walking dead, It's here with intel! (zombieload)

If it doesn't relate to Debian, but you still want to share it, please do it here

walking dead, It's here with intel! (zombieload)

Postby bester69 » 2019-05-17 17:58

https://www.zdnet.com/article/linux-vs-zombieload/
:mrgreen:

Zombieload, the exploit, has three unique attack paths that could allow an attacker to execute a side-channel attack to bypass protections to read memory. The four Common Vulnerability and Exposures (CVEs) for this issue are:

CVE-2018-12126 is a flaw that could lead to information disclosure from the processor store buffer.
CVE-2018-12127 is an exploit of the microprocessor load operations that can provide data to an attacker about CPU registers and operations in the CPU pipeline.
CVE-2018-12130 is the most serious of the three issues, involved the implementation of the microprocessor fill buffers, and can expose data within that buffer.
CVE-2019-11091 is a flaw in the implementation of the "fill buffer," a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache.



heheh I wont upgrade kernel anymore!!, With all of theses fixes, I think Intel CPU must be losing around 15% of performance by now.. disaster!! :?

spectre-meltdown-checker
Image
bester69 wrote:You wont change my mind when I know Im right, Im not an ...
User avatar
bester69
 
Posts: 1494
Joined: 2015-04-02 13:15

Re: walking dead, It's here with intel! (zombieload)

Postby Wheelerof4te » 2019-05-17 18:36

Right? The latter seasons are lame anyway. Why bother with it?

Code: Select all
cat  /sys/devices/system/cpu/vulnerabilities/*
Mitigation: PTE Inversion
Mitigation: Clear CPU buffers; SMT vulnerable
Mitigation: PTI
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling

Code: Select all
uname -a
Linux debian 4.19.0-5-amd64 #1 SMP Debian 4.19.37-3 (2019-05-15) x86_64 GNU/Linux


New kernel upgrade landed in Buster :mrgreen:
Wheelerof4te
 
Posts: 1423
Joined: 2015-08-30 20:14

Re: walking dead, It's here with intel! (zombieload)

Postby Head_on_a_Stick » 2019-05-17 19:35

Code: Select all
empty@ryzen:/sys/devices/system/cpu/vulnerabilities $ grep -R .
spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
mds:Not affected
l1tf:Not affected
spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1:Mitigation: __user pointer sanitization
meltdown:Not affected
empty@ryzen:/sys/devices/system/cpu/vulnerabilities $

:)

@OP: https://make-linux-fast-again.com/
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10613
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: walking dead, It's here with intel! (zombieload)

Postby stevepusser » 2019-05-17 21:15

The Stretch and Buster kernels already have the mitigations, as well as intel-microcode in each.

The spectre-meltdown-checker 0.41 in Sid will look for the new problems, but needs a patch to stop giving false positives for AMD CPU's, though. I haven't seen any noticable slowdowns with the new kernels and microcode.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Clipgrab 3.8.6, Hedgewars 1.0.0, PulseEffects 4.6.8, Telegram-desktop 1.8.15, Pale Moon 28.7.2, KeepassXC 2.5.1
User avatar
stevepusser
 
Posts: 11256
Joined: 2009-10-06 05:53

Re: walking dead, It's here with intel! (zombieload)

Postby Deb-fan » 2019-08-31 04:41

Thanks HOAS for posting a link to all those kernel parameters in one place. Have tried adding some of them to /etc/default/grub still feel like I'm missing something as regards them, proper use, shrugs. Actually went to the extent of compiling some of them out of the kernel I'm using. Even if someone disables whichever mitigations they want, still has to somewhat bloat up the kernel. Hundreds of thousands of lines of code constantly being added. Not that, that's all side channel related or even really must add much extra memory overhead or boot time. Guess I'm overly anal about it. Want my kernel lean n mean as possible.

Mentioned elsewhere for desktop nixers I don't really think all this Intel madness is all that serious. Just one more tech hazard. Same time does warrant some concern and likely in future will opt for AMD, unless can get a great deal on whatever Intel.
Deb-fan
 
Posts: 445
Joined: 2012-08-14 12:27


Return to Offtopic

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable