CPU vulnerabilities. Intel, AMD and Arm.

Fed up talking videogames? Why?
User avatar
Xeno
Member
Joined in 2008

PostCPU vulnerabilities. Intel, AMD and Arm.
by Xeno » Thu Jan 04, 2018 9:37 am

http://www.bbc.co.uk/news/technology-42561169

Tech firms are working to fix two bugs that could allow hackers to steal personal data from computer systems.

Google researchers said one of the "serious security flaws", dubbed "Spectre", was found in chips made by Intel, AMD and ARM.

The other, known as "Meltdown" affects Intel-made chips alone.

The industry has been aware of the problem for months and hoped to solve it before details were made public.

The UK's National Cyber Security Centre (NCSC) said there was no evidence that the vulnerability had been exploited.

According to the researchers who found the bugs, chips dating as far back as 1995 have been affected.

Some fixes, in the form of software updates, have been introduced or will be available in the next few days, said Intel, which provides chips to about 80% of desktop computers and 90% of laptops worldwide.

Often when researchers discover a security problem, they share the information with the affected company so the issue can be fixed.

Typically, both parties agree not to publicise the problem until a fix has been implemented, so that criminals cannot take advantage of the issue.

This time it looks like somebody jumped the gun and information was leaked before a software fix was ready for distribution.

Intel said it had planned to share information next week, and several security researchers have tweeted that they have made a secrecy pact with the chip-maker.

That leaves the company in an uncomfortable situation, with a widely-publicised problem made public before the fix is ready to go.

Microchips are the basic electronic systems behind many devices such as computers and mobile phones.

The issue was originally linked to a flaw only in Intel's chips, but the firm said this was "incorrect".

"Many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits," said Intel.

ARM said patches had already been shared with its customers, which include many smartphone manufacturers.

AMD said it believed there was "near zero risk to AMD products at this time."


There are a number of software updates coming however the fix may cause as much as a 30% performance hit in certain tasks depending on what tasks you use the CPU for.

Tech support are going to have a gooseberry fool time with people calling them about stuff seeming to be slower.

User avatar
Errkal
Social Sec.
Joined in 2011
Location: Hastings
Contact:

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Errkal » Thu Jan 04, 2018 10:07 am

Isn't Specter one basically not fixable.

I was reading yesterday that it is all down the the underlying architecture and would require a hardware refresh to resolve so that one will be around and a risk for a very very long time.

User avatar
Xeno
Member
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Xeno » Thu Jan 04, 2018 10:16 am

Yeah, a microcode fix isn't possible so they are having to do it in the OS which is putting a stupid overhead on the performance. There is a rumour that the "fault" is a backdoor put in for the NSA but that will just remain a rumour. Oh and the CEO has sold of 24 million dollars of stock he had and owns the bare minimum that he has to own in his position.

User avatar
Errkal
Social Sec.
Joined in 2011
Location: Hastings
Contact:

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Errkal » Thu Jan 04, 2018 10:19 am

Yeah saw that, monumental bell he is!

It will be interesting how this will all play out, I can't imagine they will be able to go down the recall route so imagine it will be ridden out and be sorted in the next gen of chips.

User avatar
Lagamorph
Member ♥
Joined in 2010

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Lagamorph » Thu Jan 04, 2018 10:20 am

Xeno wrote:Yeah, a microcode fix isn't possible so they are having to do it in the OS which is putting a stupid overhead on the performance. There is a rumour that the "fault" is a backdoor put in for the NSA but that will just remain a rumour. Oh and the CEO has sold of 24 million dollars of stock he had and owns the bare minimum that he has to own in his position.

And he coincidentally sold them a week before this news came out. What are the odds of that happening?

Intel are quite possibly facing a lawsuit from cloud providers like Amazon and Cloud if their infrastructure ends up taking a noticeable performance hit.

Lagamorph's Underwater Photography Thread
Zellery wrote:Good post Lagamorph.
Turboman wrote:Lagomorph..... Is ..... Right
User avatar
Xeno
Member
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Xeno » Thu Jan 04, 2018 10:30 am

The main hit will be the server market based on what I have read. Gaming might get a tiny hit but nothing to what all those server farms will have.

So how long will it take for them to release a chip without the built in vulnerability? If AMD are smart they will already be working with their sales teams and working out how best to benefit from this.

User avatar
Kezzer
Member
Joined in 2012

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Kezzer » Thu Jan 04, 2018 10:42 am

Only took the millennium bug 17 years and 3 days :roll:

Image
Image
Image
https://i.imgur.com/p4kW4c7.png

Check out the Digital Combat Simulator thread for some hardcore aerial combat! | Mumble | PCGT V | The Photography Thread |
User avatar
False
Member ♥
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by False » Thu Jan 04, 2018 11:37 am

Its sort of funny. Every generation we test AMD and Intel servers against eachother to see which is fastest, and as a result we have 99.9% Intel infrastructure, now we are gonna patch and lose our performance advantage lel.

Also Xeno, its not a performance overhead from a lazy patch. The speculative memory grabbing is being disabled which forces a reload of the kernel memory table every time it is required to read/write. Essentially no other way to fix issues with spec memory without turning it off. Being as its a ring 0 issue impacting ring 3 its more like a hobbled ankle.

