2018 is not Starting off well - Intel CPUs Expose Kernel Contents to Users

[Foxbat]

I heard about this last night and the good blokes over at The Register have written it up:
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign


All of us with Intel CPUs produced in the last 10 years or so are affected. Linux, Mac, and Windows, doesn't matter; any Virtual Memory OS. You folks with AMD processors are fortunate as it seems the Engineers at AMD thought of that:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

(from a letter AMD shared with the Linux Community)

So, if you thought Apple slowing down your iPhone was bad, wait until hundreds of millions of Intel PC users find their machines running a tenth to a third slower after patching this month...

 

[FTA4PA]

AMD here!

 

[harshness]

I'm all AMD at home (I'm a major skinflint) but my virtual server got the Debian Jessie patches a while back.

This is a pretty nasty oversight on Intel's part. Fixing hardware bugs in software is the long way around and can be very costly to performance.

It will be interesting to see what the CPU charts at Tom's Hardware look like after the patches.

Speaking of Tom's Hardware, they presented this article that discusses some Linux benchmarks by Phoronix:

Intel CPU Bug Performance Loss Reports Are Premature

It is important to note that there is a whole lot of speculation and theorizing involved at this point and the real story will likely have to wait until after Microsoft drops their patch and people that don't have an axe to grind or a burning desire to scoop everyone else can get some hands-on experience.

 

[harshness]

In case Mac users might be feeling pretty smug because the Mac isn't mentioned often (it is absolutely a party to the Intel problem), someone found another bug in MacOS that gives an attacker root privileges:

MacOS Kernel Flaw Could Allow Full-System Compromise

This one isn't as stupid as the bug where you didn't have to enter a root password, but it has apparently been around for 15 years.

 

[N6BY]

Intel stock is down a little over 4% so far today. When the news of this bug reaches the masses, I think Intel is going to take a much bigger hit.

Might be a good time to short sell Intel stock.

 

[harshness]

Intel stock is down a little over 4% so far today.

AMD is up 9% and INTC is down 5.85 as of 2pm EST.

 

[klang]

Mac fix already partially in place: Intel Memory Access Design Flaw Already Addressed by Apple in macOS 10.13.2

 

[navychop]

My antique system is so slow anyway. I use it so little I don’t want to replace it.

Did they ever list exactly which ones are vulnerable? Maybe mine is so old it’s safe

Figures. This is the PC I left AMD to go back to Intel.

 

[harshness]

At least one of the articles that I read suggested that AMD machines may suffer as a result of the patch that they don't need.

 

[Foxbat]

At least one of the articles that I read suggested that AMD machines may suffer as a result of the patch that they don't need.

Intel was saying "hey, it's not just us, everybody does it." Intel Says Major Security Flaw Affects Competitors AMD and ARM Too One of the code snippits from the Linux forum appeared to be checking for non-AMD hardware flags before adding the extra layer of Kernel Table isolation.

Might be a good time to short sell Intel stock.

Probably too late for that now. You needed to be slightly ahead of the game, like Intel's CEO: Intel's CEO Just Sold a Lot of Stock (that was back in November, before this news was general knowledge but after Intel was notified by Google of their findings.)

 

[navychop]

“but after”

Insider trading?

 

[harshness]

Insider trading?

Seems like a textbook example to me.

 

[ewindowman]

I always had a Intel inside. Than I bought a dell last year it has AMD . Glad I did.

 

[FTA4PA]

Last Intel processor I had was a Pentium II. It's been AMD ever since then...

 

[Foxbat]

Lots of traffic on this today. Can't have security exploits without a sexy name, so welcome to "Spectre" and "Meltdown". Meltdown and Spectre

Microsoft released an out-of-band patch to address these exploits, but some AntiVirus software causes a system halt due to non-standard calls to the Windows Kernel. Information regarding anti-virus software

Apple does confirm the A-series chips in their iOS and tvOS devices are vulnerable but security patches have been released to mitigate the Meltdown: About speculative execution vulnerabilities in ARM-based and Intel CPUs

 

[N6BY]

...Probably too late for that now. You needed to be slightly ahead of the game, like Intel's CEO: Intel's CEO Just Sold a Lot of Stock (that was back in November, before this news was general knowledge but after Intel was notified by Google of their findings.)

Its hard to tell how the general public will react when news of this is widespread. I think Intel will get a huge class-action lawsuit. I certainly wouldn't buy Intel stock, but I'm not brave enough to short it.

I will not purchase anything with 'Intel Inside' until they release a new chip without the glitches.

And that 'Intel Inside' sticker they put on new computers is going to make them really hard to sell in the stores.

 

[TheKrell]

I saw a microcode update come down on some of my RHEL 7 boxes the day before yesterday, including two running Atom mpus. Is that how the fix is implemented in Linux?

 

[navychop]

Yep, “Intel Inside” is a warning label, just as it was with the 80386 debacle.

But most people are clueless about all this.

I wonder if the iPad 3 will be fixed, now that Apple admits all iPhones and iPads are affected.

And how can s/w fix a h/w issue, without itself being vulnerable?

 

[harshness]

Microsoft released an out-of-band patch to address these exploits, but some AntiVirus software causes a system halt due to non-standard calls to the Windows Kernel.

Perhaps more important to their biggest customers, they've been slamming out the patches for SQL Server, IE11 and Edge in hopes that their cloud customers don't see the 20+% hit that PostgreSQL saw. It has to be a whole new universe at Microsoft where they weren't the genesis of a major flaw.

 

[harshness]

And how can s/w fix a h/w issue, without itself being vulnerable?

Most of the software that benefited from the lookahead feature is OS-level stuff so they either build something into the OS to check the permission level (the "ring") and flush the page or they turn anticipatory execution off. Both are pretty costly solutions but if done with very high privileges (very low ring level), they shouldn't be able to be undone.

In my cynical mind, the fact that IE and Edge were among the first applications patched virtually guarantees that those applications were banging the hardware rather than using OS calls as is demanded of everyone else.