You are Here:
Linux Lite 4.0 Final has been released. See the Release Announcements Section.




Meltdown & Spectre Information and Discussion

Author (Read 12669 times)

0 Members and 1 Guest are viewing this topic.

Meltdown & Spectre Information and Discussion
« on: January 03, 2018, 11:36:05 AM »
 

Ottawagrant

  • Forum Regular
  • ***
  • 163
    Posts
  • Country: ca
  • Reputation: 26
  • Linux Lite Member

  • Linux Lite: 3.8 64bit

  • CPU: Intel Duo Core 2 E8600 @ 3.33GHz

  • MEMORY: 8Gb

  • VIDEO CARD: Intel Q45/Q43
Happy New Year Everyone:
What better way to ring in 2018 than to scramble and fix a ten-year-old security flaw in the processor.
There is a kernel memory leak in Intel processors design that now put Windows and Linux users in harms ways as programmers rush to apply patches as quickly as possible.

https://www.onmsft.com/news/intels-kernel-memory-leak-flaw-forces-microsoft-others-to-apply-performance-slowing-patch

But wait!
As for Linux users, there are patches for the Linux kernel available now.
Last Edit: January 23, 2018, 06:01:21 PM by Jerry
 


Re: Meltdown & Spectre Information and Discussion
« Reply #1 on: January 03, 2018, 11:54:09 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 593
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Which means?
Just  keep loading LL updates and all will be solved??
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL4.0 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Meltdown & Spectre Information and Discussion
« Reply #2 on: January 03, 2018, 06:48:13 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6120
    Posts
  • Country: nz
  • Reputation: 548
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
A good, simple breakdown:

Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 

Re: Meltdown & Spectre Information and Discussion
« Reply #3 on: January 03, 2018, 06:55:10 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6120
    Posts
  • Country: nz
  • Reputation: 548
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 

Re: Meltdown & Spectre Information and Discussion
« Reply #4 on: January 03, 2018, 11:55:42 PM »
 

Coastie

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 655
    Posts
  • Country: us
  • Reputation: 50
  • Linux Lite User

  • Linux Lite: 3.8 64bit

  • CPU: AMD A10-6700 (ASUS M32)

  • MEMORY: 12Gb

  • VIDEO CARD: ADM Radeon HD (integrated)
@Jerry, watched video but it was beyond my understanding.  :-[ Glad my main computer is AMD based on the recommendations of the ghost formerly know as Spatry.  ;)


Left Mac OS X for Linux in Jan 2014
 

Re: Meltdown & Spectre Information and Discussion
« Reply #5 on: January 04, 2018, 04:48:36 AM »
 

TMG1961

  • I come here a lot
  • *****
  • 497
    Posts
  • Country: nl
  • Reputation: 67
  • Linux Lite Member

  • Linux Lite: 4.0 64bit

  • CPU: Dual core Intel Celeron N2830

  • MEMORY: 8Gb

  • VIDEO CARD: Intel Atom Processor Z36xxx/Z37xxx Series Graphics & Display
The video lost me about 10 seconds after it started. I have no idea what he is talking about.
Life on earth is expensive but it does include a free trip around the sun.
 

Re: Meltdown & Spectre Information and Discussion
« Reply #6 on: January 04, 2018, 06:50:16 AM »
 

ian_r_h

  • Merchandise Supporter
  • Occasional Poster
  • *****
  • 87
    Posts
  • Country: gb
  • Reputation: 9
  • Linux Lite Member

  • Linux Lite: 3.6 64bit
Thanks for this.  Though I'm not sure how well I understand some parts.

In essence, and from technical news posts, my understanding is that (anyone has better knowledge may correct me):-

  • Intel processors since the 1990s are vulnerable to this because of using the "speculative" approach.  But cancelling this approach can greatly slow processing in processor-intensive tasks.
  • AMD prcoessors are technically unknown according to some reports, and unaffected by others; and possibly affected in their own right by others (I don't have the sources to hand).  My take is that it is unknown/thought unlikely to affect AMD processors.
  • My take is also that it requires local access to exploit (as known at the moment), but whether that will continue the case isn't reported on in the items I've read.
  • This has been known about for some time.
  • The problem requires fixing at the OS level.

I'm presuming that using Intel processors with the current kernel 4.4.x series in Linux Lite leaves it theoretically vulnerable; though I understand that at present there is no malware exploiting the problem?

