Massive CPU Security Flaws Revealed


#382

I would expect a Meltdown fix in new Intel CPUs in fairly short order, maybe a couple of months. Spectre fixes probably won’t be 2018.


#383

German IT-focused news site says there are 8 new Spectre-related vulnerabilities that will require further patching. And apparently these are critical because they affect VMs, which is basically the entire cloud.


#384

#385

A lot of this “dependent on malware running locally” stuff isn’t that interesting, unless you are a cloud provider that runs malware arbitrary executable code for a living, and then it is INCREDIBLY important.


#386

AMD user, here. :brofist:

(Yes, I know Spectre affects AMD users too.)


#387

#388

I was watching that video without audio and could not figure out what it was about.


#389

Does anyone know when there will be hardware fixes for this stuff? IE: In about a year vs 5+ years?
I was thinking about building a new rig, but I wanted to wait until the hardware around these bugs are fixed.


#390

Intel is saying that the Xeon’s coming out end of next year will be fixed. Not sure on the consumer side.

It takes years to design and tape-out a CPU. Intel has separate teams working on each generation, so it may seem like they’re able to design a new CPU each year, the fact is that a single team has been working on that design for years.

And fixing something like this isn’t easy. Spectre is a result of the industry embracing speed at all costs for decades. Speculative execution was a foundation of that.


#391

Yes, Meltdown will be fixed in their very next release. Spectre could take years to truly fix, but I would expect hardware mitigations in the next generation to limit the performance hit.


#392

And the hits just keep on hitting. The latest vulnerability has been revealed; this was one of the ones that Intel was planning to fix in August.

http://blog.cyberus-technology.de/posts/2018-06-06-intel-lazyfp-vulnerability.html


#393

So after all this, are BIOS updates going to become the new routine? That’s not as easy as pushing through an OS update.


#394

Would the recommendation be to hold off on a new PC until the chip makers get things sorted out or are things mostly stable now?


#395

I imagine it depends on how badly you need a new PC. Not urgent? Wait it out. Really need one? Go get one.

As far as I’m aware, there’s no actual, working exploit for these CPU flaws in the wild. Though I guess we’d never know, right?


#396

Thank you for the answer @Menzo. It’s nothing dire, it’s more of an excuse to finally get me using Win10.


#397

The exploit variants keep coming, so I don’t know that there’s much value in waiting for discrete fixes.

Modern processors heavily depend on branch prediction, so a serious redesign will be needed long term.

Diego


#398

Finally getting the last bunch of HP machines in our work environment patched–this is still theoretical though right? No active payloads in the wild from what we can tell.


#399

Hyperthreading is compromised.


#400

It isn’t if you read the article.


#401

I read your comment at first as “So if I read this article I’m safe from having my Hyperthreading become compromised?” :)