New Vulnerability hits Intel processors - Lazy FP State Restore
Click here to post a comment for New Vulnerability hits Intel processors - Lazy FP State Restore on our message forum
GREGIX
Dimitrios1983
It's the gift that keeps on giving............................................. This is a perfect gift for an enemy 😉
TheDeeGee
There is a lot more inside than just intel it seems... or perhaps there is barely anything inside due to all the holes.
waltc3
InSpectre #8 could detect the fix, etc.) Guess what--InSpectre hasn't budged from #8--along with no new patches, no new announcements (after that cheery warning on 3/3a/4)--and no new microcode patches for anyone (AMD or Intel) that I can find. So pffffttttt....wtf is going on? I've never seen the vulnerability/patching/information-handling loop in this poor of a shape! Remember that loony Israeli-based company that tried to dive-bomb AMD with--what was it--12?--silly-stoopid "vulnerabilities" with jerkwater nicknames and the whole nine yards? You know, like "Doomsday Planet Buster Supernuke Man-killer Annihilation Extinction Event #415"....???? But golly-gee--oh, gee--it wasn't actually a vulnerability at all unless you have admin rights to the box and physical access! Heck--that sort of thing doesn't even qualify for a cpu bug, really--it's a *simple OS patch fix*! Or *it used to be!* Whole different category--no stupid names, no panic, no muss and no fuss.
I feel like Ripley in Alien 2 after being rescued in deep space after 75 years of freezing her bunns off--when she said, "What? Did IQs drop sharply while I was away?"... 🙄 Something is missing from these announcements--like *credibility*, maybe?
But I believe HH *has got to run the warnings*--because they *might* be real--maybe--and not to run them would be highly irresponsible! Catch-22. I just think that maybe even *most* of these "vulnerabilities" actually are OS bugs in reality that are being misreported by persons who think they know what they are doing and saying when they really are just barely hanging on by their eye teeth!...:( Or...it's deliberate manipulation.
This is unfortunately the era of fake political news and now--my gosh--seems like we are getting *fake cpu vulnerability* news as well??? (This has nothing to do with HH and G3d, btw--he doesn't like this any more than any of us and he says so!) It's easy to sort through the political garbage--if it's a "report" and the sources are "unnamed" or "In hiding," "invisible" or "deceased," etc., (j/k sort of), and it's a lot of bile spewed against a particular politician that consists of 100% accusation and 0% proof of anything--well, that's easy--you know it's fake, right? No doubt about it--take it to the bank, etc. Fake. But what a shame that now none of *us* knows whether the latest Doomsday Nation-Smasher From Outer Space cpu bug "report" was written by someone who knows what he's doing or by somebody with an angle--an ax to grind, or a stock price he's trying to manipulate with this stuff--or simply someone who likes chaos. Etc. ad infinitum.
KUDOs to HH's handling of these seemingly inexhaustible extinction event announcements! I really appreciate his informing us when he doesn't like to make these announcements but nevertheless feels compelled to make them--I agree that he *has to make the announcements*! I give him high marks for dutifully publishing the warnings while at the same time making it known he doesn't actually *know* what is actually the case...!
Just like all of *us*!... 😕 Arrrrrghghghghgh-h-h-h-h-hhhhh... 😡 I'm really too old to be playing Ring Around the CPU bug Posey every other week, eh? I'm certain I am in good company here. about that.
('Kay--just popped another Metoprolol beta-blocker...I'll be fine, really....I will....:D)
Looks to me as if AMD R&D spent over the last five + years has been returning some very handsome roi's for the company of late...:) (What follows is not related to your comment, Kaarme!)
Going to rant a tiny bit here, so please forgive me... This stuff really is getting old, though--is this another "must have admin rights to the local box" scenario? I actually feel for Intel with this crap--OS updates for "cpu bug fixes" are my least favorite mode of address because when you change OSes or switch to a different OS version you need to patch all over again--I much prefer a microcode situation--because then you patch the cpu and don't have to worry about OS-specific patching, etc. It's done and it is over.
This is really getting ridiculous, frankly.
Remember the so-called Spectre 3/3a/4(?) "vulnerabilities" that got publicized just a few weeks ago? (After Spectre2 got fixed and X7007
So that's why Intel can do HIGHER IPC you see ??? they have ALL Security holes, all cause that's what effect the CPU SPEED.
user1
https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-To-4.16-SSBD
only intel requires microcode to fix it, which hasn't yet been released.
microsoft hasnt pushed its patches via windows update yet, which is why inspectre hasnt been updated.
theres no conspiracy, these are real problems, these types of exploits have been theorized for decades, no one had a poc until recently, people know what to look for now is all.
software trusts the cpu to be secure , but it isnt , which is why software must be patched.
Only new hardware can fix these problems, these vulnerabilites are inherent to the design, they cannot be patched with microcode alone, apart from disabling those functions entirely, which would put us back to pre core 2 duo levels of performance, which is simply not an option at this point.
the only way to be completely secure from speculative excution exploits atm, is to not do speculative execution. the only "modern" x86 cpu that doesnt is the first gen intel atom.
perhaps the path those russian elbrus cpus have taken is the way going forward.
linux got patches for spectre v3a/4 in may
Fox2232
Kaarme
gx-x
number of times you, or anyone you know has been hacked by means of any of the so far discovered security holes = 0.
number of times you, or anyone you know will be hacked by means of any of the so far discovered security holes = 0.
user1
gx-x
method of discovering is you see that something you didn't want to get out - got out. Money stolen? Data mysteriously erased? There are a lot of methods of discovery. And no, anti-malware will do nothing to stop/detect/prevent this. 1. those attacks will not be files, so nothing for anti-malware to do. 2. No one uses those attacks, there are easier ways to hack people/companies etc.
Only a matter of time for what? These "holes" have been around for over 10 years (some of them).
People are just paranoid about stupid stuff. Instead of being aware of about real stuff.
Robbo9999
Athlonite
And how exactly did everyone think Intel managed to keep their IPC speeds so high compared to AMD's simple they cut corners and kept cutting those corners because
a: It didn't effect the running of software
b: It allowed Intel to maintain better IPC speeds over AMD which they then touted all over the place
Well now we know how they did it and now that it's being patched Intel are loosing their IPC speed over AMD's soon with all the corners that were cut being patched they'll either have the same IPC speed as AMD or will be behind them
look at it this way, you have two cars exactly the same make model engine output yadda yadda except
car A has all but the drivers seat removed and car B is still stock which car will now be faster car A or car B ..... Car A ofcourse because it now weighs far less than car B yet both cars A and B are still susceptible to the same types of breakdowns But car A is also now more vulnerable because alot of the safety features were removed to save weight
user1