AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Intel out spectre meltdown chip flaw11/12/2023 ![]() It is understandably frustrating to have to spend time and resources patching these vulnerabilities, which displaces planned feature updates and improvements. Intel should be (and probably is behind the scenes) bowing down to the kernel developers who are saving their bacon. So the fixes fall on the operating systems at the kernel level. They’ve already said they won’t be doing a recall, but how would that work anyway? What’s the lead time on spinning up the fabs to replace all the Intel chips in use - yikes! An Intel “fix” would amount to a product recall. These vulnerabilities are in silicon - they can’t be easily fixed with a microcode update which is how CPU manufacturers usually workaround silicon errata (although this appears to be an architectural flaw and not errata per se). Quite good for helping deliver better understanding of how this works. Update: Check Alan Hightower’s explanation of the Meltdown exploit left as a comment below. If you’re clever enough, you can reconstruct the restricted data by iterating on this trick many many times.įor the most comprehensive info, you can read the PDF whitepapers on Meltdown and Spectre. The exploit uses a clever guessing game to look at other files also returned by the predictor to which you do have access. Obviously you don’t, so that memory will not be made available for you to read. To boost speed, these processors keep a cache of past branch behavior in memory and use that to predict future branching operations. Branch predictors load data into memory before checking to see if you have permissions to access that data. ![]() The attack exploits something called branch prediction. His use of the term “layman” may be a little more high level than normal - this is something you need to read. Spectre is not limited to Intel, but also affects AMD and ARM processors and kernel fixes are not expected to come with a speed penalty.įriend of Hackaday and security researcher extraordinaire Joe Fitz has written a superb layman’s explanation of these types of attacks. Meltdown is specific to Intel processors and kernel fixes (basically workarounds implemented by operating systems) will result in a 5%-30% speed penalty depending on how the CPU is being used. Since this has bubbled up in watered-down versions to the highest levels of mass media, let’s take a look at what Meltdown and Spectre are, and also see what’s happening in the other two rings of this three-ring circus. However, as a Hackaday reader, you are likely the person who others turn to when they need to get the gist of news like this. ![]() We’re certain that by now you’ve heard of (and are maybe tired of hearing about) Meltdown and Spectre. This week we’ve seen a tsunami of news stories about a vulnerability in Intel processors. ![]()
0 Comments
Read More
Leave a Reply. |