‘Kernel memory leaking’ Intel processor design flaw


A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.

It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!

Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.

This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower! 

Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.


  1. Tomi Engdahl says:

    Spectre fixes slow down Linux a little

    Greg Kroah-Hartman, one of the key administrators in the Linux kernel, reports that a single report compares Linux kernels 4.11 and latest version 4.15. Without KPI (Kernel Page Table Isolation) 4.15, it is about 7-9 percent faster than the 4.11 release in April.

    This situation changes when KPTI correction is enabled on the kernel. After that, 4.15 is 1-2 percent slower than the 4.11 version. Kroah-Hartman considers this result to be quite good.

    Source: http://etn.fi/index.php?option=com_content&view=article&id=7502&via=n&datum=2018-02-05_15:18:57&mottagare=31202

  2. Tomi Engdahl says:

    One backdoor vulnerability in CPUs is predictive execution, where some outcome is predicted and execution proceeds along the predicted path until the actual result is known.

    “If everything is encrypted by the chip, even with predictive execution, the stored data is encrypted and more difficult to hack,” Hsu says.

    Source: https://www.eetimes.com/document.asp?doc_id=1332931

  3. Tomi Engdahl says:

    Meltdown/Spectre Status for Red Hat and Oracle

    The Red Hat family of operating systems addressed Meltdown and Spectre in its v3.10 kernel quickly, but relied too much upon Intel’s flawed microcode and was forced to revert from a complete solution. Oracle implemented alternate approaches more suited to its v4.1 UEK, but both kernels continue to lack full Spectre coverage while they wait for Intel. Conspicuously absent from either Linux branch is Google’s retpoline, which offers far greater and more efficient coverage for all CPUs. Auditing this status is a challenge. This article presents the latest tools for vulnerability assessments.

    Red Hat was one of the first Linux distributions to publish guidance on Meltdown and Spectre. It established three files as “kernel tunables” in the /sys/kernel/debug/x86 directory to monitor and control these patches: pti_enabled for Meltdown, ibpb_enabled for Spectre v1 and ibrs_enabled for Spectre v2. Only the root user can access these files.

    It is not generally understood that, although the BIOS is responsible for providing a base microcode image, the Linux kernel is able to update some CPUs at boot with a volatile, runtime upgrade for Intel microcode. The update must come from the CPU vendor, carrying its digital signature; it cannot be produced independently by the OS maintainers. This is accomplished on Intel CPUs with the help of the following RPM

    Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables

  4. Tomi Engdahl says:

    Spectre & Meltdown Checker

    A simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018.

    Without options, it’ll inspect your currently running kernel. You can also specify a kernel image on the command line, if you’d like to inspect a kernel you’re not running.

    The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.

  5. Tomi Engdahl says:

    Intel Releases New Spectre Patches for Skylake CPUs

    Intel has started releasing new microcode updates that should address one of the Spectre vulnerabilities after the first round of patches caused significant problems for many users.

    The company has so far released new firmware updates only for its Skylake processors, but expects updates to become available for other platforms as well in the coming days. Customers and partners have been provided beta updates to ensure that they can be extensively tested before being moved into production.

    The chipmaker started releasing microcode patches for the Spectre and Meltdown vulnerabilities shortly after the attack methods were disclosed by researchers. However, the company was forced to suspend updates due to frequent reboots and other unpredictable system behavior. Microsoft and other vendors also disabled mitigations or stopped providing firmware updates due to Intel’s buggy patches.Intel provides new microcode updates for Skylake CPUs

    Intel claims to have identified the root of an issue that caused systems to reboot more frequently after the patches were installed.

    The company initially said only systems running Broadwell and Haswell CPUs experienced more frequent reboots, but similar behavior was later observed on Ivy Bridge-, Sandy Bridge-, Skylake-, and Kaby Lake-based platforms as well.

