Intel bug incoming

chubbysuperbiker · 2018-01-02T12:25:00+00:00

So let me get this straight, not only is this a massive security bug that unpatched could let a VM write to another VM, but patched it will incur a 30+% performance hit?

Goddamnit 2018 you were supposed to be better than 2017.

samsonx · 2018-01-02T13:47:06+00:00

Are we getting security updates from 4chan now ?

What a world!

GMginger · 2018-01-02T09:58:50+00:00

So there's Linux and Windows patches in the pipeline - wonder when we'll hear if there's VMware patches to come along too.
If the virtualisation layer is patched, hopefuly that renders the attack vector unusable in any guest OS too.

jw12321 · 2018-01-02T10:15:33+00:00

This... looks really, really bad. Not sure what else to say other than that. I can't imagine this will stay embargoed for much longer at this point.

There's a good amount of technical discussion on this HackerNews post if anyone is interested: https://news.ycombinator.com/item?id=16046636

s1m0n8 · 2018-01-02T14:30:29+00:00

If this thing gets a catchy name and a logo, it could be serious.

CatMerc · 2018-01-02T10:04:27+00:00

What an EPYC opportunity!

I'm sorry, I know where the door is.

nerddtvg · 2018-01-02T14:20:27+00:00

This is probably why Microsoft released a notice that some VMs in Azure must be rebooted prior to or they will be automatically rebooted on January 10th. Of course that could just be standard maintenance as it isn't like they release a lot of information either way.

RadioShackTRS80Mod3 · 2018-01-02T11:16:37+00:00

Should I start buying AMD shares?

huxley00 · 2018-01-02T15:38:21+00:00

There was JUST a post a week ago in /r/personalfinance from a guy who inherited his stock portfolio from his dad, valued at 325k of Intel stock.

He was worried about having all his eggs in one basket. Hopefully he got moving on that...

sysvival · 2018-01-02T09:30:56+00:00

https://media.giphy.com/media/RHiD0K65NxxLO/giphy.gif

synept · 2018-01-02T11:57:57+00:00

Who figures KASLR is useless? I'm curious to see some references on that.

Patriotaus · 2018-01-02T12:29:56+00:00

Thomas Lendacky is a PMTS Software Engineer at AMD. His LinkedIn say he works on Linux kernel development. It's probably safe to say he knows whether or not this will effect AMD.

"AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against"

SteelChicken · 2018-01-02T14:42:11+00:00

From the iklm.org link:

The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode

Why would Intel do this any other way? Some kind of performance hack?

slayer991 · 2018-01-02T15:29:05+00:00

This is great news...for AMD.

AMD introduces their most competitive chip in nearly a decade...and now this. This should make things interesting...

Aesthetically · 2018-01-02T14:25:16+00:00

Brb replacing my mobo and 7700k

captaincobol · 2018-01-02T19:59:20+00:00

Article on the Register goes into what's known.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

I like the original acronym better.

biggest_decision · 2018-01-02T12:09:38+00:00

Those performance numbers are going to be pretty task specific though, it's unlikely to be 34% across the board.

Where this patch does hurt performance is context switching in and out of the kernel. So if your application is making heaps of syscalls all the time, it might really harm your performance.

It's really hard to have any idea about how serious this is going to be till we see it in the real world though. Guess we'll known soon enough.

darrkwolf · 2018-01-02T11:02:06+00:00

What generation intel cores could be affected?

mad8vskillz · 2018-01-02T13:53:32+00:00

so should I short INTC?

4d656761466167676f74 · 2018-01-02T20:56:01+00:00

2015: HTTPS is literally useless

2016: Monitors allow remote code execution on phones even when the phones have all network services disabled

2017: WPA2 is one hundred percent compromised, all wifi networks are basically public and nearly unsecurable

2018: All intel processors allow undefined access to kernelspace memory and potentially Ring-1 code execution even from web browsers

What's next, are we going to suddenly learn that USB ports come alive at night and slaughter people? Why was this the decade that all technology suddenly became completely insecure?

sethstorm · 2018-01-02T15:19:36+00:00

First of all, as @grsecurity points out, some comments in the code have been redacted, and additionally the main documentation file describing the work is presently missing entirely from the Linux source tree.

So there's mystery meat running now.

robertito42 · 2018-01-02T14:14:16+00:00

It used to be the CPU was the lowest level of abstraction, now there are layers below it that we don't understand which almost certainly are being used to spy on us.

Palkonium · 2018-01-02T14:32:21+00:00

Explain this to me like I'm five

bopsbt · 2018-01-02T11:49:32+00:00

Any decent write ups that are not on Tumblr? (blocked at work)

chihuahua001 · 2018-01-02T16:26:43+00:00

How about Intel just admits that all of their products are backdoored out of the box?

x2571 · 2018-01-02T14:53:09+00:00

I'm reminded of this - https://danluu.com/cpu-bugs/

BloodyIron · 2018-01-02T18:11:32+00:00

X86_BUG_CPU_INSECURE

One would think they could name it better.

UnemployedMerchant · 2018-01-02T15:16:35+00:00

Is this a new way of telling next gen will have 40% of improvement. And not even any but ipc.Sneaky marketing, but we have learned from people like them, several times

Sandwich247 · 2018-01-02T12:04:38+00:00

Another one? Darn this sucks.

AlienOverlordXenu · 2018-01-02T23:44:09+00:00

And here are initial performance tests of said fixes: https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1

productionse · 2018-01-02T11:43:58+00:00

Call me paranoid, but this sounds like an NSA backdoor implementation.

Edit grammar

Wahrscheinlich · 2018-01-02T17:04:52+00:00

you guys are on /r/All

do I need to shit my pants? the only thing i'm an admin of besides my pc is my router

ErikTheEngineer · 2018-01-02T12:40:46+00:00

Wow, I thought the Achilles heel of public cloud was authentication (Azure AD, AWS IAM, etc.) I thought hackers would pound on the identity management stuff with all their weapons, or just wait for someone at Microsoft or Amazon to accidentally release the private keys on an unprotected storage account.

This sounds like it could affect basically anyone running a multitenant bit-barn. I'm assuming this affects VMWare and Hyper-V also?

moldyjellybean · 2018-01-02T14:49:03+00:00

My amd stock did go up 2.5% so far at open

bionic80 · 2018-01-03T00:58:58+00:00

I started a new job today - showed this thread to my boss (who IS former sysadmin) and he's already got 2 extra VM hosts on order for horizon... and he already asked me if I'd like more pay. It's a good day.

svsdvfds · 2018-01-02T23:18:12+00:00

My Pentium 1 is safe.

frankv1971 · 2018-01-02T15:32:39+00:00

Call me stupid but for private organisations that run no VMs other than their own this patch would not be needed (and the performance hit)?

VTCEngineers · 2018-01-02T16:19:00+00:00

I am assuming no CVE just yet...Or is there?

MrKaru · 2018-01-03T00:41:42+00:00

As a pure gamer, the refund window on my 6600k is coming to an end. I could return it by the 6th for a full refund. Is it worth doing that and getting a 1700x? It's hard to get info on this, and I understand that everybody is saying "We should wait and see", but with a time limit only a few days away, I don't want to jump ship if it's not needed or stick with it and get screwed.

Mr2-1782Man · 2018-01-03T03:34:48+00:00

I have an objection to the way the kernel devs are handling this. Seems like they're penalizing everyone for an Intel problem. The line

if (c->x86_vendor != X86_VENDOR_AMD)

is what prevents a CPU from being marked insecure. Even if you don't know coding you should see that this whitelists AMD instead of blacklisting Intel. The problems with this should be obvious. Instead of let's slightly rework the code to be more Intel-like

if (c->x86_vendor == GENUINE_INTEL)
  kill_performance();

glassuser · 2018-01-02T15:24:50+00:00

How much mass does a hardware bug have?

iamnos · 2018-01-03T00:00:49+00:00

At the end of November, the Intel CEO sold every stock he legally could and still remain CEO.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

This is probably not long after Intel learned about the bug if you consider MS was working on a patch in November.

chubbysuperbiker · 2018-01-02T12:25:00+00:00

So let me get this straight, not only is this a massive security bug that unpatched could let a VM write to another VM, but patched it will incur a 30+% performance hit?

