A major security vulnerability has been found in Intel processors dating back many years. The workaround, which Windows and Linux users are about to receive, is an OS-level patch that reduces performance significantly.

Edit: There appear to be two very serious vulnerabilities, only one of which is about to be provided with an OS-level patch: Meltdown and Spectre. Meltdown affects all Intel processors since 1995 and will be fixed by the patch (at a performance cost), while Spectre is harder to patch and affects "most" processors by all manufacturers. There are efforts to fix compilers so they no longer produce code vulnerable to Spectre, but the problem will linger in unpatched software. There's quite a good short technical explanation here.


That is insane. Sucks that the Linux patches, at least, are rolling out for everyone, so AMD users will still see the performance hit even though they're apparently not vulnerable to the bug.

The Register thinks that AMD kind of spilled the beans on the nature of the vulnerability, and has seen proof-of-concept code that appears to confirm this:

    It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.

posted by rrrrr: 196 days ago