ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
DAMIEN1307
Level 5
Level 5
Posts: 770
Joined: Tue Feb 21, 2017 8:13 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by DAMIEN1307 » Wed Jan 10, 2018 9:20 pm

hi phil995511...please take note that "The microcodes security patches of Ubuntu" appear to be ONLY the microcodes for INTEL chipsets...the current most up to date microcode for AMD chpset is 3.20171205.1 released today Jan 10th 2018 and can be found here... http://ftp.us.debian.org/debian/pool/no ... microcode/ ,,,DAMIEN

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1130
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Arch_Enemy » Thu Jan 11, 2018 12:11 am

michael louwe wrote:@ Harfud, .......
Harfud wrote:It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...

But quite another if there is no intention to produce updates for over 5 year old CPUs.

My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
.
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
Windows versions are alive and up and running on workstations and 'cash registers' all the way back to 2000. Lots of things are running old versions of windows.

Lots of things are running customized versions of Linux as well, but usually on ARM processors.
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1130
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Arch_Enemy » Thu Jan 11, 2018 12:12 am

Harfud wrote:
BigEasy wrote:There is unique situation. Until now malvare always came first then cure delivered. Now there is no malwares at all (well, no yet). But cure exists. It is great, so not?
This begs a couple of questions...

If those who discovered these hardware vulnerabilities had said nothing to anybody would malware producers ever have discovered the vulnerabilities to exploit ?

The vulnerabilities have been there for over ten years without that happening, so to what extent is this a manufactured panic ?

This isn't a case of a software bug, it's exploitable hardware flaws that have never yet been exploited and may never have been exploited - But they certainly will be now as a result of the revelation.
Just what I was wondering as well. Sometimes it's best just to remain silent...
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4138
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Fred Barclay » Thu Jan 11, 2018 12:19 am

Arch_Enemy wrote:
Harfud wrote: This isn't a case of a software bug, it's exploitable hardware flaws that have never yet been exploited and may never have been exploited - But they certainly will be now as a result of the revelation.
Just what I was wondering as well. Sometimes it's best just to remain silent...
I disagree. If it wasn't reported, someone with less than honourable intentions would have eventually discovered the flaws and used 'em against us. But then, we'd have a bunch of compromised machines and folks doing active exploits.
The way it panned out is far better, in my opinion.

Now it would have been nice if word hadn't leaked out until the Linux kernel guys, Microsoft, and Apple had all finished and released the patches. But that's another story...
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
michael louwe
Level 9
Level 9
Posts: 2590
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Thu Jan 11, 2018 1:58 am

http://news.softpedia.com/news/intel-re ... 9316.shtml
Intel Releases Processor Microcode Patch for Linux OSes, Here's How to Update

User avatar
michael louwe
Level 9
Level 9
Posts: 2590
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Thu Jan 11, 2018 2:22 am

@Harfud, .......
Harfud wrote:This begs a couple of questions...

If those who discovered these hardware vulnerabilities had said nothing to anybody would malware producers ever have discovered the vulnerabilities to exploit ?

The vulnerabilities have been there for over ten years without that happening, so to what extent is this a manufactured panic ?

This isn't a case of a software bug, it's exploitable hardware flaws that have never yet been exploited and may never have been exploited - But they certainly will be now as a result of the revelation.
The Meltdown & Spectre bugs only allow hackers to spy on computers for users' passwords, emails, login credentials, etc = would not have been detected by the users or their AV programs.
... It is possible that State-actors and/or hackers had known about the bugs and deployed exploits from about 2 decades ago, similar to how the NSA/CIA had secretly deployed the EternalBlue/SMBv1 exploit for many years to spy on certain targets before it was publicly revealed/leaked in April 2017. For all we know, Intel could have intentionally created buggy hardware as backdoors for the NSA, eg the Intel ME vulnerability. Eg ...
(source; Edward Snowden - https://www.theguardian.com/world/2013/ ... -user-data )
.
So, if we are not high-value targets for the NSA and hackers, we should be quite safe, even if unpatched for the Meltdown & Spectre bugs, eg we are not terrorists, politicians/activists, celebrities, CEOs/enterprises, rich online shoppers, etc.
Last edited by michael louwe on Thu Jan 11, 2018 5:19 am, edited 2 times in total.

User avatar
michael louwe
Level 9
Level 9
Posts: 2590
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Thu Jan 11, 2018 4:56 am

http://metadata.ftp-master.debian.org/c ... _changelog
(Intel microcode changelogs list)

http://xlab.tencent.com/special/spectre ... check.html
(Browser check for Spectre vulnerability)

https://github.com/hannob/meltdownspectre-patches
(Summary of Meltdown & Spectre patches as of 9 Jan 2018)

If the Intel microdode is newer than 2017-10-31, your CPU microcode should be updated for the Spectre bug. If it is older, Intel may or may not release an update for your CPU or you did not install the microcode package correctly.
Last edited by michael louwe on Thu Jan 11, 2018 5:17 am, edited 2 times in total.