    The problem appears to be related to the fix for CVE-2017-5715, one of the flaws that allows Spectre attacks, specifically Spectre Variant 2. Meltdown and Variant 1 of Spectre can be patched efficiently with software updates, but Spectre Variant 2 requires microcode updates for a complete fix.

  6. Tomi Engdahl says:

    Both Intel and AMD announced recently that they are working on processors that will have built-in protections against exploits such as Spectre and Meltdown.

    New AMD Processors to Include Protections for Spectre-like Exploits

    AMD’s new Zen 2 and future processors will include protections against Spectre and other similar exploits

    AMD CEO Lisa Su reiterated that the company’s CPUs are not vulnerable to Meltdown attacks and one variant of the Spectre attack is difficult to carry out against its products.

    “For Spectre Variant 1, we continue actively working with our ecosystem partners on mitigations, including operating system patches that have begun to roll out. We continue to believe that Variant 2 of Spectre is difficult to exploit on AMD processors, however we are deploying CPU microcode patches – in combination with OS updates – to provide additional mitigation steps,” Su explained.

    Intel Working on CPUs With Meltdown, Spectre Protections

    Intel is working on CPUs that will include built-in protections against the notorious Meltdown and Spectre attacks,

    Intel has released some microcode updates to address the vulnerabilities, but the patches have caused serious problems for many users, which has led to Intel and other vendors halting updates.

    “Our near term focus is on delivering high quality mitigations to protect our customers’ infrastructure from these exploits. We’re working to incorporate silicon-based changes to future products that will directly address the Spectre and Meltdown threats in hardware. And those products will begin appearing later this year,” Krzanich said.

    Several class action lawsuits have already been filed against Intel, accusing the company of violating state consumer laws by misleading customers about its product and breaching warranties.

  7. Tomi Engdahl says:

    An Update on Spectre and Meltdown

    Be Careful

    We have heard about tools available for download that purportedly detect whether your devices have been infected by Spectre and Meltdown. Be careful about what you install. It could be malware. We have also read about fake patches.

    Looking Ahead

    Some semiconductor industry leaders are predicting that we are likely to see similar threats in the future. Simon Seggars, CEO of ARM, said at CES: “The reality is there are probably other things out there like it that have been deemed safe for years.”

  8. Tomi Engdahl says:

    Windows Analytics Helps Assess Risk of Meltdown, Spectre Attacks

    Microsoft is stepping up its efforts to help IT professionals better assess whether their Windows devices are protected against the industry-wide Meltdown and Spectre attack techniques.

    Publicly detailed in the beginning of this year, the two attacks allow malicious applications to bypass memory isolation mechanisms and access potentially sensitive data. Residing in the processors themselves, the bugs affect billions of devices.

    Tech companies were informed on the bugs last year and worked hard on releasing both software and firmware mitigations, but some of the patches added instability and their delivery was stopped. Microsoft too decided to disable mitigations for one Spectre attack variation as systems became unstable.

    After halting the initial patches several weeks ago, Intel recently rolled out new microcode updates to address one of the Spectre vulnerabilities in its Skylake processors. IBM, Oracle, and many other vendors rushed to push out patches for the bugs as well, and malware that abuses the vulnerabilities emerged as well.

    Being hardware-based security vulnerabilities, Meltdown and Spectre represent a challenge for the entire industry, Microsoft says. Not only are updates required for both CPU microcode (firmware) and the operating system, but the anti-virus has to be compatible with the patches as well, at least on Windows.

    To help IT professionals assess whether the Windows devices in their networks are protected against Spectre and Meltdown, Microsoft has added new capabilities to its free Windows Analytics service.

    With the help of these new features, admins can access reports on the status of all Windows devices they manage, Terry Myerson, Executive Vice President, Windows and Devices Group, explains.

  9. Tomi Engdahl says:

    Intel Offers $250,000 for Side-Channel Exploits

    Intel Opens Bug Bounty Program to All Researchers, Offers up to $250,000 for Flaws Similar to Meltdown and Spectre

    Intel on Wednesday announced major changes to its bug bounty program, including that it’s now open to all researchers, and significant rewards for exploits similar to Meltdown and Spectre.

