Announcement

Collapse
No announcement yet.

Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

    Phoronix: Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

    We're finally getting actual technical details on the CPU vulnerability leading to the recent race around (K)PTI that when corrected may lead to slower performance in certain situations. Google has revealed they uncovered the issue last year and have now provided some technical bits...

    http://www.phoronix.com/scan.php?pag...CPU-Disclosure

  • #2
    so... either amd or google is lying...
    in this case i prefer to believe amd
    edit: there is a third option. that the only amd processors affected are the arm ones (opteron a1100)
    Last edited by davidbepo; 03 January 2018, 06:46 PM.

    Comment


    • #3
      This is a good reason to push for more open CPUs. CPUs of today are becoming exceedingly complex in features and keeping them black-boxed will result in more of these. That's not to mention intentional spyware like intel ME and AMD PSP.

      Comment


      • #4
        Google reports that this vulnerability not only affects Intel CPUs but also AMD and ARM...
        That's for Spectre only.

        Comment


        • #5
          We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation.
          So, shutup-rule break known as NDA comes week earlier
          Last edited by dungeon; 03 January 2018, 07:05 PM.

          Comment


          • #6
            Looks like there are two Vulnerabilities, but only Meltdown(Intel only) allows access to system memory. Spector just looks like it allows applications to access other application memory, and should be fixed by individual apps.

            Edit: Actually it looks like Zen is not affected by any of them.

            https://googleprojectzero.blogspot.com/
            Last edited by ramrod; 03 January 2018, 07:12 PM.

            Comment


            • #7
              Yeah, this needs to be quoted:
              Which systems are affected by Meltdown?


              Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
              Which systems are affected by Spectre?


              Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
              Question is: does our PTI protect only from Meltdown, but not Spectre or both? Spectre sounds like separate issue really, which goes potentionaly & countinuosly further beyond in future
              Last edited by dungeon; 03 January 2018, 07:24 PM.

              Comment


              • #8
                Originally posted by dungeon View Post
                So, shutup-rule break known as NDA comes week earlier
                Google is big enough to be believable (and not be a target) if they claim they discovered the bug with their own security teams, X time earlier.

                Comment


                • #9
                  Originally posted by dungeon View Post
                  Yeah, this needs to be quoted:




                  Question is: does our PTI protect only from Meltdown, but not Spectre or both?
                  Looks like it's just for meltfown. Spectre needs to be fixed by applications.

                  Comment


                  • #10
                    I guess Meltdown does not work on AMD as far as i undestand the paper, at least they didn´t managed to succeed with the attack on AMD and ARM hardware, which does not mean it´s impossible.
                    The CPUs tested are NOT based on the ZEN architecture, whether ZEN is vulnerable is to be seen, i guess it´s not as the speculative execution unit is completly different from the intel ones and they probably did not manage to implement the exact same racecondition problem in it.

                    Comment

                    Working...
                    X