Don't worry about artificial intelligence.  Worry about natural stupidity.  :)
 

Re: Meltdown & Spectre Information and Discussion
« Reply #7 on: January 04, 2018, 07:01:01 AM »
 

JmaCWQ

  • Do big things!
  • Forum Regular
  • ***
  • 227
    Posts
  • Country: au
  • Reputation: 44
  • And life goes on...

  • Linux Lite: 1.0.0

  • CPU: Dual Core AMD E2-2000 APU

  • MEMORY: 4Gb

  • VIDEO CARD: AMD Wrestler [Radeon HD 7340]
 

Re: Meltdown & Spectre Information and Discussion
« Reply #8 on: January 04, 2018, 10:11:57 AM »
 

ian_r_h

  • Merchandise Supporter
  • Occasional Poster
  • *****
  • 87
    Posts
  • Country: gb
  • Reputation: 9
  • Linux Lite Member

  • Linux Lite: 3.6 64bit
OK.

I've had a few minutes to research this further, since coming to it myself first time first thing this morning.

There are two bugs reported:  MELTDOWN and SPECTRE.  According to Wikipedia:-

"The Meltdown vulnerability can be thought of as a particularly easy and efficient-to-implement special case of Spectre."  Note that there is no citation and it is reported as needing one; indeed citation is lacking in the Spectre entry at this time.

"Two Common Vulnerabilities and Exposures IDs related to Spectre, CVE-2017-5753 and CVE-2017-5715, have been issued."

Spectre affects Intel, AMD and ARM processors.

"[Meltdown] was issued a Common Vulnerabilities and Exposures ID of CVE-2017-5754."

Meltdown affects Intel processors and "does not seem to affect AMD microprocessors".

The Wikipedia entries are at:-

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)
https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)

There is a website for Meltdown and Spectre (which both Wikipedia articles label as the "official website") at:

https://meltdownattack.com/

Hope this helps, though I'm still reading up on it at the moment.
Don't worry about artificial intelligence.  Worry about natural stupidity.  :)
 

Re: Meltdown & Spectre Information and Discussion
« Reply #9 on: January 04, 2018, 11:35:49 AM »
 

trinidad

  • Gold Level Poster
  • *******
  • 767
    Posts
  • Country: us
  • Reputation: 139
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
I have two Windows 10 machines that have been already patched (both originally developer/insider mode) and have had no problems so far, and no noticeable performance issues though there are reports of some VM complications elsewhere. In the case of Linux this is another OEM hardware nuisance which like all such nuisances diffuses down to ordinary users with some over-reaction. Spectre is a threat to ordinary users but only on multi-user boxes i/e - do you trust your wife? I played around with this issue some years back on a Suse Linux system I administrated. It has been known in some form or another for quite a while, but developers never looked at it as particularly threatening. It's the nature of CPUs themselves to not be secure, and again this problem lies within the the whole idea of low level proprietary code. It should be a legal issue with tart recourse to the courts, but who's big enough to sue, maybe Google, or Amazon. Big business is a strangely esoteric political beast here in the US - The government bails out GM but upholds a billion dollar penalty against Ford for bad tires. I can't think of a company in recent history that deserved a class action suit against them more than Intel. As far as civil disobedience perhaps a well organized boycott of Google and Amazon would do the trick but in a lot of ways consumerism is an addiction so that would be awfully hard to organize. Buying a computer for your kids to use is a lot like taking your kids to the doctor. The difference is that most doctors live by a code of ethics, while OEM hardware is produced with an eye to insulating the developers from any liability. Intel developers don't need malpractice insurance. Intel is so big and internationalized that the US government must cast a wary eye on their hardware to protect itself. I have often thought that the first line of recourse for the government is to use the SEC to suspend trading of Intel, and then go from there.

TC

Additionally: "News" of this is hardly new. Only the exploit news part of it, which was held back by Google in agreement with Intel. I highly doubt that AMD is not vulnerable with a modified version. Any 64bit multt-core cached cpu is vulnerable. This has always been known of speculative processes. The bigger the processor the greater the possibility of stealing information. That is the only reason this has suddenly become important. CPUs are finally big enough to cough up and spew considerable information via the hack. Hilariously the hack will still work even with the patch by simply falling back to the old kernel address system. It is not a permanent solution. The permanent solutuion is full and complete free access to CPU microcode.

