Intel security flaw

Message boards : Number crunching : Intel security flaw
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 4 · 5 · 6 · 7

AuthorMessage
Profile ML1
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 9417
Credit: 7,316,203
RAC: 976
United Kingdom
Message 1918332 - Posted: 11 Feb 2018, 21:05:08 UTC
Last modified: 11 Feb 2018, 21:28:30 UTC

And as for a little more of the detail of what part of the Intel flaw(s?) it is that has caused such a (IT/Cloud) world tizzy these past few weeks, see this beautifully clear description:


Comment: On Understanding Spectre Meltdown CPU Vulnerabilities

... the CPU thinks that both indirect jumps look alike and starts speculatively executing at the usual address where the attacker code jumps...

... but until then speculative execution has executed pieces of code of the attacker's choosing. Code that would never be executed under normal circumstances...

... the CPU confuses them both (in the PDF's slide: ...because the CPU only stores the lower 3 nibbles "0x000" and they are exactly the same)...



My reading is that for the Spectre vulnerability, Intel CPUs are vulnerable due to the Intel design/circuitry incompletely testing a cache address. IIRC, that then allows an exploit to be consistently contrived, as demonstrated by a Google example.

In contrast, AMD is very much less vulnerable to Spectre due to (IIRC) hashing of ALL the address bits to determine a cache hit. IIRC, the hashing in effect randomizes the addresses to greatly complicate any exploitation for the AMD CPUs.

For the Meltdown vulnerability, IIRC, this is far more serious in that all privilege checks/restrictions effectively 'melt away' so that any/all memory locations can be read completely unrestricted, by any software. My understanding is that is unique to Intel's implementation/design.


All still a very big OUCH!

And this looks set to roll on for some time yet... :-(


IT is what we allow it to be,
Martin

IIRC: If I (personally) Read Correctly (and all just my own personal most humble opinion). Find out for yourself!
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1918332 · Report as offensive
Previous · 1 . . . 4 · 5 · 6 · 7

Message boards : Number crunching : Intel security flaw


 
©2018 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.