Intel bug incoming? Meltdown and Spectre exploits

mattyfez · 4 Jan 2018 at 23:29

How do we summon gigaman?

He's probably very busy but it would be nice to have some reassurance around upcoming bios updates..

alphaomega16 · 4 Jan 2018 at 23:29

Intel should not be creating any more of these processors and focus on sorting this out pronto.

What a start to the new year for PC Users eh

mattyfez · 4 Jan 2018 at 23:30

BowdonUK said:
I can't imagine everyone doing bios updates.

Sucks if you have an MSI board that might brick if you flash it.

Andromeda1983 · 4 Jan 2018 at 23:33

We could but it's very hard to summon him, rumor is that you need to sacrifice something great!

Broken Hope · 4 Jan 2018 at 23:33

MSTRBKR said:
Gigabyte put out a BIOS update for the motherboard in my gaming PC on 1st Dec 2017 with the release note:

Code:

Update Intel ME for security vulnerabilities

https://www.gigabyte.com/Motherboard/GA-Z170N-WIFI-rev-10#support-dl

Intel ME is Intel Management Engine
https://en.m.wikipedia.org/wiki/Intel_Management_Engine

Hmmmmm

That was a different exploit, Intel haven't had a good run recently.

TrixP10 · 4 Jan 2018 at 23:33

And more from 'The Register' (or is this scare mongering)

https://www.theregister.co.uk/2018/01/04/amazon_ec2_intel_meltdown_performance_hit/

Supernova · 4 Jan 2018 at 23:45

Broken Hope said:
That was a different exploit, Intel haven't had a good run recently.

Damn! Too right they haven't.

Hades · 4 Jan 2018 at 23:48

I'm not 100% sure on this. But reading a few other sites it appears that Linux can load CPU microcode updates at startup. So if you're running Linux then you may not need a BIOS update to mitigate Spectre.

Jono8 · 4 Jan 2018 at 23:59

Pretty much no difference in these tests

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/

ltron · 5 Jan 2018 at 00:13

Hades said:
I'm not 100% sure on this. But reading a few other sites it appears that Linux can load CPU microcode updates at startup. So if you're running Linux then you may not need a BIOS update to mitigate Spectre.

This is correct from my own testing.

smilingcrow · 5 Jan 2018 at 00:30

Hades said:
I'm not 100% sure on this. But reading a few other sites it appears that Linux can load CPU microcode updates at startup. So if you're running Linux then you may not need a BIOS update to mitigate Spectre.

Windows can do something similar but you still need the microcode so not sure where you get that from?

Tee Hee Johnson · 5 Jan 2018 at 01:14

I ran some benchmarks this evening, before and after applying KB4056892 on Windows 10, 1709 with a 6700K.

Sorry my freebie security certificate has expired, will fix tomorrow... its only a .png.

Not much difference across the board, apart from the Crystal Disk Mark results, -11% in some situations.
Realbench fell 1.8%, Cinebench fell about 1.5%, Superposition gained 0.14%.

Basically all fairly within expected benchmark deviations, excluding the Crystal Disk Mark results.

AmateurExpert · 5 Jan 2018 at 01:23

Hades said:
I'm not 100% sure on this. But reading a few other sites it appears that Linux can load CPU microcode updates at startup. So if you're running Linux then you may not need a BIOS update to mitigate Spectre.

Yes, microcode updates are usually delivered via Linux package managers, and you can verify from logs (e.g. if you're on Ubuntu run dmesg) that the kernel applies updates as part of booting:

$ dmesg | grep microcode
[ 1.095824] microcode: CPU0: patch_level=0x08001126
[ 1.095844] microcode: CPU1: patch_level=0x08001126
[ 1.095865] microcode: CPU2: patch_level=0x08001126
[ 1.095873] microcode: CPU3: patch_level=0x08001126
[ 1.095888] microcode: CPU4: patch_level=0x08001126
[ 1.095899] microcode: CPU5: patch_level=0x08001126
[ 1.095916] microcode: CPU6: patch_level=0x08001126
[ 1.095926] microcode: CPU7: patch_level=0x08001126
[ 1.095943] microcode: CPU8: patch_level=0x08001126
[ 1.095951] microcode: CPU9: patch_level=0x08001126
[ 1.095956] microcode: CPU10: patch_level=0x08001126
[ 1.095959] microcode: CPU11: patch_level=0x08001126
[ 1.095975] microcode: CPU12: patch_level=0x08001126
[ 1.095985] microcode: CPU13: patch_level=0x08001126
[ 1.095995] microcode: CPU14: patch_level=0x08001126
[ 1.096003] microcode: CPU15: patch_level=0x08001126
[ 1.096031] microcode: Microcode Update Driver: v2.2.

alphaomega16 · 5 Jan 2018 at 01:35

I was sorting out a new build around the 8700k but I really don't know what to do now.

I find it really hard to believe this level of flaw went unnoticed for so long.

AmateurExpert · 5 Jan 2018 at 01:39

DragonQ said:
Great so nothing is actually fixed, or will be fixed, for the vast majority of consumers.

The screenshot shows that the script addresses two vulnerabilities. The first is one of the Spectre variants, and this requires a microcode update; the second is Meltdown - this is mitigated by the operating system patch alone.

JasonM · 5 Jan 2018 at 01:51

From everything I've read computers will need a BIOS upgrade to counter Spectre type attacks? If so is there any news if Gigabyte will be releasing BIOS updates?

AmateurExpert · 5 Jan 2018 at 01:52

alphaomega16 said:
I was sorting out a new build around the 8700k but I really don't know what to do now.

If you're not intending to run performance-sensitive database workloads or VMs you shouldn't be worried about the performance impact of the Meltdown patch.

alphaomega16 said:
I find it really hard to believe this level of flaw went unnoticed for so long.

Side channel attacks are a relatively recent avenue of research. Remember that up to fairly recently there were so many other simpler and easier to exploit vulnerabilities out there such as buffer overflows etc. to keep everyone busy, it was more important to tackle those first. Perhaps instead it's a sign that as the average level of security hardening increases, research moves onto more obscure avenues of attack; of course this'll inevitably throw up new classes of vulnerability that were not widely known (or at least proven) over time.

JasonM · 5 Jan 2018 at 02:04

alphaomega16 said:
I find it really hard to believe this level of flaw went unnoticed for so long.

On the desktop end it's been there since at least the Pentium 4 x64, quite amazing this has been left like this so long. Think of all the old computers in industry that are running useful software but not really supported any more, I expect vast numbers of computers will never even get any security patches.

Rroff · 5 Jan 2018 at 02:13

JasonM said:
From everything I've read computers will need a BIOS upgrade to counter Spectre type attacks? If so is there any news if Gigabyte will be releasing BIOS updates?

Doubt there will be much of substance from the AIBs, etc. until after the 9th when they will get full information - even then I'll be surprised if there is much in the way of timely updates, etc.

JasonM · 5 Jan 2018 at 02:19

Not sure if this is of interest, but just checked Nvidia Quadro drivers, and the latest Quadro drivers have a fix for the speculative execution issue in them, not sure about Geforce drivers.

http://www.nvidia.co.uk/download/driverResults.aspx/129031/en-uk

Rroff said:
even then I'll be surprised if there is much in the way of timely updates, etc.

Yes I expect it will take ages to get BIOS updates rolled out, I expect some older motherboards may never get updates.