   
Last Edit: January 04, 2018, 03:17:28 PM by trinidad
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #10 on: January 04, 2018, 05:45:05 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1257
    Posts
  • Country: us
  • Reputation: 134

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Meh,

Code: [Select]
~$ inxi -f
CPU:       Single core AMD Athlon 64 3800+ (-UP-) cache: 512 KB
           speed/max: 1000/2400 MHz
           CPU Flags: 3dnow 3dnowext 3dnowprefetch apic clflush cmov
           cr8_legacy cx16 cx8 de extapic extd_apicid fpu fxsr fxsr_opt
           lahf_lm lm mca mce mmx mmxext msr mtrr nopl nx pae pat pge pni pse
           pse36 rdtscp rep_good sep sse sse2 svm syscall tsc vme vmmcall

$ inxi -S
System:    Host: biker Kernel: 4.4.0-104-generic x86_64 (64 bit)
           Desktop: Xfce 4.12.3 Distro: Ubuntu 16.04 xenial
$ cat /etc/llver
Linux Lite 3.6


Edit: Just to explain myself. In my area. I am more likely to have have my car stereo stolen stolen than this exploit to take hold on my computers.
I care more about the stereo.
Last Edit: January 04, 2018, 06:28:25 PM by rokytnji
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Meltdown & Spectre Information and Discussion
« Reply #11 on: January 05, 2018, 02:32:11 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6120
    Posts
  • Country: nz
  • Reputation: 548
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960



Just to explain myself. In my area. I am more likely to have have my car stereo stolen stolen than this exploit to take hold on my computers.
I care more about the stereo.

Indeed. Are hackers going to target Joe Nothing living at 123 Who Cares Street or do they have juicer targets?

Sent from my Mobile phone using Tapatalk

Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 

Re: Meltdown & Spectre Information and Discussion
« Reply #12 on: January 05, 2018, 02:40:03 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6120
    Posts
  • Country: nz
  • Reputation: 548
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
Ubuntu plan to release Kernel updates early next week, in or around the 9th.

Sent from my Mobile phone using Tapatalk

Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 

Re: Meltdown & Spectre Information and Discussion
« Reply #13 on: January 05, 2018, 03:59:02 AM »
 

ian_r_h

  • Merchandise Supporter
  • Occasional Poster
  • *****
  • 87
    Posts
  • Country: gb
  • Reputation: 9
  • Linux Lite Member

  • Linux Lite: 3.6 64bit
An update on (hopefully) reputable and authoritative information sources this morning regarding Meltdown and Spectre.

Personally I agree with Jerry:  Don't panic - there is no known malware exploiting these yet.  Meltdown looks specific to Intel, and is the "easier" both to exploit and to patch; Spectre affects many more processors (including ARM and AMD as well as Intel), and is both harder to exploit and patch.  At least according to these websites.

BBC News has two articles which may be of interest (the second if you are also an Apple user):
http://www.bbc.co.uk/news/technology-42562303
http://www.bbc.co.uk/news/technology-42575033

Leading cryptography expert Bruce Schneier says he plans to write more soon on his blog, and has a brief summary of the technical issue that is easy to read:
https://www.schneier.com/

4.4.x series updated in Kernel 4.4.109 (among other versions):
https://fullcirclemagazine.org/2018/01/04/linux-kernels-4-14-11-4-9-74-4-4-109-3-16-52-and-3-2-97-patch-meltdown-flaw/

The Department of Homeland Security (USA) website contains additional information on the general problem, as well as links to vendor-specific information:
https://www.us-cert.gov/ncas/alerts/TA18-004A

Threatpost has details on ARM and AMD chips not affected by Spectre (according to the manufacturers) among other things:
https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/

Happy Computing! :)
Don't worry about artificial intelligence.  Worry about natural stupidity.  :)
 

Re: Meltdown & Spectre Information and Discussion
« Reply #14 on: January 05, 2018, 06:51:54 AM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1257
    Posts
  • Country: us
  • Reputation: 134

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
If you wanna do a quick check on your own. Just for piece of mind I guess.


Code: [Select]
dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000

<use sudo in Linux Lite>

Linus Torvalds thoughts on all of this hoopla.

https://lkml.org/lkml/2018/1/3/797



[color=inherit ! important][size=13px ! important][/size][/color]
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 


 


Linux Lite 4.0 Final has been released. See the Release Announcements Section.