    Researchers who find critical hardware vulnerabilities that allow software-based side-channel attacks – just like Meltdown and Spectre – can earn up to $250,000. Flaws classified as high severity are worth up to $100,000, while medium- and low-risk issues are worth up to $20,000 and $5,000, respectively. The severity of a flaw is determined based on its CVSS base score, adjusted depending on the security objectives and threat model of the targeted product.

    The part of Intel’s bug bounty program covering side-channel exploits will run until December 31, 2018.


  10. Tomi Engdahl says:

    Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables

  11. Tomi Engdahl says:

    Tom Warren / The Verge:
    SEC filing: Intel facing 32 class action lawsuits over Meltdown and Spectre CPU flaws and three shareholder derivative actions over alleged insider trading

    Intel facing 32 lawsuits over Meltdown and Spectre CPU security flaws
    Shareholders also allege insider trading

    Intel has revealed today that the company is facing at least 32 lawsuits over the Meltdown and Spectre CPU flaws. “As of February 15, 2018, 30 customer class action lawsuits and two securities class action lawsuits have been filed,” says Intel in an SEC filing today. The customer class action lawsuits are “seeking monetary damages and equitable relief,” while the securities lawsuits “allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.”

    It’s no surprise to see Intel facing multiple lawsuits, and the company warns it could face many more in the future. The Meltdown and Spectre security flaws have helped reveal fundamental issues with processor designs over the past 20 years, and the software updates to protect PCs have had noticeable performance impacts. Intel’s response to the security flaws lacked transparency at first, and it was left largely to Microsoft to reveal the true extent of the performance issues.

    Intel has struggled to patch its processors for the Spectre flaw, as its initial updates caused reboots on some machines. Microsoft was also forced to issue an emergency Windows update to disable Intel’s buggy Spectre fixes.

  12. Tomi Engdahl says:

    Intel ships update for newest Spectre-affected chips

    Intel has announced that the fix is out for its latest chips affected by Spectre, the memory-leakage flaw affecting practically all computing hardware. The patch is for the Skylake generation (late 2015) and newer, though most users will still have to wait for the code to be implemented by whoever manufactured their computer (specifically, their motherboard).

    The various problems presented in January by security researchers have to be addressed by a mix of fixes at the application, OS, kernel and microarchitecture level. This patch is the latter, and it replaces an earlier one that was found to be unstable.

  13. Tomi Engdahl says:

    Stephen Nellis / Reuters:
    Letters from Intel, Alphabet, and Apple to Congress say Intel didn’t disclose Spectre and Meltdown flaws to US cyber security officials before news leaked — (Reuters) – Intel Corp did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until …

    Intel did not tell U.S. cyber officials about chip flaws until made public

    Intel Corp did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problems

    Current and former U.S. government officials have raised concerns that the government was not informed of the flaws before they became public because the flaws potentially held national security implications.

  14. Tomi Engdahl says:

    Intel hit with 32 lawsuits over security flaws
    February 16, 2018

    Intel Corp said on Friday shareholders and customers had filed 32 class action lawsuits against the company in connection with recently-disclosed security flaws in its microchips.

    Most of the lawsuits – 30 – are customer class action cases that claim that users were harmed by Intel’s “actions and/or omissions” related to the flaws

  15. Tomi Engdahl says:

    Gartner Provides Seven Steps Security Leaders Can Take to Deal With Spectre and Meltdown

    “Spectre” and “Meltdown” are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years.

    Security researchers revealed three major variants of attacks in January 2018. The first two are referred to as Spectre, the third as Meltdown, and all three variants involve speculative execution of code to read what should have been protected memory and the use of subsequent side-channel-based attacks to infer the memory contents.

