Debian User Forums

[Head_on_a_Stick]

https://lore.kernel.org/lkml/2019051418 ... kroah.com/

I'm never buying anything with an Intel CPU ever again.

RISC-V ftw!

[neuraleskimo]

https://lore.kernel.org/lkml/20190514180424.GA11131@kroah.com/

I'm never buying anything with an Intel CPU ever again.

RISC-V ftw!

+1 (or maybe *10)

[CwF]

Good, hope xeons lose value so I can buy more. I already disable HT for other reasons.

[neuraleskimo]

I have to admit that I was surprised and excited to see AWS release ARM and AMD instances. I am hoping they can influence the CPU market in favor of ARM and AMD. By the way, as a bit of trivia, AWS operates at a scale where they get custom CPUs from Intel. I suspect the AMD instances caused a bit of discomfort inside Intel.

[Head_on_a_Stick]

The vulnerability has a trendy name now: zombieload

I already disable HT for other reasons.

That will not protect you against this specific problem but it will probably help defend against so-far undiscovered holes.

OpenBSD disables SMT by default but Linux prefers to ignore the potential risks because Intel are a Platinum member of the Linux Foundation and they don't want to be made to look any more incompetent.

The fixes have already been added to the intel-microcode packages for stretch & sid but not buster or jessie so users of those branches should install the intel-microcode .debs from sid.

And any Arch users reading this should add the intel-ucode package from [Testing] because the version in [Extra] is vulnerable.

[dotlj]

https://www.schneier.com/blog/archives/2019/05/another_intel_c.html

Bruce Schneier suggested this at the beginning of 2018 and now he is predicting still more vulnerabilities to come.

[Head_on_a_Stick]

Bruce Schneier suggested this at the beginning of 2018

Theo deRaadt suggested this back in 2007:

https://marc.info/?l=openbsd-misc&m=118296441702631

And he also predicted *many* more of these types of vulnerability last year:

https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

And yet the Linux kernel developers still have SMT enabled by default but I suppose Intel are giving them lots of money so...

[GarryRicketson]

What , Me worry ? I have clamav, so my system is safe

[sickpig]

congratulations what a valuable input ur post added

[eor2004]

via Imgflip Meme Generator

[eor2004]

via Imgflip Meme Generator

[dotlj]

https://www.amd.com/en/corporate/product-security#Current-Security-Updates

5/14/19

At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.

For more information, see our new whitepaper, titled “Speculation Behavior in AMD Micro-Architectures.”

11/13/18

AMD is aware of the latest research published claiming new speculative execution attacks. AMD believes it is not vulnerable to some of these attacks because of the hardware paging architecture protections in AMD devices and, for those that are not solved by our paging architecture protections, the mitigation is to implement our existing recommendations.

Specific recommendations by published description:

New Variants of Spectre v1 – AMD recommends implementing existing mitigations

Pattern History Table - Cross Address - Out of Place (PHT-CA-OP)
Pattern History Table - Cross Address - In Place (PHT-CA-IP)
Pattern History Table - Same Address - Out of Place (PHT-SA-OP)

New Variants of Spectre v2 – AMD recommends implementing existing mitigations

Branch Target Buffer - Same Address - In Place (BTB-SA-IP)
Branch Target Buffer - Same Address - Out of Place (BTB-SA-OP)

New Variant of Meltdown

Meltdown-BK – AMD believes this does not affect its platforms because AMD does not have this feature in its products

New Variant of Spectre v1 – referred by researchers as a Meltdown variant

Meltdown-BD – AMD believes 32-bit systems using the BOUND instruction may be impacted and recommends implementing existing mitigations for Spectre v1 for such systems.

11/27/18

AMD does not believe the PortSmash issue (https://seclists.org/oss-sec/2018/q4/123) is related to previously found speculative execution issues like Spectre. Instead, AMD believes the issues are related to any processor that uses simultaneous multithreading (SMT), including those from AMD, that is vulnerable to software that exposes the activity of one process to another running on the same processor. We believe this issue can be mitigated in software by using side-channel counter measures. For example, OpenSSL, which was used in the researcher’s proof of concept, has already been updated to address this type of attack.