User avatar
xenopeek
Level 24
Level 24
Posts: 22626
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Thu Jan 11, 2018 5:08 am

michael louwe wrote:http://xlab.tencent.com/special/spectre ... check.html
(Browser check for Spectre vulnerability)
Thanks! Very useful to check the browsers on my phone.
Image

Harfud
Level 1
Level 1
Posts: 47
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Thu Jan 11, 2018 5:37 am

Fred Barclay wrote: Now it would have been nice if word hadn't leaked out until the Linux kernel guys, Microsoft, and Apple had all finished and released the patches. But that's another story...
And I suspect that's a story that we'll hear rather more about once the immediate dust settles.

9th January seems to have been a contentious date in all of this.

User avatar
Pjotr
Level 20
Level 20
Posts: 10637
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr » Thu Jan 11, 2018 5:51 am

Fred Barclay wrote:
Arch_Enemy wrote:
Harfud wrote: This isn't a case of a software bug, it's exploitable hardware flaws that have never yet been exploited and may never have been exploited - But they certainly will be now as a result of the revelation.
Just what I was wondering as well. Sometimes it's best just to remain silent...
I disagree. If it wasn't reported, someone with less than honourable intentions would have eventually discovered the flaws and used 'em against us. But then, we'd have a bunch of compromised machines and folks doing active exploits.
The way it panned out is far better, in my opinion.

Now it would have been nice if word hadn't leaked out until the Linux kernel guys, Microsoft, and Apple had all finished and released the patches. But that's another story...
I absolutely agree with Fred. "Security by obscurity" is a dangerous myth, which has been debunked convincingly a long time ago.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

phil995511
Level 4
Level 4
Posts: 248
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Thu Jan 11, 2018 6:10 am

DAMIEN1307 wrote:hi phil995511...please take note that "The microcodes security patches of Ubuntu" appear to be ONLY the microcodes for INTEL chipsets...the current most up to date microcode for AMD chpset is 3.20171205.1 released today Jan 10th 2018 and can be found here... http://ftp.us.debian.org/debian/pool/no ... microcode/ ,,,DAMIEN
Thank Damien you I use only a Intel CPU.

Good day to you.
Mint 19 64 bits Cinnamon

User avatar
ArtGirl
Level 4
Level 4
Posts: 392
Joined: Sat Apr 15, 2017 1:16 pm
Location: UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl » Thu Jan 11, 2018 6:40 am

michael louwe wrote: http://xlab.tencent.com/special/spectre ... check.html
(Browser check for Spectre vulnerability)
A Chinese site came up, then 'easylist china' was activated (by Adblock Ultimate; have removed it). :shock: Very briefly turned on Java, and then it's English and the checker comes up. It's saying 'not vulnerable' (Waterfox), so a happy ending. :)
18.3 Mate 64bit
Radeon R9 255, Mesa 17.2.8, 4.15.0-13,
Lenovo x310, intel i7-4790, 16 ram,
Ugee 2150


For any advice I've been able to add, eg re graphics tablets, please search forum.

Image

benchrest
Level 2
Level 2
Posts: 60
Joined: Tue Jan 17, 2012 2:19 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by benchrest » Thu Jan 11, 2018 10:38 am

I am confused! I have an AMD FX-4100
So I do not have the Meltdown problem.
With regards to Spectre I have Firefox 57.0.4 I do not have the Spectre problem with the browser. Going to the web site tencent it tells me I do not have browser exposure to Spectre.
Now it gets a little confusing.
Update manager has a new kernel to install, 4.13.0-26.29~16.04.2 Is this just for Intel processors? I think I need to install it also. It won't turn my machine into a brick as I have read? I think that was an earlier version that Ubuntu replaced quickly.
And how about reference in this topic to needing microcode for AMD. Is that a new BIOS or reference to the Linux Kernel that is in my update manager. Not sure. I wish I could find a detailed description of what I need to do.
LM Cinnamon 18.3, ASUS M5A97 R2.0 MB, FX-4100, Samsung SSD 850 Pro 256gb, dual 23" monitors. Big user of Gramps, L.O., Unison, Synapse. Entire system on SSD, also WD black 500gb..

User avatar
michael louwe
Level 9
Level 9
Posts: 2590
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Thu Jan 11, 2018 10:59 am

@ benchrest, .......
benchrest wrote:...
.
AFAIK, your AMD processor does not need the Ubuntu kernel patch for Meltdown(=CVE-2017-5754), ie do not install kernel 4.13.26. Even if you do install it, it has no effect on your AMD processor, ie the KPTI fix is not applied. The KPTI fix is only applied when Linux detects an Intel processor. No point risking it.

To fully mitigate against Spectre1(= CVE-2017-5753), both the browser and OS have to be patched. Most major browsers have been patched. Windows, MacOS and Linux have been patched.

To fully mitigate against Spectre2(CVE-2017-5715), both the OS kernel and CPU need to be patched. AMD claimed that their processors are nearly not susceptible to Spectre2. So, AMD processors likely do not need to be patched = same situation as for Meltdown. Windows has been patched. Red Hat Ent and Suse Ent have been patched. Seems, some Linux distros, eg Ubuntu, have not been patched.