    Gartner has identified seven steps security leaders can take to mitigate risk:

    1. Modern operating systems (OSs) and hypervisors depend on structured, layered permission models to deliver security isolation and separation. Because this exploitable design implementation is in hardware — below the OS and the hypervisor — all software layers above are affected and vulnerable. However, memory can only be read, but not altered. Exploitation of the flaw requires untrusted code to be introduced and executed on the target system, which should be extremely difficult on a well-managed server or appliance such as a network or storage appliance.

    2. Nearly every modern IT system will be affected to some extent. Not since Y2K has a vulnerability affected so many systems — desktops, mobile devices, servers, virtual machines, network and storage appliances, operation technology and the Internet of Things devices — required a deliberate, phased plan of action for remediation efforts. The starting point for security leaders must be an inventory of affected systems. In some cases, the risk-appropriate decision will be not to patch. However, in all cases, the roadmap for security leaders will be the inventory. For each system, a detailed database or spreadsheet is needed to track the device or workload, the version of its microprocessor, firmware version and OS.

    3. The vulnerabilities are not directly remotely exploitable. A successful attack requires the attacker to execute code on the system. As such, application control and whitelisting on all systems greatly reduce the risk of unknown code execution. However, shared infrastructure as a service (IaaS) infrastructure is particularly vulnerable until the cloud providers update their underlying firmware and hypervisor layer (which the leading providers have done). Strong separation of duties (SOD) and privileged account management (PAM) reduce the risk of the introduction of untrusted code.

    4. When devising a remediation strategy, Gartner recommends breaking the strategy into prioritized phases, because the risk, performance implications and potential hardware upgrades required will vary greatly among use cases. Start with systems that represent the most risk — desktops, virtual desktop infrastructure (VDI), smartphones and externally facing servers.

    5. Information security leaders need to be prepared for scenarios in which the appropriate decision is not to patch. In some cases, this will be due to lack of patches on older systems. In other cases, the impact on performance is not offset by the reduction in risk, so patches will not be applied.

    6. For systems that are not patched or only partially patched, multiple mitigating controls can reduce risk. The single most important issue to address is restricting the ability to place unknown or untrusted code onto the device. By reducing this, risks are significantly lowered, because attacks require local code execution.

    7. Spectre and Meltdown represent an entirely new class of vulnerabilities, and this is just the beginning. The underlying exploitable implementation will remain for years to come.

  16. Tomi Engdahl says:

    Intel did not tell U.S. cyber officials about chip flaws until made public

    (Reuters) – Intel Corp did not inform U.S. cyber security officials of the so-called Meltdown and Spectre chip security flaws until they leaked to the public, six months after Alphabet Inc notified the chipmaker of the problem

  17. Tomi Engdahl says:

    Intel Releases Spectre Patches for Broadwell, Haswell CPUs

    Intel has released new firmware updates for its Broadwell and Haswell processors to address the Spectre vulnerability.

    After the first round of Spectre patches released by the company caused more frequent reboots and other instability problems, Intel started working on new microcode updates.

    The company first released new firmware updates for its Skylake processors, and last week it announced the availability of patches for several other CPUs, including Kaby Lake and Coffee Lake.

    This week, the company updated the list of available firmware patches to state that the fixes for Haswell and Broadwell processors are also ready for use in production environments.

    As of February 28, patches that can be deployed in production environments are available for the following products: Anniedale/Moorefield, Apollo Lake, Avoton/Rangeley, Broadwell (except Server EX), Broxton, Cherry View, Coffee Lake, Cougar Mountain, Denverton, Gemini Lake, Haswell (except Server EX), Kaby Lake, Knights Landing, Knights Mill, Skylake, SoFIA, Tangier, Valleyview/Bay Trail, and XGold.

    Beta patches have been provided to OEMs for validation for Gladden, some Ivy Bridge, Sandy Bridge, and Skylake Xeon E3 processors. The microcode updates for Broadwell and Haswell Server EX processors, specifically the Xeon E7v4 and E7v3 product families, are also in beta phase.

