Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Intel vulnerabilities discovered
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Intel vulnerabilities discovered
Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://www.phoronix.com/scan.php?page= ... l-gen7-hit
FFS...
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://www.phoronix.com/scan.php?page= ... l-gen7-hit
FFS...
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
Last edited by Head_on_a_Stick on 2020-01-30 14:25, edited 1 time in total.
deadbang
-
- Posts: 195
- Joined: 2019-03-12 23:26
Re: Intel's performance nerfed again
I saw that. Disappointing is probably the best I can say. So far AMD has fared better, but what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?Head_on_a_Stick wrote:Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://www.phoronix.com/scan.php?page= ... l-gen7-hit
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel's performance nerfed again
Well I'm no expert on the subject but the kernel developers seem to think AMD is a better option. From my (2nd generation) Ryzen laptop:neuraleskimo wrote:what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?
Code: Select all
empty@E485:~ $ grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
empty@E485:~ $
Probably still worth disabling SMT for security-critical systems though, even for AMD. That's what OpenBSD does.
deadbang
-
- Posts: 195
- Joined: 2019-03-12 23:26
Re: Intel's performance nerfed again
Maybe, but I still put some stock on your opinions.Head_on_a_Stick wrote:Well I'm no expert on the subject...
Agreed and good point. Plus for math-heavy code, disabling SMT can (and usually will) increase throughput (which is why I disable SMT).Head_on_a_Stick wrote:Probably still worth disabling SMT for security-critical systems though, even for AMD. That's what OpenBSD does.
-
- Global Moderator
- Posts: 2679
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 196 times
Re: Intel's performance nerfed again
Code: Select all
~# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel's performance nerfed again
https://cacheoutattack.com/
If I made a new thread for each new vulnerability the forums would be full of them so I'll just start appending them here...
If I made a new thread for each new vulnerability the forums would be full of them so I'll just start appending them here...
deadbang
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME):
http://blog.ptsecurity.com/2020/03/inte ... trust.html
^ That name of the CVE shows that Intel have known about this since last year...
Debian bug tracker: https://security-tracker.debian.org/tra ... -2019-0090
No mitigations yet.
http://blog.ptsecurity.com/2020/03/inte ... trust.html
CVE-2019-0090The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.
^ That name of the CVE shows that Intel have known about this since last year...
Debian bug tracker: https://security-tracker.debian.org/tra ... -2019-0090
No mitigations yet.
deadbang
- Hallvor
- Global Moderator
- Posts: 2041
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 149 times
- Been thanked: 212 times
Re: Intel vulnerabilities discovered
Not good, but doesn't it require physical access?
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
That's right, yes.Hallvor wrote:doesn't it require physical access?
deadbang
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
Load Value Injection
More side-channel madness from everybody's favourite crappy CPU manufacturer, yay!
https://software.intel.com/security-sof ... -injection
https://cve.mitre.org/cgi-bin/cvename.c ... -2020-0551
Intel users should brace themselves for a substantial and significant performance hit once the new mitigations (not fixes) are rolled out.
More side-channel madness from everybody's favourite crappy CPU manufacturer, yay!
https://software.intel.com/security-sof ... -injection
https://cve.mitre.org/cgi-bin/cvename.c ... -2020-0551
Intel users should brace themselves for a substantial and significant performance hit once the new mitigations (not fixes) are rolled out.
deadbang
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
V0LTpwn: Attacking x86 Processor Integrity from Software
The exploit leverages Intel's so-called software guard extensions (SGX) and undervolting to change the results of computations and so allow remote code execution.
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-11157
Intel's advisory: https://www.intel.com/content/www/us/en ... 00289.html
The exploit leverages Intel's so-called software guard extensions (SGX) and undervolting to change the results of computations and so allow remote code execution.
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-11157
Intel's advisory: https://www.intel.com/content/www/us/en ... 00289.html
deadbang
-
- Posts: 932
- Joined: 2020-05-03 14:16
- Has thanked: 7 times
- Been thanked: 65 times
Re: Intel vulnerabilities discovered
I'm not an Intel/AMD fan - in fact, if it would be up to Me, I would forbid to use x86 opcodes at all - this architecture is flawed since the very beginning -> but, to be honest, the bugs mentioned here are nothing but bullshits -> the attacks are possible only if You have a Root privileges -> so You can do just *everything*, no matter if there are some CPU vulnerabilities or not..
Of course, such security holes are important to know, but with all the respect to You, HOAS, they are not going to be exploitable under normal conditions ...
