• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

https://www.anandtech.com/show/12533/intel-spectre-meltdown

Intel Publishes Spectre & Meltdown Hardware Plans: Fixed Gear Later This Year
Since the public revelation of the Meltdown and Spectre CPU vulnerabilities early this year, Intel has spent virtually the entire time in a reactionary mode, starting from the moment the vulnerabilities were revealed ahead of schedule. Since then the company has been making progress, albeit not without some significant steps backwards such as faulty microcode updates. However in recent weeks the company finally seems to be turning a corner on their most pressing issues, and this morning is releasing a more forward-looking update to their security issues.

Jumping straight to what AnandTech readers will consider the biggest news, Intel is finally talking a bit about future hardware. Intel is announcing that they have developed hardware fixes for both the Meltdown and Spectre v2 vulnerabilities, which in turn will be implemented into future processors. Both the next version of Intel’s Xeon server/HEDT platform – Cascade Lake – as well as new 8th gen Core processors set to ship in the second half of this year will include the mitigations.

For those not up to date with their Intel codenames, Cascade Lake is the 14nm refresh of Intel’s current Skylake-E/X family. Little official information is available about Cascade Lake, but importantly for datacenter vendors, this lays out a clear timetable for when they can expect to have access to Meltdown and Spectre-hardened silicon for use in new virtual machine servers. Given that virtual machine hosts were among those at the greatest risk here – and more impacted by the performance regressions of the software Meltdown mitigations – this is understandably most crucial market for Intel to address.

Meanwhile for updating Intel’s consumer chips, this is a bit more nebulous. While Intel hasn’t shared the complete text of their announcement with us ahead of press time, their specific wording is that the changes will be included in 8th gen Core processors “expected to ship in the second half of 2018.” Intel hasn’t said what processor family these are (e.g. Cannon Lake?), or for that matter whether these are even going to be traditional consumer chips or just the Core HEDT releases of Cascade Lake. So there is a lot of uncertainty here over just what this will entail. In the interim we have reached out to Intel about how consumers will be able to identify post-mitigation chips, and while we’re still waiting on a more complete response, Intel has told us that they want to be transparent about the matter.

As for the hardware changes themselves, it’s important to note that Intel’s changes only mitigate Meltdown (what Intel calls “variant 3”) and Spectre variant 2. In both cases the company has mitigated the vulnerabilities through a new partitioning system that improves both process and privilege-level separation, going with a “protective walls” analogy.

Intel's Meltdown & Spectre Hardware Mitigations Plans (2018)
Exploit Mitigation
Meltdown Hardware
Spectre variant 1 (bounds check bypass) Software
Spectre variant 2 (branch target injection) Hardware
Unfortunately these hardware changes won’t mitigate Spectre variant 1. And admittedly, I haven’t been expecting Intel (or anyone else) to figure that one out in 2018. The best mitigations for Spectre v1 will remain developer-focused software techniques that avoid putting sensitive data at risk.

The catch is that the more worrying risk with Spectre has always been the v1 variant, as the attack works against rather fundamental principles of speculative out-of-order execution. Which has been why the initial research on the vulnerability class noted that researchers weren’t sure they completely understood the full depth of the issue at the time. And indeed, it seems like the industry as a whole is still trying to fully understand the matter. The one silver lining here is that Spectre v1 can only be used against same-level processes and not admin-level processes. Which is to say that it can still be used for plenty of naughtiness with user data in other user-level applications, but can’t reach into more secure processes.

Moving on, for Intel’s current processors the company has updated their guidance for releasing the mitigation microcode updates. As of last week, the company has released production microcode updates for all of their products released in the last 5 years. In fact on the Core architecture side it goes even farther than that; Intel has now released microcode updates for all 2nd gen Core (Sandy Bridge) and newer processors, including their Xeon and HEDT variants. There are some outstanding questions here on how these updates will be delivered, as it seems unlikely that manufacturers will release BIOS updates for motherboards going back quite that far, but judging from how Intel and Microsoft have cooperated thus far, I’d expect to see these microcode updates also released to Windows Update in some fashion.

