't be evil", they promised
Can't tell for sure until benchmarks come out though. Also, hitting AMD with the same patch even though their CPUs are not affected is a really, really low blow (but might be just to get the fix out, thoroughly test AMD, then release another patch to let AMD chips have their performance back -- if not, then something really rotten is going on between Intel and OS developers.
Can't tell for sure until benchmarks come out though. Also, hitting AMD with the same patch even though their CPUs are not affected is a really, really low blow (but might be just to get the fix out, thoroughly test AMD, then release another patch to let AMD chips have their performance back -- if not, then something really rotten is going on between Intel and OS developers.
How much is the Spectre patch going to affect your performance, you ask? It won't, because there is no fix. You'll need new hardware. Spectre has been living quietly with us for decades, so there's no way to just use older hardware. Once the attack method gets out... yeah.
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
In summary, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!)) and Spectre, which affects all (to include the ARM processors in your smartphones) systems. There is no known fix for Spectre, besides new hardware.
So yeah, we're all screwed once Spectre leaks.
This just got worse: there's another security hole. This one affects all CPUs, Intel, AMD, and the ARM processors in your smartphones. The previous flaw in the OP is called Meltdown. The new flaw that affects all processors is called Spectre.
How much is the Spectre patch going to affect your performance, you ask? It won't, because there is no fix. You'll need new hardware. Spectre has been living quietly with us for decades, so there's no way to just use older hardware. Once the attack method gets out... yeah.
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
In summary, there's two separate flaws; Meltdown only affects Intel CPUs, and requires a performance-draining patch (which will also be applied to the non-affected AMD chips, because "glory to Intel!" (no, really!)) and Spectre, which affects all (to include the ARM processors in your smartphones) systems. There is no known fix for Spectre, besides new hardware.
So yeah, we're all screwed once Spectre leaks.
The only "good" thing about both issues, Meltdown and Spectre, is they are local exploits. A malicious program has to be running on the machine to take advantage of them. Even with both present, some changes in the way kernel code (like for passwords) and other code operate can reduce the impact by wiping critical information in memory ASAP, for kernel code perhaps in tight code that locks out interruption and thus being spied upon.