ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 2:32 pm

From what I've been able to ascertain from various Intel statements...

90% of less than five year old CPUs have had new microcode already...

The remaining 10% of less than five year old CPUs will have new microcode before the end of January...

The 'vast majority' of between five and ten year old CPUs will have new microcode 'in the coming weeks'...

As for over ten year old CPUs the line seems to be that Intel are working with PC manufacturers to determine which ones to prioritize based on what the manufacturers see as 'systems in the field'...

Everything I've put in quotes are actual words from Intel.

My question is: The vast majority of users won't seek out the microcode for their CPU and apply it themselves, to do that they've got to know what it is, when it's available, and how to apply it. How will this vast amount of microcode produced in the coming weeks be distributed, via update manager ? Via driver manager ?

kitaubila
Level 1
Level 1
Posts: 21
Joined: Tue Jan 03, 2017 7:03 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by kitaubila » Wed Jan 10, 2018 2:39 pm

I'm confused with this microcode stuff?
I'm using LM 17 and 18 thrue virtualbox. Do I still need to update this :? ?

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 2:50 pm

kitaubila wrote:I'm confused with this microcode stuff?
I'm using LM 17 and 18 thrue virtualbox. Do I still need to update this :? ?
New microcode for your particular CPU may not even exist yet, it doesn't for any of my CPUs and doesn't look likely to in the immediate future, but does look likely to in the slightly longer term future.

I don't think that anybody is 100% clear on the full microcode situation yet, not even Intel judging from their statements, but yes it is likely that your microcode will need updating - In time.

User avatar
Pjotr
Level 21
Level 21
Posts: 13504
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr » Wed Jan 10, 2018 2:51 pm

Harfud wrote:The 'vast majority' of between five and ten year old CPUs will have new microcode 'in the coming weeks'
OK... Can you give a source for this?
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

Laurent85
Level 16
Level 16
Posts: 6100
Joined: Tue May 26, 2015 10:11 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Laurent85 » Wed Jan 10, 2018 2:52 pm

Harfud wrote:How will this vast amount of microcode produced in the coming weeks be distributed, via update manager ? Via driver manager ?
Either through manufacturer bios update, the recommended method. If no bios update available then through microcode package installation and dynamic update on each boot up, init file will inject microcode update to cpu.

Notice Linux kernel also needs new code implementation to address Spectre vulnerabilities, new code currently under development and still not available in official kernel sources tree, hopefully in the coming weeks. Microcode update is useless with an unmodified kernel.
Image

User avatar
Spearmint2
Level 16
Level 16
Posts: 6753
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 » Wed Jan 10, 2018 2:53 pm

kitaubila wrote:I'm confused with this microcode stuff?
I'm using LM 17 and 18 thrue virtualbox. Do I still need to update this :? ?
If your host OS is windows, AND you have an Intel processor, you need the fix that microsoft has provided. Somewhere I remember seeing a fix for virtual box too, or was VM virtual box program.

I see this, but it's for servers running clients on them, since the exploit has to be done locally, for client to break out of the virtual machine to access the server it's on, for Spectre. Seemingly any patch for the intel MeltDown is taken care of by the host system and only patches against Spectre is needed on virtual machines.
https://www.vmware.com/us/security/advi ... -0002.html
https://www.virtualizationhowto.com/201 ... -affected/

Here's what I found for virtual box program.
https://forums.virtualbox.org/viewtopic ... 8&p=410278
Last edited by Spearmint2 on Wed Jan 10, 2018 3:06 pm, edited 1 time in total.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 2:57 pm

Pjotr wrote:
Harfud wrote:The 'vast majority' of between five and ten year old CPUs will have new microcode 'in the coming weeks'
OK... Can you give a source for this?
From a statement posted by another poster in this thread two or three pages back...

Intel, working with makers of computers and their operating system software, plans patches that'll bring "complete mitigations" to computers using Intel chips designed in the last five years, said Steve Smith, Intel's general manager for data center engineering. The majority are already done, Krzanich said. For chips up to 10 years old, fixes will be released in coming weeks for the "vast majority" of Intel chips, Smith said.

Asked why Intel isn't talking about fixes for machines more than a decade old, Smith said, "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field."

Intel also is fixing the problem in future chips, starting with products that will arrive later this year, Smith said. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.

"We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."

User avatar
Pjotr
Level 21
Level 21
Posts: 13504
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr » Wed Jan 10, 2018 3:11 pm

@Harfud: thanks.
Tip: 10 things to do after installing Linux Mint 19.2 Tina
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
michael louwe
Level 10
Level 10
Posts: 3300
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jan 10, 2018 3:30 pm

@ Pjotr, .......
Pjotr wrote:...
.
https://www.cnet.com/news/meltdown-spec ... processor/ (dated 4 Jan 2018)
Intel, working with makers of computers and their operating system software, plans patches that'll bring "complete mitigations" to computers using Intel chips designed in the last five years, said Steve Smith, Intel's general manager for data center engineering. The majority are already done, Krzanich said. For chips up to 10 years old, fixes will be released in coming weeks for the "vast majority" of Intel chips, Smith said.

Asked why Intel isn't talking about fixes for machines more than a decade old, Smith said, "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field."

Intel also is fixing the problem in future chips, starting with products that will arrive later this year, Smith said. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.

"We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 4:07 pm

All of this begs the question of why couldn't Intel have just issued a clear press release regarding microcode for all CPUs instead of Harfud needing to read various speeches made by the Intel CEO and General Manager in order to piece together the overall situation ?

