No announcement yet.

New, unprecedented security vulnerabilities in Intel and other modern processors

  • Filter
  • Time
  • Show
Clear All
new posts

  • New, unprecedented security vulnerabilities in Intel and other modern processors

    Academic and Google-associated researchers just released two vulnerabilities, Spectre and Meltdown.They exploit performance features of modern processors to read arbitrary memory*. When exploited, malicious code using this vulnerability read _everything_ the processor has access to. For instance, protected health information on an EMR server. And cloud services are especially vulnerable.

    As customary with major exploits, many affected operating system developers were notified ahead of time**, and had a chance to develop patches. Those patches probably fix the vulnerability, but at a major cost to processor performance. Epic Games just posted these CPU utilization graphs showing a major drop in processor performance.

    So, basically, some systems still aren't patched, and the patched ones will all get slower. That makes processing costs as a whole more expensive. High-CPU services like gaming servers are being hit hard.


    * Most modern processors include branch prediction and speculation. Basically, most modern processors have multiple "pipelines" to execute instructions, and programs run faster when the pipelines are all being used. When those pipelines aren't all being used, newer processors run instructions that may never be needed, called "speculation". This lets an attacker write instructions that should never be run (because of security checks, for instance), but the processor executes anyway in the name of performance. Combined with caching, this let's an attacker read any and all data currently in memory.

    **An "embargo" was placed on releasing patches, as is typical when major exploits are discovered. So, some privledged OSs were notified ahead of time, and got to develop patches that were just released with the announcement of the exploits. The patches couldn't be released until the announcement (the embargo) because releasing a patch announces the vulnerability before other major OS. Notably, not all OSs were notified, and the BSD developers were caught off guard. All BSD systems are vulnerable as of right now.

  • #2
    I've read some techy folks talking about how its worse than what people are saying because basically what it does is reverse engineer whats going on (warning: will use tech words I dont fully understand and may make wildly wrong associations) from some kernel process even if the memory is stored elsewhere due to this predictive process. So they surmise anything using that (made it sound like everything) could be exploited in that manner. Pretty crazy.

    Reminded me how crazy cpu engineering is and how complex it is. Wish I knew more about it.


    • #3

      Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock



      • #4