Spectre and Meltdown: Next Generation

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
User avatar
absque fenestris
Level 12
Level 12
Posts: 4124
Joined: Sat Nov 12, 2016 8:42 pm
Location: Confoederatio Helvetica

Re: Spectre and Meltdown: Next Generation

Post by absque fenestris »

DAMIEN1307 wrote: Tue May 22, 2018 10:54 am It is now officially known as Spectre variant 3a and Spectre variant 4...following article discusses just which CPUs are vulnerable and once again telling us about staying up to date on microcode updates as well as any update patches to come...note also that atom processors are now also included...thus far only Intel processors seem to be affected but we all know by now that the experts will probably find out that the other manufacturers products may soon join the list...more fun to come...lol...DAMIEN
I'm so glad about the N Series... :mrgreen:

Intel® Atom™ Processor C Series (C3308 - C3958)
Intel® Atom™ Processor E Series
Intel® Atom™ Processor A Series
Intel® Atom™ Processor X Series (x5-E3930, x5-E3940, x7-E3950)
Intel® Atom™ Processor T Series (T5500, T5700)
Intel® Atom™ Processor Z Series
User avatar
stephanieswitzer
Level 4
Level 4
Posts: 235
Joined: Mon Feb 26, 2018 12:49 pm
Location: Ontario

Re: Spectre and Meltdown: Next Generation

Post by stephanieswitzer »

DAMIEN1307 wrote: Tue May 22, 2018 3:58 pm Hi stephanie...that microcode in your driver manager is the latest one released thru the mint updater and recommended for your system...i always install the most up to date microcode recommended and have never had a failure...yes your system is "chirping" right along with the existing microcode, however this newest one has new "mitigation" code re-written within it to mitigate vulnerabilities found in your Intel CPU chipset...this should be installed as well as any updates that will be forthcoming from the linux mint update manager...DAMIEN

run this code to check your microcode version, dont panic if nothing shows up, it just means that you have what came installed and have probably never updated it...after installing and REBOOTING your computer, run the code again and it should show up.

dpkg -l | grep microcode


after you have done the above, run this code, the last word in the terminal after running this should say "patched"

grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"


and lastly, run this code in your terminal and it will show that mitigations have been applied

grep . /sys/devices/system/cpu/vulnerabilities/*
Thank you so much Damien. I’ll give it a whirl 😊
Mac-Mini running Linux Mint 20.3 Cinnamon, Intel© Core™ i5-2415M CPU @ 2.30GHz
MacBookPro9,2 running Linux Mint Cinnamon 20.3 Intel Core i5-3210M CPU @ 3.20GHz
System76 Galago Pro 4, running Linux Mint Cinnamon 20.3 Intel i5-1021 CPU @ 4.2 Ghz
DAMIEN1307

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 »

hi stephanie...let us know how you make out with this...DAMIEN

ps-is The Governor Massey Inn in downtown Toronto still in business?
DAMIEN1307

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 »

hi absque...my experimental netbook is an "N" series too...lol...DAMIEN
KBD47
Level 7
Level 7
Posts: 1836
Joined: Fri Jul 29, 2011 12:03 am

Re: Spectre and Meltdown: Next Generation

Post by KBD47 »

By the time these variants and additional patches are all through, will these cpu's even work at all :( Am I right in understanding that javascript is primarily how these problems will affect user's computers?
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Spectre and Meltdown: Next Generation

Post by rene »

KBD47 wrote: Wed May 23, 2018 12:19 pm Am I right in understanding that javascript is primarily how these problems will affect user's computers?
No. This family of vulnerabilities require fairly involved code executing on your computer to exploit. As part of a piece of malware already on your system or, as the only way in which Javascript entered into this at all, as part of for example Javascript code executing on your system by your browser when visiting a malicious site.

Seeing as how you can to a large degree defend against locally installed malware yourself simply by not installing it, the web-based attack vector got the most attention but with the mitigations implemented by browsers (denying code easy access to high resolution timers, needed for the exploit) that threat is in fact at this point probably least likely.