Finally, Intel will also be going even further back with their microcode updates. Their latest schedule calls for processors as old as the Core 2 lineup to get updates, including the 1st gen Core processors (Nehalem/Gulftown/Westmere/Lynnfield/Clarksfield/Bloomfield/Arrandale/Clarkdale), and the 45nm Core 2 processors (Penryn/Yorkfield/Wolfdale/Hapertown). This would cover most Intel processors going back to late 2007 or so. It’s worth noting that the 65nm Core 2 processors (Conroe, etc) are not on this list, but then the later Core 2 processors weren’t on the list either at one point.

Intel's Core Architecture Meltdown & Spectre v2 Mitigations
Microarchitecture Core Generation Status
Penryn 45nm Core 2 Microcode Planning
Nehalem/Westmere 1st Planning/Pre-Beta
Sandy Bridge 2nd Microcode Released
Ivy Bridge 3rd Microcode Released
Haswell 4th Microcode Released
Broadwell 5th Microcode Released
Skylake 6th Microcode Released
Kaby Lake 7th Microcode Released
Coffee Lake 8th Microcode Released
H2'2018 Core (Cannon Lake?) 8th Hardware Immune
Cascade Lake X Hardware Immune
Update: Intel has also released a video to go with their announcement, in case you like your information in a visual form.
 
So we can expect hardware fixes for Meltdown and Spectre 2 in the remaining 8th generation Core i CPUs. This isn't really ground-breaking stuff since Meltdown was fixed by OS patches and Spectre 2 is being fixed by microcode updates right now. The real questions are:

- How much performance delta will there be between current chips with the fixes applied and the new chips that don't require fixes? (Answer: minimal for home users I imagine, significant for some server cases.)
- Will they leave the already-released 8th generation chips hanging, or will they release fixed versions (e.g. Core i7-8750K)?
- How many companies will jump on this new hardware and how many will balk at the idea and either not upgrade or go AMD instead?
 
My 2200g is spectre vulnerable, is that right for AMD?

There is a slight (potential) exposure to Spectre:

While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat. We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.

https://www.amd.com/en/corporate/speculative-execution

They seem to have removed the near useless near zero wording :D

How many companies will jump on this new hardware and how many will balk at the idea and either not upgrade or go AMD instead?

Unless there is something absolutely show stopping companies typically don't rush out and replace hardware and will usually still just replace it on their normal cycle - those that are sold on Intel will likely still go Intel those AMD will still go with AMD - there might be some that reconsider their position in light of stuff like this.

I think the more important aspect in choice here will be the nature of what a company is doing - AMD tends to have some significant strengths if you have very threadable work that doesn't necessarily need outright performance in any one area while Intel has some advantages with legacy software which a lot of companies will often still be using and certain areas of performance where threadability is limited.
 
Last edited:
Is this serious for CPU's like the one I have? Am I going to slap a new bios on my system

The 4820K? its vulnerable but what measures you need to take will depend on your usage, currently I'm not aware of an updated BIOS for your system. For the average home user the most important thing is updating your web browser to one that has patched against these vulnerabilities. Then check for OS updates if you want added security.

Where BIOS updates are critical is if you are running software inside a VM that you don't trust or where multiple users can remotely log into the system such as if you are hosting virtual private servers.
 
The 4820K? its vulnerable but what measures you need to take will depend on your usage, currently I'm not aware of an updated BIOS for your system. For the average home user the most important thing is updating your web browser to one that has patched against these vulnerabilities. Then check for OS updates if you want added security.

Where BIOS updates are critical is if you are running software inside a VM that you don't trust or where multiple users can remotely log into the system such as if you are hosting virtual private servers.

Does the x79 use Asmedia USB drivers?
 
Does the x79 use Asmedia USB drivers?

X79 Uses an Intel controller for the chipset USB 1.1/2 ports, USB 3.0 ports use an external controller in my case made by Fresco in some cases might be ASMedia.

