Intel bug incoming? Meltdown and Spectre exploits

[Killer7xx]

Just saw an article - mobile phones vunerable too http://www.independent.co.uk/life-s...artphone-cyber-security-hacking-a8141746.html

My phone is Kirin 955 CPU (ARMv8-A instruction set) - unlikley to get an update - is my phone now basicaly junk?

Your phone uses ARM so it should only be affected by spectre which can be patched on an app by app basis, it will most likely be okay with updated apps.

 

[AmateurExpert]

This raises a couple of questions:

1. What Anti-virus products will work correctly following Microsoft's "fix".
2. What "unsupported calls into Windows kernel memory" have these programs been making and why? Have they known about this bug for longer than Google?

1. Microsoft's patch won't be applied unless the AV used is compatible.
2. This sort of thing has been done by various applications for decades on lots of different platforms; essentially, programs ought to use APIs to access functions provided by the operating system, but sometimes a developer chooses not to do so either because the API doesn't exist, or they want to bypass some restriction imposed by it (which could be functional or performance related). I'd expect lots of AV programs to skirt this grey area because of their nature.

 

[kitfit1]

It would be good is someone can find (or do) some benchmarks on AMD processors after the Windows patch. We know that an 'unpatch' was applied to Linux to exempt them from the workaround. But I don't think we've had confirmation that MS didn't apply the original patch to simply workaround all CPU's regardless of vendor?

As it happens i did a Cinebench run last night and then downloaded and installed the Microsoft patch tonight. As you can see it made no difference at all.

 

[AmateurExpert]

Just saw an article - mobile phones vunerable too http://www.independent.co.uk/life-s...artphone-cyber-security-hacking-a8141746.html

My phone is Kirin 955 CPU (ARMv8-A instruction set) - unlikley to get an update - is my phone now basicaly junk?

The author of that article may have been bamboozled by Intel's PR statement - not sure if they are aware of the following:
- There are two separate vulnerabilities - Meltdown and Spectre
- The "Intel chip flaw" has nothing to do with millions of Android devices, as they don't have Intel x86 CPUs (yes, there are some x86 tablets, but they are a tiny minority).
- Only Arm's Cortex A75 is subject to Meltdown, and many Android devices use other variants.

Spectre is the main issue for most Android devices though, and this is also addressed through software updates - so the article is correct in this statement: "a significant proportion of Android smartphones and tablets made by the likes of Samsung and LG are – and will always be – stuck on older, unsupported versions of the operating system, and could therefore remain at risk". However, there are already many other vulnerabilities that require software updates to be applied, and this risk is an old point of contention!

 

[gavinh87]

As it happens i did a Cinebench run last night and then downloaded and installed the Microsoft patch tonight. As you can see it made no difference at all.

Show us that single core speed

 

[kitfit1]

Show us that single core speed

Why, you know it's going to be crap anyway. It was 157 last night....................happy now ?

 

[SiDeards73]

Why, you know it's going to be **** anyway. It was 157 last night....................happy now ?

Funnily enough mines just slightly faster than the 4.3ghz 4770k I replaced.. so I gained slightly in single threaded and absolutely smashed it in Multithreaded

Ignore Gavin he's just trolling you

 

[Supernova]

Am I right in saying the Qualcomm Snapdragon 615 CPU in my phone which is an ARM Cortex A53 won't be affected?

I think I read in one of the many links within this thread that just one ARM CPU is affected.

 

[drunkenmaster]

The numbers I first saw were those ones that show a consistent 5% drop in game performance, however it's on an older cpu. THough considering the number of people on older Intel hardware then that's still a fairly hefty hit to a lot of gamers. Will be interesting to see 5820k numbers seeing as that's what I have.

Am I right in saying the Qualcomm Snapdragon 615 CPU in my phone which is an ARM Cortex A53 won't be affected?

I think I read in one of the many links within this thread that just one ARM CPU is affected.

https://developer.arm.com/support/security-update

A53 not affected, their midrange type chips are aimed at efficiency and are all(I believe) in order cores and it's out of order execution and the associated branch prediction causing all the problems. It's basically all of their out of order cores that are vulnerable to spectre but only their most recent core is fully vulnerable to meltdown, though two other cores apparently are vulnerable to a specific type of variant 3 attack they are calling variant 3a.

Assuming their next core builds upon the A75 then I can certainly see issues in the near future with next gen phones being delayed/using different chips, which would basically just make them refreshes of existing phones.

 

[Cromulent]

People are talking about maybe getting a refund for Intel CPUs under UK consumer laws regarding defective or faulty goods. The consumer protection lasts for 6 years from the date of purchase. Will be interesting to see if this actually happens.

What are peoples thoughts on this? More to the point has OCUK considered this?

 

[Steampunk]

It's definitely a design defect, but I'm sure Intel will claim that's not a manufacturing defect. The chips have been manufactured exactly as intended. That kind of thing always seems to gain more traction in the States than over here (just look at the VAG settlements).

 

[AndreiD]

Probably the only ones who are entitled to take action against Intel are a few data centers since performance in some data center specific applications is indeed lower, but the average person on this forum probably doesn't have any grounds for it. The kernel patches should mitigate meltdown, and supposedly further firmware/kernel updates will mitigate the other 2 variants (which apparent affect all known CPUs).

 

[Nasher]

I'm not going to bother installing the "fix". The chances someone is going to use it to hack my gaming machine is pretty remote.

 

[AndreiD]

The fix has negligible performance impact on Intel and AMD isn't affected at all, not sure why you wouldn't install it. Better safe than sorry since it's a pretty big security issue.

 

[Supernova]

I'm not going to bother installing the "fix". The chances someone is going to use it to hack my gaming machine is pretty remote.

"I can't believe it happened to me of all people!"

 

[kitfit1]

I'm not going to bother installing the "fix". The chances someone is going to use it to hack my gaming machine is pretty remote.

Running Win10 are you ? then you won't have any choice. To be honest you would be a complete **** not to install it.

 

[shankly1985]

Am not getting the new update ? Windows says am up todate.
This was released yesterday
https://support.microsoft.com/en-us...459594)(nOD_rLJHOac-qX3hWuMjErNwzNJATDKqHA)()

 

[AmateurExpert]

I'm not going to bother installing the "fix". The chances someone is going to use it to hack my gaming machine is pretty remote.

Indeed, ignorance is bliss!

 

[AndreiD]

@shankly1985 Windows 10 does staggered updates, you should get it within the next few days.

 

[Supernova]

Am not getting the new update ? Windows says am up todate.
This was released yesterday
https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892?ranMID=24542&ranEAID=nOD/rLJHOac&ranSiteID=nOD_rLJHOac-qX3hWuMjErNwzNJATDKqHA&tduid=(5c7a1e0f5c67b10f6c5ca6a55a1cd502)(256380)(2459594)(nOD_rLJHOac-qX3hWuMjErNwzNJATDKqHA)()

Me too. Maybe it's an invisible update?