Announcement

Collapse
No announcement yet.

Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #1

    Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION

    Phoronix: Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION

    As a result of the AMD INCEPTION and Intel DOWNFALL speculative execution vulnerabilities published this Patch Tuesday, Linux 6.5 Git quickly picked up the patches on embargo expiration and now there are six new stable point releases for back-porting these CPU security vulnerabilites to the supported stable kernel series...

    Six New Stable Linux Kernel Updates For Intel DOWNFALL & AMD INCEPTION - Phoronix
    https://www.phoronix.com/news/New-Linux-Stable-Downfall
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Why GDS_FORCE_MITIGATION is "If in doubt, say N"?

    Comment

    • #3
      Originally posted by arekm View Post
      Why GDS_FORCE_MITIGATION is "If in doubt, say N"?
      The mitigation (Intel DOWNFALL: CVE-2022-40982) ​is quite bad for performance - and
      as no one will be responsible, the user should say he does not want the necessary mitigation
      which is necessary if one does not want to lose any control over ones data, security keys ...

      Normally, such CPUs should be swapped with correct ones by the company responsible
      for such severe faults - but it is the new correct to have really expensive CPUs only to
      be used in a secure way as paperweight.
      As Linus Torvalds put it:
      "Or is Intel basically saying "we are committed to selling you shit
      forever and ever, and never fixing anything"?"
      ​This was 01. Jan. 2018 - and it remains true ...

      I have two bricks myself killer by prior mitigations (Haswell the latet one) - so no longer on Intel.
      Lessons learnt ...
      • Likes 9

      Comment

      • #4
        Originally posted by JMB9 View Post

        The mitigation (Intel DOWNFALL: CVE-2022-40982) ​is quite bad for performance - and
        as no one will be responsible, the user should say he does not want the necessary mitigation
        which is necessary if one does not want to lose any control over ones data, security keys ...

        Normally, such CPUs should be swapped with correct ones by the company responsible
        for such severe faults - but it is the new correct to have really expensive CPUs only to
        be used in a secure way as paperweight.
        As Linus Torvalds put it:
        "Or is Intel basically saying "we are committed to selling you shit
        forever and ever, and never fixing anything"?"
        ​This was 01. Jan. 2018 - and it remains true ...

        I have two bricks myself killer by prior mitigations (Haswell the latet one) - so no longer on Intel.
        Lessons learnt ...
        You could choose not to download and run bad software you know. You don't have to pwn yourself, which is the only way these vulnerbilities affect you, unless you run a multiuser server. Could imagine Microsoft and Amazon being pissed though.
        • Likes 1

        Comment

        • #5
          ARM, RISC-V impacted?
          Developer of Ultracopier/CatchChallenger and CEO of Confiared
          • Likes 1

          Comment

          • #6
            Oh wow!
            Another vulnerability with a mitigation that drastically slows down your CPU?
            Oh man! But not all!
            If you buy now a new Intel™ 13th Generation Raptor Lake CPU, you are secure!
            (until we release the next generation and decide to release a vulnerability for that one)
            BUY your new CPU today!
            NO REFUNDS
            • Likes 11

            Comment

            • #7
              Originally posted by carewolf View Post

              You could choose not to download and run bad software you know. You don't have to pwn yourself, which is the only way these vulnerbilities affect you, unless you run a multiuser server. Could imagine Microsoft and Amazon being pissed though.
              Of course! "don't run bad software." A thing that is very easy for users to do and doesn't interfere with normal use of the computer at all.

              Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch
              https://techcrunch.com/2023/07/27/hackers-are-infecting-call-of-duty-players-with-a-self-spreading-malware/
              Activision said it brought the 2009-released game offline while it investigates "an issue."
              • Likes 2

              Comment

              • #8
                Originally posted by carewolf View Post

                You could choose not to download and run bad software you know. You don't have to pwn yourself, which is the only way these vulnerbilities affect you, unless you run a multiuser server. Could imagine Microsoft and Amazon being pissed though.
                [Q] What about web browsers?

                [A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.​

                from: https://downfall.page/
                • Likes 7

                Comment

                • #9
                  Originally posted by pomac View Post

                  [Q] What about web browsers?

                  [A] In theory, remotely exploiting this vulnerability from the web browser is possible. In practice, demonstrating successful attacks via web browsers requires additional research and engineering efforts.​

                  from: https://downfall.page/
                  But the solution is obvious, just don't visit any bad websites!
                  • Likes 2

                  Comment

                  • #10
                    The first thing I do on every fresh Linux install is to add mitigations=off to the Grub parameters.
                    • Likes 7

                    Comment

                    Previous 1 2 3 4 template Next
                    Working...
                    X