Prepare to patch your Intel boxen


#1

Apparently there’s been a CPU flaw found in every Intel chip made for the past decade which will require OS patching, and that patching is going to result in a serious performance hit. It basically negates ASLR and can be exploited from any application. It can even allow VMs to peek on each other.

Linux, macOS, Windows, whatever - if you’re running Intel, you’re vulnerable.


#2

Hey, look I did something smart and didn’t know it…unless they find it on AMD chips tomorrow.


#3

From what I’ve read, it sounds like AMD is totally immune to this one.


#4

I saw something in the Ars Technica article that the patch may cause a slight performance hit on AMD systems.

Intel is not having a good couple of years. This comes on top of the Intel Management Engine concerns, the Clock Bug that hit a lot of embedded systems, and another issue or two.

Over on the CrazyAppleRumors side, I’m kind of wondering if people are not quite so crazy in thinking that Apple might try to jump ship to their own ARM-based processors, even though that would prevent Bootcamp and similar.


#5

I guess there’s two different issues, one hits AMD and Intel, the other Intel only. The Intel one is the really nasty one that causes the big performance hit.


#6

Cue “prepare your diddly hole” memes

Anyways - it does not look good for intel. As we are to procure a new server, I’m going to float the suggestion of going for AMD instead of Intel.

Not impressed, as I planned to virtualize a couple of existing servers.

So yes, interesting start to 2018.

The Register also have two or three interesting articles regarding this (complete with comments from world+dog).


#7

Yeah, that’s what I understand from all this.

I also suspected that hypervisors would be affected, and it seemed to be the case, as unpatched VM’s are at risk. Amazon, Google, MSFT et al must be havening a fun time patching all their servers.

But we cannot be 100% sure that patching will do the job - ne’er-do-wells tend to think outside the box…


#8

I got an email last night about my Azure environment going down for emergency patching. As it’s just a playground and shut off when not in use it doesn’t effect my production.


#9

The non-Intel one theoretically hits a lot of processors, I think. It’s basically built around “Get the processor to do branch prediction, then grab data from the unused branch” which is possible to exploit, but I’m guessing it will be uncommon. Bad side is the only fix will probably involve new hardware.

Still, Intel has had a bad couple of years. I’m replacing devices with the bad clock chip bug, and then we’ll have to do other gear… Anything x86-64 compatible theoretically has this new flaw.


#10

Apple’s explanation of the two separate issues (Meltdown and Spectre) is actually pretty good:

(Obviously, macOS-centric)