Originally posted by boxie
View Post
Announcement
Collapse
No announcement yet.
Intel's Linux Graphics Driver Gets Patched For A Gen9 Graphics Vulnerability
Collapse
X
-
Last edited by saski; 15 January 2020, 03:02 AM.
-
Originally posted by boxie View Post
well if it can be exploited via a web browser you might just need to have it enabled all the time.
come to think of it, it probably has a hit on energy usage as well.
I have no doubt that someone specifically targeting me and knowing what they're doing can probably compromise me and my data, but automated/bot attempts often performed by script kiddies(in the sense the attacker is often from a community as a leech, using the work of others rather than tailoring the code themselves and actually understanding it properly).. they're generally after whatever easy wins with low hanging fruit can be had.
For my personal systems, I'm not too bothered.
- Likes 1
Comment
-
Originally posted by saski View Post
Expensive is one way to put it. With the patch enabled my Laptop consumes considerably more power (1.5-2 Watts average) on light tasks like vaapi decoding or webbrowsing resulting in ~25% less battery life. Powertop shows RC6 is reached for the GPU but deeper package states are far less than before. The worst thing is that there is NO WAY to switch this patch off! Gonna Stick with 5.3 Kernel until I find an good AMD laptop.
I just got a new Intel laptop for the power saving advantage it has over AMD(80% less or more, bit better with 5.5 kernel and PSR support I imagine), although now AMD Renoir 4000 series seems like it might further surpass this weakness AMD has had with laptops, ugh.
Comment
-
Originally posted by polarathene View Post
What CPU are you using? If this is only mitigated via kernel, then for those that are ok with custom kernels, I guess this would be a useful patch to have(that removes the mitigation).
I just got a new Intel laptop for the power saving advantage it has over AMD(80% less or more, bit better with 5.5 kernel and PSR support I imagine), although now AMD Renoir 4000 series seems like it might further surpass this weakness AMD has had with laptops, ugh.
- Likes 1
Comment
-
I'm getting a *little* bit irritated right now. In the last few weeks, Intel has...
a) broken RC6 power management with a hastily rolled out security fix (and there is STILL no proper fix for the regression),
b) introduced random hangs in the driver, and apparently everyone on newer hardware is affected (only with different likelihood to encounter hangs)
c) and now has done yet another hastily implemented security fix with unknown performance, power management and stability implications
At this point I'm not going to recommend Intel notebooks anymore and nobody in their right mind should do so either.
- Likes 1
Comment
-
Originally posted by polarathene View Post
I don't know specifics of the attack, but the likelihood of a web browser exploiting it and being able to retrieve any data is unlikely afaik, and that's assuming they could reliably get data via the attack in the first place. Some of these local exploits afaik need to be handled in a more manual/sequential manner under certain controlled conditions and sift through noise. Generally, the browser exploit would be initiated by JS and for it to send data to another domain has to bypass some default security polices in place now, unless they own the actual domain/server or have a way to store the data there for retrieval. The other likely avenue is browser extensions I guess? Of which I'm more careful/conservative in using.
I have no doubt that someone specifically targeting me and knowing what they're doing can probably compromise me and my data, but automated/bot attempts often performed by script kiddies(in the sense the attacker is often from a community as a leech, using the work of others rather than tailoring the code themselves and actually understanding it properly).. they're generally after whatever easy wins with low hanging fruit can be had.
For my personal systems, I'm not too bothered.
I too do not know the details of the exploit, my thoughts are based that web browsers have a lot of control over how things are rendered. if it can be exploited then that's the vector of least resistance.
- Likes 1
Comment
-
Originally posted by saski View Post
Expensive is one way to put it. With the patch enabled my Laptop consumes considerably more power (1.5-2 Watts average) on light tasks like vaapi decoding or webbrowsing resulting in ~25% less battery life. Powertop shows RC6 is reached for the GPU but deeper package states are far less than before. The worst thing is that there is NO WAY to switch this patch off! Gonna Stick with 5.3 Kernel until I find an good AMD laptop.
Comment
-
Originally posted by boxie View Post
It is good that you have considered your threat model.
I too do not know the details of the exploit, my thoughts are based that web browsers have a lot of control over how things are rendered. if it can be exploited then that's the vector of least resistance.
- Likes 1
Comment
-
Originally posted by brent View Posta) broken RC6 power management with a hastily rolled out security fix (and there is STILL no proper fix for the regression),
b) introduced random hangs in the driver, and apparently everyone on newer hardware is affected (only with different likelihood to encounter hangs)
c) and now has done yet another hastily implemented security fix with unknown performance, power management and stability implications
Comment
Comment