  18. Tomi Engdahl says:

    Siemens Releases BIOS Updates to Patch Intel Chip Flaws

    Siemens has released BIOS updates for several of its industrial devices to patch vulnerabilities discovered recently in Intel chips, including Meltdown, Spectre and flaws affecting the company’s Management Engine technology.

    Following the disclosure of the Meltdown and Spectre attack methods, industrial control systems (ICS) manufacturers immediately started analyzing the impact of the flaws on their products. Advisories have been published by companies such as Siemens, Rockwell Automation, Schneider Electric, ABB, and Pepperl+Fuchs.

    Siemens has determined that the security holes expose many of its product lines to attacks, including RUGGEDCOM, SIMATIC, SIMOTION, SINEMA, and SINUMERIK.

  19. Tomi Engdahl says:

    News Releases
    Microsemi Announces its Entire Product Portfolio is Unaffected by Spectre and Meltdown Vulnerabilities

    ALISO VIEJO, Calif., Jan. 16, 2018 /PRNewswire/ — Microsemi Corporation (Nasdaq: MSCC), a leading provider of semiconductor solutions differentiated by power, security, reliability and performance, today announced its products, including its field programmable gate arrays (FPGAs), are not affected by the recently identified security flaws associated with the use of x86 and ARM® and a number of other processors. The announcement comes as security researchers recently revealed major computer chip vulnerabilities, called Spectre and Meltdown, in chips—affecting billions of devices globally.

    “As a leader in security, we strive to ensure our products are immune to both existing and potential new threats or vulnerabilities,” said Jim Aralis, chief technology officer and vice president of advanced development at Microsemi. “As soon as news broke about Meltdown and Spectre, Microsemi immediately assessed its existing products with thorough analysis of the architecture and intellectual property (IP) blocks with its internal security experts. The assessment clearly concluded that none of the processor cores embedded with the associated use models in Microsemi products are impacted by these weaknesses.”

    Not only are Microsemi’s FPGAs not affected by Spectre or Meltdown, the company’s devices also offer multiple security layers for maximum protection. In addition to its SmartFusion™ and SmartFusion2 FPGAs, and communications and storage products—which do not have either security flaw—the company’s soft RISC-V core and its RISC-V IP provider are also unaffected by the security issues. As a leader in hardware security, Microsemi is well-known for its cybersecurity and malware expertise, offering customers the highest levels of design and data security.

  20. Tomi Engdahl says:

    Spectre and Meltdown: What’s Left after Everyone Panicked for a Moment?

    Maybe it’s not as dangerous as everyone thinks. Or maybe it is? What we do know is that there are now almost 140 different malware samples trying to exploit the Meltdown and Spectre processor gaps. It’s hard to determine whether this has led to concrete attacks on users; however, it is highly probable that there haven’t been any such attacks. Also, we know the history of the whole mess, but what don’t we know? Everything else.
    Almost 2 months after everyone with a keyboard and fingers told the internet about their fears of Spectre and Meltdown, the majority of hardware manufacturers and security researchers are still working on the issue. While manufacturers, including Intel, are busy developing and delivering patches, security researchers of all kinds are already writing malware exploits. The fact that not everything is running according to plan with these attempts also fits into the picture. Intel is currently being sued by more than 30 groups for the Meltdown and Spectre vulnerabilities but instead of resolving the security gaps and clarifying them, Intel created additional chaos at the end of January. Because updates on certain older computers led to crashes or unnecessary restarts, the chip giant now advises against installation. Meanwhile, other PC manufacturers had already processed Intel’s rework attempts to BIOS updates. And many of these vendors are now taking down the updates from their websites again.

    More and More Malware, but Real Attacks Are Unknown
    The nearly 140 different malware versions, which are supposed to attack the gaps, are based on the known proof-of-concept code and target Windows, macOS and Linux. They come from security researchers, so they were probably written for testing purposes, or they come from anti-virus vendors who, in turn, received them from their customers. The great number of samples is explained by the fact that the malware or exploit writers are already busy determining whether the gaps can somehow be exploited to steal data. Realistically, you can only expect an attack via a browser, at least for now. Users should therefore always keep their browser software up to date.

