Announcement

Collapse
No announcement yet.

Benchmarking The Updated Intel CPU Microcode For SRBDS / CrossTalk Mitigation

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #21
    Originally posted by blueweb View Post
    For entertainment of the times, the prematurely named specter-meltdown-checker is great fun: https://github.com/speed47/spectre-meltdown-checker
    Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD

    they are reaching the limits of github subtitle size right there.
    • Likes 3

    Comment

    • #22
      Originally posted by angrypie View Post

      Or ZDU: zero-day unit. Given the two-year embargo I wonder what kind of bugs they're still hiding from the public.
      Since the opspace is unlimited I can pretty much guarantee really interesting fuzzed opspace bugs.
      I suspect some really interesting "knocking" instructions aswell.

      DEF CON 25 - Christopher Domas - Breaking the x86 Instruction Set
      https://www.youtube.com/watch?v=ajccZ7LdvoQ
      A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this ...
      • Likes 1

      Comment

      • #23
        About I year ago I attended a lecture about Intel's HT vulnerabilities. At the very end, the presenter showed us a block scheme of a Skylake chip, pointed his laser pointer at the L1 cache and write buffer units and said: „So, today we covered these two. And now look how many other subunits there are left...“. Boy, was he right...
        • Likes 2

        Comment

        • #24
          I'm somewhat curious as to how this will affect multiprocessing with many different apps. The mitigation description says it halts all L1 synchronization, so that should severely affect OTHER apps/containers/vm's running on the same hardware.

          Comment

          • #25
            Originally posted by milkylainen View Post

            Since the opspace is unlimited I can pretty much guarantee really interesting fuzzed opspace bugs.
            I suspect some really interesting "knocking" instructions aswell.

            https://www.youtube.com/watch?v=ajccZ7LdvoQ
            The thing I hate the most about this: there are critical systems built on this garbage. We're literally an opcode away from getting pwned.
            • Likes 2

            Comment

            Previous 1 2 3 template Next
            Working...
            X