Goddamnit 2018 you were supposed to be better than 2017.

samsonx · 2018-01-02T13:47:06+00:00

Are we getting security updates from 4chan now ?

What a world!

GMginger · 2018-01-02T09:58:50+00:00

So there's Linux and Windows patches in the pipeline - wonder when we'll hear if there's VMware patches to come along too.
If the virtualisation layer is patched, hopefuly that renders the attack vector unusable in any guest OS too.

jw12321 · 2018-01-02T10:15:33+00:00

This... looks really, really bad. Not sure what else to say other than that. I can't imagine this will stay embargoed for much longer at this point.

There's a good amount of technical discussion on this HackerNews post if anyone is interested: https://news.ycombinator.com/item?id=16046636

s1m0n8 · 2018-01-02T14:30:29+00:00

If this thing gets a catchy name and a logo, it could be serious.

CatMerc · 2018-01-02T10:04:27+00:00

What an EPYC opportunity!

I'm sorry, I know where the door is.

nerddtvg · 2018-01-02T14:20:27+00:00

This is probably why Microsoft released a notice that some VMs in Azure must be rebooted prior to or they will be automatically rebooted on January 10th. Of course that could just be standard maintenance as it isn't like they release a lot of information either way.

RadioShackTRS80Mod3 · 2018-01-02T11:16:37+00:00

Should I start buying AMD shares?

huxley00 · 2018-01-02T15:38:21+00:00

There was JUST a post a week ago in /r/personalfinance from a guy who inherited his stock portfolio from his dad, valued at 325k of Intel stock.

He was worried about having all his eggs in one basket. Hopefully he got moving on that...

sysvival · 2018-01-02T09:30:56+00:00

https://media.giphy.com/media/RHiD0K65NxxLO/giphy.gif

synept · 2018-01-02T11:57:57+00:00

Who figures KASLR is useless? I'm curious to see some references on that.

Patriotaus · 2018-01-02T12:29:56+00:00

Thomas Lendacky is a PMTS Software Engineer at AMD. His LinkedIn say he works on Linux kernel development. It's probably safe to say he knows whether or not this will effect AMD.

"AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against"

SteelChicken · 2018-01-02T14:42:11+00:00

From the iklm.org link:

The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode

Why would Intel do this any other way? Some kind of performance hack?

slayer991 · 2018-01-02T15:29:05+00:00

This is great news...for AMD.

AMD introduces their most competitive chip in nearly a decade...and now this. This should make things interesting...

Aesthetically · 2018-01-02T14:25:16+00:00

Brb replacing my mobo and 7700k

captaincobol · 2018-01-02T19:59:20+00:00

Article on the Register goes into what's known.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

I like the original acronym better.

biggest_decision · 2018-01-02T12:09:38+00:00

Those performance numbers are going to be pretty task specific though, it's unlikely to be 34% across the board.

Where this patch does hurt performance is context switching in and out of the kernel. So if your application is making heaps of syscalls all the time, it might really harm your performance.

It's really hard to have any idea about how serious this is going to be till we see it in the real world though. Guess we'll known soon enough.

darrkwolf · 2018-01-02T11:02:06+00:00

What generation intel cores could be affected?

mad8vskillz · 2018-01-02T13:53:32+00:00

so should I short INTC?

4d656761466167676f74 · 2018-01-02T20:56:01+00:00

2015: HTTPS is literally useless

2016: Monitors allow remote code execution on phones even when the phones have all network services disabled

2017: WPA2 is one hundred percent compromised, all wifi networks are basically public and nearly unsecurable

2018: All intel processors allow undefined access to kernelspace memory and potentially Ring-1 code execution even from web browsers

What's next, are we going to suddenly learn that USB ports come alive at night and slaughter people? Why was this the decade that all technology suddenly became completely insecure?

sethstorm · 2018-01-02T15:19:36+00:00

First of all, as @grsecurity points out, some comments in the code have been redacted, and additionally the main documentation file describing the work is presently missing entirely from the Linux source tree.

So there's mystery meat running now.

robertito42 · 2018-01-02T14:14:16+00:00

It used to be the CPU was the lowest level of abstraction, now there are layers below it that we don't understand which almost certainly are being used to spy on us.