I get up to five year old CPUs first, I get when they're done up to ten years old, I get their taking advice as to how many of each type of over ten year old CPUs are still in front line use so as to prioritise which to fix, I get that will take time that they cannot be precise about, I get that they have a mega problem on their hands...

What I don't get is why no single comprehensive press release that I've seen covering all ages of CPU ?

If I'm wrong and there is such a press release then I've not seen it despite searching.

If I'm right and there is no such press release then it's more amateur than the level that I was used to working at.

now3by
Level 2
Level 2
Posts: 65
Joined: Mon Jan 23, 2017 1:56 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by now3by » Wed Jan 10, 2018 4:16 pm

Because Intel can lose so much money that we can't even dream if they lose control of the damage and what a better way than to have everything fuzzy and minimize the impact of this problem with careful crafted PR statements.
Time is passing and other security problems will hold the news.
Linux...

phil995511
Level 4
Level 4
Posts: 333
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Wed Jan 10, 2018 4:23 pm

now3by wrote:Because Intel can lose so much money that we can't even dream if they lose control of the damage and what a better way than to have everything fuzzy and minimize the impact of this problem with careful crafted PR statements.
Time is passing and other security problems will hold the news.
Exactly, they did exactly the same thing with a bug affecting motherboard controllers (SATA 3) a few years ago.
Linux Mint 19.2 Cinnamon 64 Bits on Dell XPS 9570 (i7-8750H) laptop / Debian 10 Buster Cinnamon 64 Bits on customized workstation (i7-5960X @ 3.8 Ghz) / Raspbian 10 Buster on Raspberry Pi 4

BigEasy
Level 6
Level 6
Posts: 1254
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by BigEasy » Wed Jan 10, 2018 4:40 pm

There is unique situation. Until now malvare always came first then cure delivered. Now there is no malwares at all (well, no yet). But cure exists. It is great, so not?
Windows assumes I'm stupid but Linux demands proof of it

User avatar
xenopeek
Level 24
Level 24
Posts: 24097
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Wed Jan 10, 2018 4:44 pm

Most such bugs are found by security researchers auditing the software, not the malware that already exists. It's the virus scanner folks that are doing things after the fact. That's their whole business model after all; can't sell a virus scanner if there aren't any viruses :wink:
Image

BigEasy
Level 6
Level 6
Posts: 1254
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by BigEasy » Wed Jan 10, 2018 4:54 pm

ESET was first who prepeared themselves (and users) to eat Windows security update. Morning 6 o'clock UTC 4 January they was ready.
By the way, I recall Y2K "problem". There was something.... not even close to Meltdown and Spectre panic. In fact problem was almost not existed.
Windows assumes I'm stupid but Linux demands proof of it

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 5:30 pm

now3by wrote:Because Intel can lose so much money that we can't even dream if they lose control of the damage and what a better way than to have everything fuzzy and minimize the impact of this problem with careful crafted PR statements.
Time is passing and other security problems will hold the news.
But they have made the speeches, that's where I've pieced the full picture together from, they've just not given the full picture in any one place that I know of...

They've not withheld anything that I'm aware of, but neither to the best of my knowledge have they been completely clear in any one place.

A clear full statement of how they are addressing the situation with regard to all CPUs surely only helps their case by both making them appear competent and in demonstrating how they have matters under control.

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Wed Jan 10, 2018 5:42 pm

BigEasy wrote:There is unique situation. Until now malvare always came first then cure delivered. Now there is no malwares at all (well, no yet). But cure exists. It is great, so not?
This begs a couple of questions...

If those who discovered these hardware vulnerabilities had said nothing to anybody would malware producers ever have discovered the vulnerabilities to exploit ?

The vulnerabilities have been there for over ten years without that happening, so to what extent is this a manufactured panic ?

This isn't a case of a software bug, it's exploitable hardware flaws that have never yet been exploited and may never have been exploited - But they certainly will be now as a result of the revelation.

JohnFrumm
Level 2
Level 2
Posts: 58
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm » Wed Jan 10, 2018 6:14 pm

Does anybody know if the latest Mint 18.3 Mate ISO torrent files have the latest meltdown patches? The changelog is not very specific w.r.t. kernels.
Have you backed up your computer recently?

phil995511
Level 4
Level 4
Posts: 333
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Wed Jan 10, 2018 6:37 pm

JohnFrumm wrote:Does anybody know if the latest Mint 18.3 Mate ISO torrent files have the latest meltdown patches? The changelog is not very specific w.r.t. kernels.
I do not think they are included. From what I read the next version of Ubuntu 18.04 will include a kernel 4.15 patched, so this will be included with Mint 19.

The microcodes security patches of Ubuntu are here :

https://launchpad.net/~ubuntu-security- ... /+packages
Linux Mint 19.2 Cinnamon 64 Bits on Dell XPS 9570 (i7-8750H) laptop / Debian 10 Buster Cinnamon 64 Bits on customized workstation (i7-5960X @ 3.8 Ghz) / Raspbian 10 Buster on Raspberry Pi 4

eddier
Level 2
Level 2
Posts: 80
Joined: Fri Aug 21, 2015 6:35 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by eddier » Wed Jan 10, 2018 8:40 pm

Heehee,with or without this thread I guess everyone would find out pretty soon enough!

Post Reply

Return to “Open chat”