As with the Intel processor security hole. Errors are two, Meltdown and Specter

We have received information about the robust security flaw for Intel processors which should be bundled on the operating system side , with an impact on power. It has not yet been clear when the information embargo expires on the relevant information (for repairs, it has been working under the NDA for a longer period of time). Due to unofficial proliferation, it was apparently revealed that we now have official information that shows that the situation is ultimately even more complicated Ã.

So how does it look like? The stream of new information will probably be a direct cat, but the main one should be out there. Basically, it can be said that there is a safety risk in Intel processors. What we have provided for this age should be according to all of our time. Including the fact that the problem will be trapped in operating systems at the cost of power failure. Whichever racism lies above these bugs, there is a set of vulnerabilities that others have a different impact, and they will be solved by extravagance the CPU group, not just Intel. About this “second wave” in the previous news was not yet, it's news. Security analysts have been the “last man of the last years” – both of them have a problem. The first, specific for Intel, is called Meltdown, the second most common Specter problem. Both of these problems will also be heard under the general designation “side-channel attacks”

Protecting memories by speculative execution of the code

The basic operation of the > These errors are like that. The out-of-order processor performs due to the increased performance of times of speculation, for example if it encounters a condition (condition), it guesses which direction to go and one let's start counting ahead. Our error arises if it is a matter of determining whether or not the code should be from the given address, or not. The speller tunes the key so that the predictor chooses the one that is giving the access, as long as the predictor chooses the reason for missing the inappropriate

When the processor on the wrong the windfall will go away, the results will be discarded and will be reversed. Theoretically, then, all should be in order. In practice, however, in combination with the prefetch, the fact that the wrong fact actually inflicted the data is cached. And when it comes to managing the data correctly, it can find and save data. Unfortunately, it is not just the theoretical possibility that “the concept of protection” has already been published. Generally, these speculative attacks are likely to be a source of problems and future CPU architecture will likely have to cope with these threats

 Vulnerability could possibly go into the past to Pentium Pro in 1995
Vulnerability could possibly (theoretically) go back to Pentium Pro in 1995

Meltdown: Problem Intellectual Property Loss

In the case of Meltdown errors, this procedure is still usable for downloading data from nuclear storage, which is probably a worrying security issue © m. In fact, for this variety of problems, it was written that the repairs of the operating systems (reducing power), which are based on the isolation of the nuclear and the user's memory space, of which you could have spent the night. This fix degrades the performance of all system calls, as they double-out the TLB. The cost of operating a system call has increased approximately twice. You do not know this price in the files where the dominant GPU or CPU is still in storage. The slowdown is mainly due to I / O operations, especially for the recordings of the disc. The faster the payload is, the higher the cost of the system call can be reflected. The biggest impact will be on NVMe SSDs with high power, especially when accessing small 4K blocks

The impact is a little lesser on processors that support expanding PCID, which should be more modern CPUs (at least Sandy Bridge, notably Nehalem / Westmere), on the previous issues horš¡Ã. By the way, we have already said that the insider assembled the 17035 WIndows system already has repairs, but it seems they were not complete. For example, the impact of a measured example on this ComputerBase does not have to be definitive.

 meltdown-text Invalid users is that the Meltdown is only isolated on Intel's processors, it is based on the specific implementation and operation of its CPU. I only want Intel processors to use this lowering power (except for the old 45nm and 32nm Atoms of the in-order architecture). On AMD processors, according to Meltdown's current information, it can not be misused because of the architecture that does not carry out speculative access when it encounters nuclear addresses. (Never, never, never exists, there is, of course, a non-zero chance that another exploit will be found to produce a similar task.)

The ARM is somewhat conflicting, according to some Meltdown does not suffer, according to some possible yes. However, according to ARM, the investigators have failed to exploit the Meltdown, but the current CPU is likely to be able to (it seems that it is Cortex-A75, so even the Kryo based on it Snapdragon 845 ). Beware, you do not have to suffer from all the kernels and architectures (in-order jets like Cortex-A53, A7 and A5 might be compelled).

Updates (January 5, 2017):

It seems that Apple's ARM processors would make me think of Apple's army processors, to be affected by the Meltdown problem . (19459027)

 Phoronix test correction effect (more here): compilation of a trunk, compilation, on the contrary, x264 or FFmpeg (a hard-pacing CPU with low system volumes) did not slow down
The Phoronix test of Linux correction: Compiling the keyboard distinctly (19190191)

Meltdown bug fix should already be available for Windows, although you may have to wait a few moments before it pops up in Windows Update and as well, your antivirus must be compatible with the change (big time I d let's figure out early). Also, for macOS, the fix went up. For Linux, repair (â € œPTIâ € œ and â € œPTIâ €) starts in the 4.15rc6 (with an eventual back-up to all currently maintained older versions). The initial patch enabled it by AMD, but in version 4.15rc7 the AMD processor PTI will be turned off and their performance will not be impaired. The patch for the ARM processors exists, but we do not know whether they will be applied in the same way as Intel.

By the way, Meltdown's technical vulnerability label is CVE-2017-5754 (Rogue Data Cache Load) under these (19659020) Specter: Problems All (?)