Here is the rub for your angle - what people in the other thread can't seem to understand is yes some boards using X79 might have an ASMedia controller, with the same potential lacking security against exploitation, for the additional USB but it can't be accessed via the same path that is suggested is possible with AMD's Promontory chipset (other ways might be found but no current one is known) and even if you did manage to find a way to expose the controller it doesn't have the same sideband access through the chipset into the main system making it much harder maybe even impossible to misuse it in the way that its suggested is possible with the controllers in AMD's Promontory - you can't just change a few lines of code and boom the same exploit works on Intel.
 
Last edited:
The 4820K? its vulnerable but what measures you need to take will depend on your usage, currently I'm not aware of an updated BIOS for your system. For the average home user the most important thing is updating your web browser to one that has patched against these vulnerabilities. Then check for OS updates if you want added security.

Where BIOS updates are critical is if you are running software inside a VM that you don't trust or where multiple users can remotely log into the system such as if you are hosting virtual private servers.

Which browsers are patched? I use chrome, hadn’t used the pc in some time and not sure if it got updated when I was updating windows and the bios(4770k pc so no bios update for this from asus) last week
 
Well ASUS released an updated BIOS / UEFI for my motherboard in January, but after reading about the early releases causing random reboots, I decided not to install it. ASUS has now just released a new BIOS / UEFI which I have installed so I should be all protected now according to all the tools that I have used to test.

I haven't noticed any significant changes in performance either. Just doing a video encode now to test stability and see how it goes.
 
The microcode for Skylake didn’t get updated after all and so is just the same January release. Other CPUs did get stability updates.
ASUS are being very slow at releasing updates. All they have to do is incorporate the microcode.
 
Just seen I missed that Gigabyte released an updated, post-buggy microcode BIOS update on 13th March, F24b for my GA-X99-Gaming 5P (part of the Black Friday "super X99 bundle" from a few years back).
https://www.gigabyte.com/Motherboard/GA-X99-Gaming-5P-rev-10#support-dl

I don't recall what the fist microcode update BIOS was called (I didn't install it after reports of issues by some users due to Intel QA blunder in January), but it has vanished without a trace from the downloads section, it was dated January IIRC.

List of all boards Gigabyte were originally planning to update https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html
 
The microcode for Skylake didn’t get updated after all and so is just the same January release. Other CPUs did get stability updates.
ASUS are being very slow at releasing updates. All they have to do is incorporate the microcode.
The stability issues found with the original round of microcode updates didn't affect Skylake, so the previously retracted microcode updates were just re-issued. From this document, Skylake CPUs are marked as *** and it says:

Intel said:
Lines with “***” were previously recommended to discontinue use. Subsequent testing by Intel has determined that these were unaffected by the stability issues and have been re-released without modification[/quote

Looks like you want microcode revision 0xC2 or later. You can check this by running HWInfo64 and choosing the "summary" view.
 
Just seen I missed that Gigabyte released an updated, post-buggy microcode BIOS update on 13th March, F24b for my GA-X99-Gaming 5P (part of the Black Friday "super X99 bundle" from a few years back).
https://www.gigabyte.com/Motherboard/GA-X99-Gaming-5P-rev-10#support-dl

I don't recall what the fist microcode update BIOS was called (I didn't install it after reports of issues by some users due to Intel QA blunder in January), but it has vanished without a trace from the downloads section, it was dated January IIRC.

List of all boards Gigabyte were originally planning to update https://www.gigabyte.com/MicroSite/481/intel-sa-00088.html

First was f24a.

Seems mine (x99-sli) has f24b now as well, same date. Think I will hold off for a little though, let other people be the guinea pigs before I update :).
 
The stability issues found with the original round of microcode updates didn't affect Skylake, so the previously retracted microcode updates were just re-issued. From this document, Skylake CPUs are marked as *** and it says:
Yeah, I know, isn't that what I said?

The system in my sig has been updated. But I am still waiting for updates from Asus for a H170 system and a Zenbook.
 
Yeah, I know, isn't that what I said?

The system in my sig has been updated. But I am still waiting for updates from Asus for a H170 system and a Zenbook.
I just wanted to clarify, it sounded like you might've been confused as to why the new update had the same microcode in it.
 
Back
Top Bottom