Massive CPU Security Flaws Revealed


I would expect a Meltdown fix in new Intel CPUs in fairly short order, maybe a couple of months. Spectre fixes probably won’t be 2018.


German IT-focused news site says there are 8 new Spectre-related vulnerabilities that will require further patching. And apparently these are critical because they affect VMs, which is basically the entire cloud.



A lot of this “dependent on malware running locally” stuff isn’t that interesting, unless you are a cloud provider that runs malware arbitrary executable code for a living, and then it is INCREDIBLY important.


AMD user, here. :brofist:

(Yes, I know Spectre affects AMD users too.)



I was watching that video without audio and could not figure out what it was about.


Does anyone know when there will be hardware fixes for this stuff? IE: In about a year vs 5+ years?
I was thinking about building a new rig, but I wanted to wait until the hardware around these bugs are fixed.


Intel is saying that the Xeon’s coming out end of next year will be fixed. Not sure on the consumer side.

It takes years to design and tape-out a CPU. Intel has separate teams working on each generation, so it may seem like they’re able to design a new CPU each year, the fact is that a single team has been working on that design for years.

And fixing something like this isn’t easy. Spectre is a result of the industry embracing speed at all costs for decades. Speculative execution was a foundation of that.


Yes, Meltdown will be fixed in their very next release. Spectre could take years to truly fix, but I would expect hardware mitigations in the next generation to limit the performance hit.


And the hits just keep on hitting. The latest vulnerability has been revealed; this was one of the ones that Intel was planning to fix in August.


So after all this, are BIOS updates going to become the new routine? That’s not as easy as pushing through an OS update.


Would the recommendation be to hold off on a new PC until the chip makers get things sorted out or are things mostly stable now?


I imagine it depends on how badly you need a new PC. Not urgent? Wait it out. Really need one? Go get one.

As far as I’m aware, there’s no actual, working exploit for these CPU flaws in the wild. Though I guess we’d never know, right?


Thank you for the answer @Menzo. It’s nothing dire, it’s more of an excuse to finally get me using Win10.


The exploit variants keep coming, so I don’t know that there’s much value in waiting for discrete fixes.

Modern processors heavily depend on branch prediction, so a serious redesign will be needed long term.



Finally getting the last bunch of HP machines in our work environment patched–this is still theoretical though right? No active payloads in the wild from what we can tell.


Hyperthreading is compromised.


It isn’t if you read the article.


I read your comment at first as “So if I read this article I’m safe from having my Hyperthreading become compromised?” :)