    What Constitutes a Crime?
    So I ask myself: what are we talking about here? A potential danger? Well… alright. An attack on end users and businesses? Not for the time being. Based on our current knowledge, there is no evidence of concrete attacks on users. The firewall manufacturer Fortinet, which has been alerting its users to the danger, apparently has no concrete evidence of attacks.

    Intel is now expanding its Bug Bounty Program to detect and eliminate security vulnerabilities sooner. From now on, the so-called Side Channel Vulnerabilities will be announced until the end of the year with a reward of 250,000 US dollars

  21. Tomi Engdahl says:

    Meltdown/Spectre: The First Large-Scale Example of a ‘Genetic’ Threat
    Sponsored by Dark Reading

    While superficially just another large vulnerability, Meltdown and Spectre represent an entirely new class of threat that dramatically escalates the need for effective security programs and practices.

  22. Tomi Engdahl says:

    Windows Updates Deliver Intel’s Spectre Microcode Patches

    Microsoft announced on Thursday that Windows users will receive the microcode updates released by Intel to patch the notorious Spectre vulnerability.

    Meltdown and Spectre attacks allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to a flaw tracked as CVE-2017-5754, while Spectre attacks are possible due to CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). Meltdown and Spectre Variant 1 can be addressed with software updates, but Spectre Variant 2 requires microcode patches.

    Microsoft has provided users the necessary software updates and it has now started delivering microcode patches as well.

    After the first round of Spectre microcode patches from Intel caused more frequent reboots and other instability problems, the company started releasing new updates. The first patches were for Skylake, then for Kaby Lake and Coffee Lake, and this week for Haswell and Broadwell processors.

    Intel has provided the microcode updates to device manufacturers, which are expected to make them available to customers once they have been tested.

  23. Tomi Engdahl says:

    Intel’s Spectre fix for Broadwell and Haswell chips has finally landed
    Chips that sparked Intel’s recall of microcode for Spectre Variant 2 attack now have stable fixes.

  24. Tomi Engdahl says:

    Richard Chirgwin / The Register:
    Researchers use speculative execution flaws to design an attack, called SgxPectre, that reads the contents of SGX secure enclaves on Intel CPUs — And no, you’re not supposed to be able to do that — Vid The Spectre design flaws in modern CPUs can be exploited to punch holes through …

    Spectre haunts Intel’s SGX defense: CPU flaws can be exploited to snoop on enclaves
    And no, you’re not supposed to be able to do that

    The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel’s SGX secure environments, researchers claim.

    SGX – short for Software Guard eXtensions – is a mechanism that normal applications can use to ring-fence sections of memory that not even the operating system nor a hypervisor can access, let alone other programs.

    The speculative execution flaws revealed in January, however, jeopardize SGX’s security boundaries, as demonstrated in the video

    The researchers – professors Yinqian Zhang, Zhiqiang Lin, and Ten Lai, plus students Guoxing Chen, Sanchuan Chen, and Yuan Xiao – hail from Ohio State University in the USA. They’ve dubbed their enclave-sniffing technique SgxPectre, and noted on GitHub: “Similar to their non-SGX counterparts, SgxPectre attacks exploit the race condition between the injected, speculatively executed memory references and the latency of the branch resolution.”

    Enclave code built using the Intel SGX SDK, Rust-SGX, Graphene-SGX, or similar runtime libraries, are vulnerable, we’re told.

    There is a fix: Intel’s microcode update that introduced indirect branch restricted speculation (IBRS), which flushes the branch prediction history at the enclave boundary.

    However, an evil sysadmin at, for example, a cloud provider could revert the patch, and “there is no means for the enclave code to reliably detect if IBRS is enabled.”