Image
User avatar
KK
Moderator
Joined in 2008
Location: Botswana
Contact:

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by KK » Thu Jan 04, 2018 11:40 am

Could this completely hobble already low powered computers, i.e. ones that retail for around £200 and just about manage to run Windows 10?

Image
User avatar
Xeno
Member
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Xeno » Thu Jan 04, 2018 11:40 am

I didn't say it was a lazy patch.

User avatar
Dual
Member
Joined in 2008
AKA: Stool Bloke

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Dual » Thu Jan 04, 2018 11:43 am

This is why consoles are better than PCs.

User avatar
False
Member ♥
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by False » Thu Jan 04, 2018 11:45 am

KK wrote:Could this completely hobble already low powered computers, i.e. ones that retail for around £200 and just about manage to run Windows 10?


It might slow down the OS stuff a bit, but seeing as an application isnt supposed to write into ring 0 (kernel space), only ring 3 (user space) it shouldnt be a lot, if any.

Basically the only places you should see a performance hit is early OS running or initiating or when an app drops to ring 0 - which per best security practice it should never ever do.

Image
User avatar
Meep
Member
Joined in 2010
Location: Belfast

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Meep » Sat Jan 06, 2018 12:45 am

AMD's stock value has risen significantly. This has definitely given them a hand in regaining market share.

The unfortunate thing is that chips take years to bring through development so we will be near the back end of 2020 probably before we see hardware free of this problem.

Dual wrote:This is why consoles are better than PCs.


I'm pretty sure most console gamers also use PCs and laptops with personal information on them. ;) Besides, aren't the current gen console CPUs manufactured by AMD? Spectre is probably an issue with them as well.

User avatar
Green Gecko
Director
Joined in 2008
Location: Sussex
Contact:

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Green Gecko » Sat Jan 06, 2018 1:28 am

Poor people don't get Dual.

Support GRcade | t: @GRcade | FB: GRcadeUK | YT: GRcadeVideo | Twitch: GRcadeUK
Image
Image
User avatar
Ironhide
Member
Joined in 2008
Location: Autobot City

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Ironhide » Sat Jan 06, 2018 4:41 pm

Gently-Hung Holly Wreath wrote:
KK wrote:Could this completely hobble already low powered computers, i.e. ones that retail for around £200 and just about manage to run Windows 10?


It might slow down the OS stuff a bit, but seeing as an application isnt supposed to write into ring 0 (kernel space), only ring 3 (user space) it shouldnt be a lot, if any.

Basically the only places you should see a performance hit is early OS running or initiating or when an app drops to ring 0 - which per best security practice it should never ever do.


So, the average user probably won't notice much slowdown then?

Its still quite a massive problem though as there must be several million affected cpu's out there, I imagine it's potentially far worse than the Y2K 'crisis' was as there's no real solution to the problem other than disabling the vulnerable cpu routines and crippling performance.

Image
User avatar
Peter Crisp
Member
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Peter Crisp » Sat Jan 06, 2018 4:43 pm

I think the only solution is to scrap all modern computers and get back the the Spectrum 48K and its superior rubber keyboard.

jiggles wrote:Nobody with a VR headset is going to be using it regularly this time next year, let alone in 4 years time.


Posted 16th March 2016. Let's see.
User avatar
Lagamorph
Member ♥
Joined in 2010

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Lagamorph » Sat Jan 06, 2018 4:46 pm

This is what happened to some of the back end servers of Fortnite after they patched

Attention Fortnite community,

We wanted to provide a bit more context for the most recent login issues and service instability. All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability. We heavily rely on cloud services to run our back-end and we may experience further service issues due to ongoing updates.

Here is a link to an article which describes the issue in depth.

The following chart shows the significant impact on CPU usage of one of our back-end services after a host was patched to address the Meltdown vulnerability.


Image


https://www.epicgames.com/fortnite/foru ... ity-update

Lagamorph's Underwater Photography Thread
Zellery wrote:Good post Lagamorph.
Turboman wrote:Lagomorph..... Is ..... Right
User avatar
Peter Crisp
Member
Joined in 2008

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Peter Crisp » Sat Jan 06, 2018 4:49 pm

I wondered why everyone was put in a 15 minute queue last night.

jiggles wrote:Nobody with a VR headset is going to be using it regularly this time next year, let alone in 4 years time.


Posted 16th March 2016. Let's see.
User avatar
KK
Moderator
Joined in 2008
Location: Botswana
Contact:

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by KK » Sat Jan 06, 2018 4:50 pm

I’m sure this will have made Apple even more determined to create their own innards.

Image
User avatar
Irene Demova
Member
Joined in 2009
AKA: Karl

PostRe: CPU vulnerabilities. Intel, AMD and Arm.
by Irene Demova » Sat Jan 06, 2018 4:52 pm

Lastpostamorph wrote:This is what happened to some of the back end servers of Fortnite after they patched

lol I decided to try that yesterday, it took a 20 minutes queue just to open the game

Battle royale game is rubbish anyway, you hide in a shed for 10 minutes and then get killed with an rpg


Return to “Stuff”