(sorry, but I'm trying to be objective: both AMD and Intel sucks in the same way/on the same level... - and I've just bought the another Ryzen 3700X , knowing all of this... )
EDIT:
I've realised, that My last sentence can be considered as an advertisement - it's not -> Ryzens have their own problems, although it may seem not so obvious...
Of course, such security holes are important to know, but with all the respect to You, HOAS, they are not going to be exploitable under normal conditions ...
(sorry, but I'm trying to be objective: both AMD and Intel sucks in the same way/on the same level... - and I've just bought the another Ryzen 3700X , knowing all of this... )
EDIT:
I've realised, that My last sentence can be considered as an advertisement - it's not -> Ryzens have their own problems, although it may seem not so obvious...
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
The_full_story and Nothing_have_changed
Re: Intel vulnerabilities discovered
Don't like Intel or Amd ? So basically you don't approve of systems with a cpu then? Lol ... Kidding but not like there are very many options. Long been very vocal about thinking the side channel issues are way over blown. Just in my view they are only more YAT's ... (Yet another threat's.) With plenty others of far greater concern to computer users. Especially for personal computers/users. In context of commercial/production tech(depending), would consider them more of a potential threat. In some Enterprise tech scenarios, mitigation would have to be mandatory.
Have also expressed an interest in pinning or rolling back microcode to avoid performance impacts brought by the mitigations or attempted fixes. Anyone doing such? Personally have been custom compiling kernels for several years, I compile out support for many of these side channel deals on my personal computers.
PS, most dire threat faced by computers everywhere, the USERS, pebcak incidents, ... It's a particularly hard threat to mitigate too.
Have also expressed an interest in pinning or rolling back microcode to avoid performance impacts brought by the mitigations or attempted fixes. Anyone doing such? Personally have been custom compiling kernels for several years, I compile out support for many of these side channel deals on my personal computers.
PS, most dire threat faced by computers everywhere, the USERS, pebcak incidents, ... It's a particularly hard threat to mitigate too.
Most powerful FREE tech-support tool on the planet * HERE. *
-
- Posts: 1
- Joined: 2020-07-27 15:28
Re: Intel vulnerabilities discovered
what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?Head_on_a_Stick wrote:Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://cuteplushies.net/
FFS...
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
johnbeck7799 wrote:what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?
Code: Select all
puffy:~$ sysctl -n hw.model
AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx
puffy:~$
deadbang
Re: Intel vulnerabilities discovered
Unless you buy a MacBook now apparently... or ChromeBook for that matter...Deb-fan wrote:Don't like Intel or Amd ? So basically you don't approve of systems with a cpu then? Lol ...
Even though AMD has undiscovered bugs - like anyone else - they have been upping their game a lot in other areas too. Performance benchmarks, power consumption, price and so on. So they are more and more interesting of a contender AFAICS. Even Linus switched to AMD this year.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Intel vulnerabilities discovered
There are a few ARM64 laptops around now, I like the Samsung Galaxy Book S but it's rather pricey. And don't forget the PineBook (Pro)pylkko wrote:Unless you buy a MacBook now apparently... or ChromeBook for that matter...
deadbang
-
- Posts: 102
- Joined: 2019-08-02 04:28
Re: Intel vulnerabilities discovered
They probably have their own issues that haven't been found or released yet. IIRC they had an issue a year or so ago regarding the way preemptive multitasking is handled on Ryzen, but that didn't stop me from getting a 3800X setup to replace the Intel that died last December.johnbeck7799 wrote:what is your opinion of whether AMD is really doing better security or simply has other yet to be discovered bugs?Head_on_a_Stick wrote:Yet more evidence that Intel are a bunch of clueless clowns: https://www.intel.com/content/www/us/en ... 00314.html
And Phoronix have noted a 58% performance hit for the Haswell generation when the patches are applied:
https://cuteplushies.net/
FFS...
Security tracker: https://security-tracker.debian.org/tra ... 2019-14615
-
- Posts: 102
- Joined: 2019-08-02 04:28
Re: Intel vulnerabilities discovered
It'll be a while though before apps are ported to ARM. Faster maybe now that Apple is forcing the issue, but still quite a while.Head_on_a_Stick wrote:There are a few ARM64 laptops around now, I like the Samsung Galaxy Book S but it's rather pricey. And don't forget the PineBook (Pro)pylkko wrote:Unless you buy a MacBook now apparently... or ChromeBook for that matter...