And that's saying something especially on Linux: with the lack of serious malware for Linux out there you'd need to go out and try really hard to get exploited by any of this...
User avatar
stephanieswitzer
Level 4
Level 4
Posts: 235
Joined: Mon Feb 26, 2018 12:49 pm
Location: Ontario

Re: Spectre and Meltdown: Next Generation

Post by stephanieswitzer »

DAMIEN1307 wrote: Wed May 23, 2018 5:24 am hi stephanie...let us know how you make out with this...DAMIEN

ps-is The Governor Massey Inn in downtown Toronto still in business?
I did the Microcode update and here is the resulting outputs:

Code: Select all

sps@spsMini ~ $ dpkg -l | grep microcode
ii  intel-microcode    3.20180425.1~ubuntu0.16.04.1   amd64   Processor microcode firmware for Intel CPUs
ii  iucode-tool          1.5.1-1ubuntu0.1                        amd64   Intel processor microcode tool

Code: Select all

sps@spsMini ~ $ grep CONFIG_PAGE_TABLE_ISOLATION=y /boot/config-`uname -r` && echo "patched" || echo "unpatched"
CONFIG_PAGE_TABLE_ISOLATION=y
patched
And

Code: Select all

sps@spsMini ~ $ grep . /sys/devices/system/cpu/vulnerabilities/* 
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB (Intel v4)
Not sure what all this means, but my system still works fine :)

P.S. Not sure about the The Governor Massey Inn in downtown Toronto, as I haven't been to Toronto for quite a while.
Mac-Mini running Linux Mint 20.3 Cinnamon, Intel© Core™ i5-2415M CPU @ 2.30GHz
MacBookPro9,2 running Linux Mint Cinnamon 20.3 Intel Core i5-3210M CPU @ 3.20GHz
System76 Galago Pro 4, running Linux Mint Cinnamon 20.3 Intel i5-1021 CPU @ 4.2 Ghz
KBD47
Level 7
Level 7
Posts: 1836
Joined: Fri Jul 29, 2011 12:03 am

Re: Spectre and Meltdown: Next Generation

Post by KBD47 »

rene wrote: Wed May 23, 2018 1:29 pm No. This family of vulnerabilities require fairly involved code executing on your computer to exploit. As part of a piece of malware already on your system or, as the only way in which Javascript entered into this at all, as part of for example Javascript code executing on your system by your browser when visiting a malicious site.

Seeing as how you can to a large degree defend against locally installed malware yourself simply by not installing it, the web-based attack vector got the most attention but with the mitigations implemented by browsers (denying code easy access to high resolution timers, needed for the exploit) that threat is in fact at this point probably least likely.

And that's saying something especially on Linux: with the lack of serious malware for Linux out there you'd need to go out and try really hard to get exploited by any of this...
That's the bottom line--how likely is it that Linux users will be affected by this? Sometimes the cure is worse than the illness. Dual-core machines already lack speed, and some machines are never going to get patches anyway. I just wonder if users keep their browsers updated, stick to software in the repositories, and don't download sketchy programs, how big a threat is it?
DAMIEN1307

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 »

hi stephanie...sounds like you did it all just fine...stay tuned to this thread for when the next microcode becomes available for your Intel CPU...your speculative storage bypass is still vulnerable only because Intel hasnt put out an updated new microcode to mitigate it as of yet but dont really worry about that...problems with that just yet are really remote and the "Press" really overhypes the problem as something earth shattering...lol...with linux you would have to really, really work very hard to get anything malicious into your system...(the article link below will tell you all about the SSB vulnerability that still needs to be mitigated)...On another note, The Governer Massey Inn was a favourite watering hole of mine when i used to live in New Hampshire near the Canadian border and used to spend my vacations in Ontario Provence...now i live only an hour away from the Mexican border here in New Mexico...lol...DAMIEN


https://arstechnica.com/gadgets/2018/05 ... and-intel/
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: Spectre and Meltdown: Next Generation

Post by rene »

KBD47 wrote: Wed May 23, 2018 2:18 pm I just wonder if users keep their browsers updated, stick to software in the repositories, and don't download sketchy programs, how big a threat is it?
Extremely minimal. Both on this Core 2 Duo that's never going to see microcode updates as well as on my other systems, some of which I've even disabled the kernel-side mitigations on due to having no desire for even small real slowdowns so as to defend against virtual-only threats. The interesting aspect of this family of exploits is the location of the vulnerability: not in any one of the thousands of pieces of software we've got installed but in hardware, in the most core bit of hardware at that, and THEN not just as a braino-type of thing but fairly intrinsically tied to a core technique used by any and all non-archaic CPU designs.

As in "ouch". But not as in "tremble".
DAMIEN1307

Re: Spectre and Meltdown: Next Generation

Post by DAMIEN1307 »

The "gift" that just keeps on giving, seems like engineers knew to at least to an extent, that they were sacrificing chip security for the sake of faster speeds and thus profit, as well as form of planned obsolesence...Intel is now going to issue a slew of microcode updates for flawed chips, (the ones they will support until they decide not to), on an order of every three months, much like a M$ "patch tuesday"...enjoy the link article...DAMIEN

https://www.theregister.co.uk/2018/07/1 ... dvisories/
Locked

Return to “Open Chat”