Specter Errors (19659020) Specter Problems CVE-2017-5753 (Bounds Check Bypass) or Option 1 CVE-2017-5715 (Branch target injection), Option 2. Learn more about the use of side-channel inaccuracies on the road in which the speculative execution takes place. It's a point in the code where the program checks if it's possible to allow access to the other way around, that the speculative execution can get cached data ahead of the CPU he will have to forgive the request. Web describing bugs will tell you that exploiting threats between data between individual applications, so one process can be seen in the other. Nevertheless, the example on the Google blog indicates that it could again be exposed to nuclear storage, so it is not completely clear here.

Vulnerability is (best) at Intel

Specter is already being pulled apart from Intel and other CPU vendors , which has led to interpreters that vulnerability is all. The difference is certainly in the mood. Apart from the fact that Meltdown is just a problem with the Intel (at least now), it seems like the Specter's scholars have a bigger brain with the Intel. Google Blog introduces three different exploits. The first “Bounds Check Bypass” error, but it can only remember the same process without getting into the area with more privileges ( so the danger is limited). This is done in addition to Intel's AMD FX (Piledriver architecture) and API Bristol Ridge (Excavator) plus on Cortex-A57

 spectre-text Second exploit of the same error it can save any memory in the 4 GB range. This works on Intel, but it's done on the AMD Excavator, but under the conditions that the operating system has the BPF JIT option, which is not a default state. It seems that the scholars unfortunately did not test Ryzeny. The third exploit exploits Branch Target Injection errors, but it has also been confirmed by Intelech, and it has been directly tested on the tested AMD and ARM failures.


AMD A12-9800 ] The software fixes of these errors will become more complex because the kPTI patch, that is, the defense against Meltdown, the Specter error as such does not remove (so they should also be deployed only on the Intelech). However, Nicmena vs. Specter probably will be some defense on the side of the operating system. Intel says that upgrades to operating systems such as virtualization tools will be or are being implemented against variants 1 and 2. In case of Branch Target Injection, then an unspecified BIOS. AMD will also say that version 1 will be fixed on the OS side (the performance price may be “insignificant” – that's probably on the table, but it does not matter to Intel). For Option 2 AMD says that the risk is heavy (but probably not completely excluded) due to architectural differences. Software Defense is Not Changed, But It Can Be Applied

Update (January 5, 2017):

Variant 2 Specter Error (Branch Target Injection) Will Be Successful ena, among other updates of microcode processors, modifying the behavior of the prediction of winning. These updates seem to be available for both Intel and AMD processors. Problems may arise here because CPU manufacturers can only issue these updates for a new CPU and ignore the older ones. However, it can happen at production boards that may not be able to update the BIOS of their older boards, even if they were available for some CPU microcodes. As with both AMD and Intel, after these fixes there may be a drop in performance (Intel's over the rationale of what's causing the Meltdown bug patch), so there's another yesterday for the relevance of older performance tests. In 2018, the need will essentially be all the more, though until it is clear that everything that the repair needs is being repaired. The situation will probably stabilize for a longer period

By contrast, Option 1 Spectre (Bounds Check Bypass) seems to be the main problem for the programmer . Measures are software and security in components such as the javascript engine that runs the code from external and therefore unreliable sources. [19659005] These attacks are basically based on one of the basic features of Out-of-Order processors and minimally conceptually will probably be applicable to all the others Such as MIPS, Power (or x86 VIA processors) and so on. The only difference is that there was not enough time to hit them, so there's only talk about AMD, Intel and ARM. Abuse by specific exploits based on timing but nothing can depend on tuning the code, so some CPUs can now be labeled as safe, but the status of the To be insecure. Explains the current vulnerability of Intel is obviously a very aggressive approach to speculative action in the name of power, while other architectures are buzzing , or more cautious.

Software Repairs Spectre a Meltdown

Repairs are available except Linux as macOS (version 10.13.3). For Windows, here's the fix too, it should be about this update . Techniques of these errors can be misleading Javascript from a browser, so besides operating systems they are updated also by Internet Explorer and Edge, and Mozilla has a patch of repairs or maybe better Rescued counterparts. Because it is a “attacking attack”, one of them will be the reduction of the time difference of different functions in the view of the 20th (the same measures will be taken by the Microsoft surveyors) . This will significantly complicate the abuse that you have exposed on web sites

The following links to the various materials that were being published:

  • Web errors Meltdown a Spectre
  • Refer to Error Meltdown
  • Refer to Error Spectre
  • Publishing and describing exploits on the blog Google Project Zero
  • More information on Google for individual vulnerabilities
  • Explained Intel (19659042)
  • Detailed Whitepaper Intelu (PDF)
  • Vyjaddám AMD
  • Vyjáddá
  • Updates for Windows
  • Information for Internet explorer a Edge
  • [en]
  • Extensions for ARM
  • Google Toolkit (Android, Chrome, …) [19659050] Firefox Information
  • Windows PowerShell Proofing Condition Fault Update Meltdown a Specter Option 2

Fault Information

Intel In Their Review The problem with these problems has been emphasized by the fact that mistakes affect the others, but they can be started because, as it has been, the Meltdown Standing Power Fault is insulated at its processors. After his review, it was firstly thought that the competitors were at the same time, and it was not true that AMD processors are in the pipeline. This discrepancy can be explained by the fact that Intel did not speculate Spectre a Meltdown in the print engine, which may have misinterpreted the importance of the second mistaken change and that the firewall differed from the competition. AMD has responded quickly to more of its own proprietary browsing where it has repeatedly failed Intel processor failures, but it has been attributed to a few vulnerabilities in Specter