    Intel says it will update its SGX SDK later this month to allow software attestation to detect the presence of Spectre mitigations. Enclave code will need to be rebuilt and redeployed using the updated development kit to be protected from malicious sysadmins.


  25. Tomi Engdahl says:

    6 Lessons from the CPU Meltdown

    The chief technologist of a computer hardware and software company shares some basic principles for plugging the security gaps in the next Meltdown or Spectre.

    1. Maintain extra CPU headroom: It’s important to have enough CPU resources in place to handle workloads in all failure scenarios. It is clear we also need to take into account software mitigations for this new class of hardware flaws–mitigations which also may significantly affect performance.

    2. Be prepared to respond: One of the biggest frustrations over this incident was the apparent lack of processes in place to address flaws like Meltdown and Spectre.

    3. Be flexible and adaptable: If you don’t have processes in place to address fixes quickly, at least have the flexibility to drop other things and shift gears quickly to get the job done. Adjust priorities as needed to establish the resources to test patched systems are running with a level of stability that meets your comfort level. Have a team ready to support customers who are pushing the performance envelope.

    4. Internal and external communications are key: When the patch flaw was revealed, my company created internal communications with employees to help them understand the severity of the issue, how it impacted system vulnerability and what we were doing to address it. As a result, our teams were ready with answers when our customers called.

    5. Automate testing and know the variables: Test automation speeds the process of applying microcode and OS patches as they come down from vendors.

    6. It takes a trusted village: If our processor and software manufacturers can’t be open and honest, we’re all going to have to look after each other. Think open source communities. If someone spots something odd during a testing process, they can inform others rather than wait for an official statement or patch release from the manufacturer.

  26. Tomi Engdahl says:

    Alfred Ng / CNET:
    Experts reveal 13 alleged flaws in AMD Ryzen and EPYC chips, just 24 hours after showing AMD, that allow malware to be installed on secure portions of the chips — Researchers say they’ve found 13 flaws in AMD’s Ryzen and EPYC chips, which could let attackers install malware on highly guarded parts of the processor.

    AMD allegedly has its own Spectre-like security flaws

    Researchers say they’ve found 13 flaws in AMD’s Ryzen and EPYC chips, which could let attackers install malware on highly guarded parts of the processor.

  27. Tomi Engdahl says:

    Intel Shares Details on New CPUs With Spectre, Meltdown Protections

    Intel announced on Thursday that patches designed to address the Spectre vulnerability are now available for all the affected CPUs released in the past five years, and shared more details on the future processors that will include protections against these types of attacks.

    Intel CEO Brian Krzanich informed customers that the company has made available microcode updates for “100 percent” of the recent processors vulnerable to Meltdown and Spectre attacks.

    The company first released new firmware updates for its Skylake processors, then for Kaby Lake and Coffee Lake, and later for Broadwell and Haswell CPUs. The fixes will be delivered by device manufacturers, but Microsoft has also started providing the microcode patches for Windows 10 devices with Skylake, Coffee Lake and Kaby Lake processors.

  28. Tomi Engdahl says:

    Steve Dent / Engadget:
    Intel says upcoming 8th-gen Xeon and Core CPUs have been redesigned to provide hardware protection against Spectre variant 2 and Meltdown vulnerabilities — As promised, Intel has redesigned its upcoming 8th-gen Xeon and Core processors to further reduce the risks of attacks via the Spectre …

  29. Tomi Engdahl says:

    Intel announces hardware fixes for Spectre and Meltdown on upcoming chips

    When the Spectre and Meltdown bugs hit, it became clear that they wouldn’t be fixed with a few quick patches — the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three, anyway.

    CEO Brian Krzanich announced the news in a company blog post.

    “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,” Krzanich writes. Cascade Lake Xeon and 8th-gen Core processors should include these changes when they ship in the second half of 2018.

    Lastly, even older hardware will be getting the microcode updates — back to the 1st-gen Core processors.



Leave a Comment

Your email address will not be published. Required fields are marked *