Please refer to this link to check for Linux vulnerability to Meltdown & Spectre by just using the Terminal ... https://www.ghacks.net/2018/01/11/check ... erability/

viewtopic.php?f=46&t=261398 (= the Ubuntu Meltdown/KPTI patch bricking a Lenovo AMD-based computer.)

User avatar
Spearmint2
Level 15
Level 15
Posts: 5713
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 » Thu Jan 11, 2018 1:39 pm

And how about reference in this topic to needing microcode for AMD. Is that a new BIOS or reference to the Linux Kernel that is in my update manager. Not sure. I wish I could find a detailed description of what I need to do.
There is an AMD64-microcode available in Package Manager, but it's from 2013, so not for this problem. I've never applied it to my 64 bit processor from mid-2009 and not had any problems.

Processor microcode firmware for AMD CPUs
This package contains microcode patches for all AMD AMD64
processors. AMD releases microcode patches to correct
processor behavior as documented in the respective processor
revision guides.


I doubt it's even needed for processors newer than 2013-2014 era.

I did update my AMD computer to the following "fixed" kernel for 17.3 mint, even though it's for MeltDown and I didn't need it, and have had no problems with it. I just did it to see if it would affect AMD or not.

Code: Select all

inxi -S
System:    Host: mint16 Kernel: 3.13.0-139-generic i686 (32 bit) Desktop: MATE 1.12.0
           Distro: Linux Mint 17.3 Rosa
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

benchrest
Level 2
Level 2
Posts: 60
Joined: Tue Jan 17, 2012 2:19 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by benchrest » Thu Jan 11, 2018 2:55 pm

I installed the Firefox 57.0.4 and the new webkit update for spectre and will check for new info occasionally. Not installing the kernel update. Thanks for the info. Ran the terminal check for vulnerabilities and think I am ok.
LM Cinnamon 18.3, ASUS M5A97 R2.0 MB, FX-4100, Samsung SSD 850 Pro 256gb, dual 23" monitors. Big user of Gramps, L.O., Unison, Synapse. Entire system on SSD, also WD black 500gb..

phil995511
Level 4
Level 4
Posts: 248
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Thu Jan 11, 2018 2:58 pm

benchrest wrote:I am confused! I have an AMD FX-4100
So I do not have the Meltdown problem.
With regards to Spectre I have Firefox 57.0.4 I do not have the Spectre problem with the browser. Going to the web site tencent it tells me I do not have browser exposure to Spectre.
Now it gets a little confusing.
Update manager has a new kernel to install, 4.13.0-26.29~16.04.2 Is this just for Intel processors? I think I need to install it also. It won't turn my machine into a brick as I have read? I think that was an earlier version that Ubuntu replaced quickly.
And how about reference in this topic to needing microcode for AMD. Is that a new BIOS or reference to the Linux Kernel that is in my update manager. Not sure. I wish I could find a detailed description of what I need to do.
As Damien1307 said above there is a firmware for AMD CPU that has just been released here :

http://ftp.us.debian.org/debian/pool/no ... microcode/

Best regards.
Mint 19 64 bits Cinnamon

Pat D
Level 4
Level 4
Posts: 360
Joined: Thu Jul 14, 2016 2:31 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D » Thu Jan 11, 2018 6:22 pm

I found this:
https://www.ghacks.net/2018/01/11/check ... erability/

and when I followed the instructions, I got these results - can anybody interpret this for me?

Code: Select all

sudo sh spectre-meltdown-checker.sh
[sudo] password for devlin: 
Spectre and Meltdown mitigation detection tool v0.27

Checking for vulnerabilities against live running kernel Linux 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*   Hardware (CPU microcode) support for mitigation:  NO 
*   Kernel support for IBRS:  NO 
*   IBRS enabled for Kernel space:  NO 
*   IBRS enabled for User space:  NO 
* Mitigation 2
*   Kernel compiled with retpoline option:  NO 
*   Kernel compiled with a retpoline-aware compiler:  NO 
> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)

A false sense of security is worse than no security at all, see --disclaimer

User avatar
Pjotr
Level 20
Level 20
Posts: 10637
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr » Thu Jan 11, 2018 6:40 pm

@Pat D: Meltdown is apparently the more dangerous of the two security holes. That one's (more or less) taken care of, for now, in your current kernel. Spectre is less acutely dangerous, because (if I'm not mistaking) local access is needed.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

benchrest
Level 2
Level 2
Posts: 60
Joined: Tue Jan 17, 2012 2:19 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by benchrest » Thu Jan 11, 2018 7:42 pm

AMD has now said they have a vulnerability to the spectre problem. Stock down after the announcement. The terminal program that checks for vulnerabilities doesn't really check, but goes by what the manufacturer has said. So it looks like I will need the kernel update. But will the update need revised with the new revelation. Stay tuned for the sequel.
Rich
LM Cinnamon 18.3, ASUS M5A97 R2.0 MB, FX-4100, Samsung SSD 850 Pro 256gb, dual 23" monitors. Big user of Gramps, L.O., Unison, Synapse. Entire system on SSD, also WD black 500gb..

Post Reply

Return to “Open chat”