Palkonium · 2018-01-02T14:32:21+00:00

Explain this to me like I'm five

bopsbt · 2018-01-02T11:49:32+00:00

Any decent write ups that are not on Tumblr? (blocked at work)

chihuahua001 · 2018-01-02T16:26:43+00:00

How about Intel just admits that all of their products are backdoored out of the box?

x2571 · 2018-01-02T14:53:09+00:00

I'm reminded of this - https://danluu.com/cpu-bugs/

BloodyIron · 2018-01-02T18:11:32+00:00

X86_BUG_CPU_INSECURE

One would think they could name it better.

UnemployedMerchant · 2018-01-02T15:16:35+00:00

Is this a new way of telling next gen will have 40% of improvement. And not even any but ipc.Sneaky marketing, but we have learned from people like them, several times

Sandwich247 · 2018-01-02T12:04:38+00:00

Another one? Darn this sucks.

AlienOverlordXenu · 2018-01-02T23:44:09+00:00

And here are initial performance tests of said fixes: https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1

productionse · 2018-01-02T11:43:58+00:00

Call me paranoid, but this sounds like an NSA backdoor implementation.

Edit grammar

Wahrscheinlich · 2018-01-02T17:04:52+00:00

you guys are on /r/All

do I need to shit my pants? the only thing i'm an admin of besides my pc is my router

ErikTheEngineer · 2018-01-02T12:40:46+00:00

Wow, I thought the Achilles heel of public cloud was authentication (Azure AD, AWS IAM, etc.) I thought hackers would pound on the identity management stuff with all their weapons, or just wait for someone at Microsoft or Amazon to accidentally release the private keys on an unprotected storage account.

This sounds like it could affect basically anyone running a multitenant bit-barn. I'm assuming this affects VMWare and Hyper-V also?

moldyjellybean · 2018-01-02T14:49:03+00:00

My amd stock did go up 2.5% so far at open

bionic80 · 2018-01-03T00:58:58+00:00

I started a new job today - showed this thread to my boss (who IS former sysadmin) and he's already got 2 extra VM hosts on order for horizon... and he already asked me if I'd like more pay. It's a good day.

svsdvfds · 2018-01-02T23:18:12+00:00

My Pentium 1 is safe.

frankv1971 · 2018-01-02T15:32:39+00:00

Call me stupid but for private organisations that run no VMs other than their own this patch would not be needed (and the performance hit)?

VTCEngineers · 2018-01-02T16:19:00+00:00

I am assuming no CVE just yet...Or is there?

MrKaru · 2018-01-03T00:41:42+00:00

As a pure gamer, the refund window on my 6600k is coming to an end. I could return it by the 6th for a full refund. Is it worth doing that and getting a 1700x? It's hard to get info on this, and I understand that everybody is saying "We should wait and see", but with a time limit only a few days away, I don't want to jump ship if it's not needed or stick with it and get screwed.

Mr2-1782Man · 2018-01-03T03:34:48+00:00

I have an objection to the way the kernel devs are handling this. Seems like they're penalizing everyone for an Intel problem. The line

if (c->x86_vendor != X86_VENDOR_AMD)

is what prevents a CPU from being marked insecure. Even if you don't know coding you should see that this whitelists AMD instead of blacklisting Intel. The problems with this should be obvious. Instead of let's slightly rework the code to be more Intel-like

if (c->x86_vendor == GENUINE_INTEL)
  kill_performance();

glassuser · 2018-01-02T15:24:50+00:00

How much mass does a hardware bug have?

iamnos · 2018-01-03T00:00:49+00:00

At the end of November, the Intel CEO sold every stock he legally could and still remain CEO.

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

This is probably not long after Intel learned about the bug if you consider MS was working on a patch in November.

sysadmin

MODERATORS

WhatATimeToBeAlive

sysadmin

MODERATORS

WhatATimeToBeAlive

sysadmin

MODERATORS

Welcome to Reddit,

Want to add to the discussion?

WhatATimeToBeAlive

sysadmin

MODERATORS

Welcome to Reddit,

Want to add to the discussion?

WhatATimeToBeAlive