CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,575
    Messages:
    29,526
    Likes Received:
    58,489
    Trophy Points:
    931
    [​IMG]
    AMD Warns Of Potential Spectre-Style Zen 3 Processor Security Vulnerability sweclockers.com

    Intel was raked over the coals three years ago when Spectre and Meltdown vulnerabilities were first discovered that could affect its consumer and enterprise processors. The company addressed the side-channel exploits with patches and subsequent hardware revisions, but AMD is now coming under the microscope for a side-channel attack that could affect processors based on its Zen 3 architecture...

    At this time, AMD has provided instructions via a security bulletin [PDF] on how to disable PSF, as it is enabled by default on Zen 3 processors. The company has also proposed a Linux patch to enable/disable the functionality. We'd assume that AMD is working with Microsoft on patches for Windows-based operating systems as well.

    However, since it has not yet seen any real-world attacks that have taken advantage of the PSF, AMD is recommending that most customers leave the feature enabled for now. We'd imagine that this could be due to a performance hit that might be realized when disabling the feature, but AMD didn't provide any guidance on that potential in its support document.
     
    Last edited: Apr 4, 2021
    KING19, Starlight5, dmanti and 3 others like this.
  2. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    36,982
    Messages:
    39,074
    Likes Received:
    69,545
    Trophy Points:
    931
    Yup. What goes around comes around. And, you know what they say about karma? Coincidentally, it's the same thing they say about payback.
     
    Vasudev and tilleroftheearth like this.
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    11,778
    Messages:
    11,226
    Likes Received:
    8,742
    Trophy Points:
    931
    Needs to be seen if PSF converts Zen3 to Zen 2.
    On older Intel CPUs I'm getting slaughtered when CPU utilization hits 100% which basically locks up the system when using latest uCodes.
     
    Starlight5 and ajc9988 like this.
  4. ajc9988

    ajc9988 Death by a thousand paper cuts

    Reputations:
    1,743
    Messages:
    6,111
    Likes Received:
    8,823
    Trophy Points:
    681
    WTF are you talking about? This effects ONLY ZEN 3 CPUs. NOT ALL AMD CPUs, like how meltdown went back how many decades?

    With that said, it is a serious security flaw, as is any predictive branch security flaw. And I wonder how much of a performance hit AMD will take when fixing it. First CPU to be faster than Intel's and major security flaw found in one of the things introduced to help speed up IPC to beat Intel at certain tasks. It is pretty ironic that Intel ignored security to get performance, then AMD, when beating Intel, left themselves vulnerable similarly in order to get there.
     
    KING19, Clamibot, Vasudev and 2 others like this.
  5. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    36,982
    Messages:
    39,074
    Likes Received:
    69,545
    Trophy Points:
    931
    It doesn't matter. Everything has undiscovered vulnerabilities. Serious, yes. End of the world, no. In fact, I disable the mitigations because the cure is worse than the disease.

    The vulnerabilities for the other CPUs simply haven't been discovered and/or disclosed yet. Only a matter of time. When it happens they'll make a huge deal out of it like they always do. That's what I said about Intel and the same applies to AMD. It is inevitable.

    The vulnerabilities are accidental. The exploitation is deliberate. The underlying problem is a flaw in humanity, not a hardware flaw. Flaws in products will always exist, but flaws in character are a choice.
     
    Last edited: Apr 3, 2021
  6. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    11,778
    Messages:
    11,226
    Likes Received:
    8,742
    Trophy Points:
    931
    Had to apply them since I'm using it as dev machine which caused bigger for loops to be stuck or at deadlock and made the AW BGA near useless. After applying the crashing has stopped but performance is slow.
     
    jc_denton and Papusan like this.
  7. Starlight5

    Starlight5 Yes, I'm a cat. What else is there to say, really?

    Reputations:
    815
    Messages:
    3,229
    Likes Received:
    1,637
    Trophy Points:
    231
    Intel CPUs sadly have end of the world vulnerabilities...
    I totally understand where you're coming from. However, while leaving additional attack surface may be OK for many users, it is unacceptable for some companies and individuals. (For them) if a device has known vulnerabilities, they must be mitigated; if they cannot be mitigated (hello, unfixable Intel SGX), the device must be replaced.
    We live (and work) here and now, not in some distant future.
    There is a clear distinction between those vulnerabilities that can be mitigated, and those that cannot.
     
    Deks, Papusan, Aivxtla and 2 others like this.
  8. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,575
    Messages:
    29,526
    Likes Received:
    58,489
    Trophy Points:
    931
    New Spectre Exploits Beat All Mitigations: Fixes to Severely Degrade Performance tomshardware.com | Today
    [​IMG]

    Researchers from two universities have discovered several new variants of Spectre exploits that affect all modern processors from AMD and Intel with micro-op caches. Existing Spectre mitigations do not protect the CPUs against potential attacks that use these vulnerabilities. Meanwhile, researchers believe that mitigating these vulnerabilities will cause more significant performance penalties than the fixes for previous types of Spectre exploits. However, it remains unknown how easy these vulnerabilities are to exploit in the real world, so the danger may be limited to directed attacks.

    Low Risk?
    One thing to keep in mind is that exploiting micro-ops cache vulnerabilities is extremely tricky as such malware will have to bypass all other software and hardware security measures that modern systems have and then execute a very specific type of attack that is unconventional, to say the least. To that end, chances that the new Spectre vulnerabilities will lead to widespread wrongdoings are rather low. Instead, they could be used for specific targeted attacks from sophisticated players, like nation-states.

    New Spectre Chip Security Vulnerability Found That Leaves Billions Of PCs Still Defenseless hothardware.com | Today
    upload_2021-5-1_21-43-33.jpeg
     
    Last edited: May 1, 2021
  9. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    36,982
    Messages:
    39,074
    Likes Received:
    69,545
    Trophy Points:
    931
    As long as I can say no to mitigations, I'm good. They need to exterminate (yes, capital punishment) everyone they catch attempting to capitalize on technology exploits if they want the problem to go away or become less of an annoyance to the rest of us.
     
  10. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    5,367
    Messages:
    12,669
    Likes Received:
    2,698
    Trophy Points:
    631
    @Papusan, saw this earlier today. Predicted this at least a year or two ago.

    Intel, AMD, doesn't matter... nobody is immune.
     
    Vasudev and Papusan like this.

Share This Page