LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices


Reply
  Search this Thread
Old 01-04-2018, 09:01 AM   #1
PatD
Member
 
Registered: Dec 2016
Posts: 74

Rep: Reputation: Disabled
The “Meltdown” bug is hitting Intel


How serious is this story?

https://qz.com/1171391/the-intel-int...md-is-soaring/

and this

https://lwn.net/Articles/738975/

Looking to replace Intel MB, but I'm now concerned that I should maybe switch to a new MB and CPU from AMD?

Any thoughts?

Last edited by PatD; 01-04-2018 at 09:32 AM.
 
Old 01-04-2018, 09:37 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,091

Rep: Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595
Quote:
Originally Posted by PatD View Post
How serious is this story?

https://qz.com/1171391/the-intel-int...md-is-soaring/

and this

https://lwn.net/Articles/738975/

Looking to replace Intel MB, but I'm now concerned that I should maybe switch to a new MB and CPU from AMD?

Any thoughts?
You can switch to AMD, but their affected by a processor bug too.
 
Old 01-04-2018, 09:39 AM   #3
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,581

Rep: Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174Reputation: 1174
Quote:
Originally Posted by PatD View Post
How serious is this story?

https://qz.com/1171391/the-intel-int...md-is-soaring/

Looking to replace Intel MB, but I'm now concerned that I should maybe switch to a new MB and CPU from AMD?

Any thoughts?
Not too serious IMHO. It seems a bug, sure and letting a VM out of it's cage is definitely something they will have to fix. The kernel of it was this:
Code:
The Meltdown bug means Intel chips dating back to 1995 could be exploited for unauthorized access to their memories.
Now
  1. the exploit code will have to be written
  2. It will have to infect unpatched machines, and the patchers have a few months head start, and as of now, a torch under their behinds
  3. The exploits will have to find a way of accessing sensitive information, and that has been made very difficult
  4. They will have to find a way to pass back sensitive info to the hacker; read access to ram is not network access.
 
Old 01-04-2018, 10:35 AM   #4
cynwulf
Senior Member
 
Registered: Apr 2005
Location: /dev/planet2
Distribution: OpenBSD
Posts: 2,337
Blog Entries: 6

Rep: Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648
Quote:
Originally Posted by business_kid View Post
[*]the exploit code will have to be written
It has been and it won't take long before more appears.

Quote:
Originally Posted by business_kid View Post
[*]They will have to find a way to pass back sensitive info to the hacker; read access to ram is not network access.[/LIST]
While it's not a remote exploit, it is a side-channel attack and this will hit most types of containers or paravirtualization pretty hard and compromises most if not all KASLR implementations. It's a massive problem for the cloud providers, etc and the supposed significant performance hit on a patched system is also potentially going to hit them hard.
 
Old 01-04-2018, 12:36 PM   #5
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 18.3 MATE, MX-18.3
Posts: 2,465
Blog Entries: 10

Rep: Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888Reputation: 888
As mentioned above and in LQ's Syndicated Linux News, these flaws also affect the CPUs of AMD and ARM as well as Intel which appears to have made most of the headlines:

http://www.linuxandubuntu.com/home/m...phones-at-risk

Last edited by beachboy2; 01-04-2018 at 12:39 PM.
 
Old 01-05-2018, 02:40 AM   #6
gradinaruvasile
Member
 
Registered: Apr 2010
Location: Cluj, Romania
Distribution: Debian Testing
Posts: 731

Rep: Reputation: 156Reputation: 156
To be precise there are 3 vulnerabilities:

Meltdown - Affects only Intel CPUs (and some newer ARM it seems) - fix has been released which does not activate on AMD
Spectre 1 - Affects all CPUs, AFAIK cannot be fixed on Intel, AMD said it cannot be reproduced on AMD
Spectre 2 - Affects all CPUs, has software fix on AMD, cannot be fixed on Intel (?)

Variant 1: CVE-2017-5753 Spectre 1
Variant 2: CVE-2017-5715 Spectre 2
Variant 3: CVE-2017-5754 Meltdown

https://www.csoonline.com/article/32...g-forward.html
https://www.amd.com/en/corporate/speculative-execution

And as always, Linus is at it again:

https://lkml.org/lkml/2018/1/3/797
 
1 members found this post helpful.
Old 01-05-2018, 07:39 AM   #7
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Rep: Reputation: 29
I see it as serious issue.
The silicion is faulty.
Any process can read out over the time my luks passphrase and masterkey which is of course in RAM somewhere when I use my encrypted root. Happy NSA feature which was put there on purpose in my point of view.
Same applies for other critical passwords and other stuff which you want to keep isolated.
When I understood those predocuments correctly, it is just a matter of uptime until a "faulty" process can read anything.

I would not classify it as non critical issue.

The box was already untrustworthy because of UEFI and the intel management engine. Also the qualcom network chips have also some flaws.

There is no alternative. And using something which predates before 1995 is not an option here.
Using intel itanium is also a definitely no go.

I see the most critical issue with these days webbrowsers and the knowledge about public announcing these bugs. So any faulty "webpage" may in future be possible to gain critical data.
 
Old 01-06-2018, 07:44 AM   #8
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
It is such a serious issue that it has been around for about 15 years and has NEVER been exploited.

It might be now that there is such a panic over it - but that can be prevented by doing the updates which MIGHT (if you are doing a lot of the specific processing) have a noticable affect on the speed of your machine. Home computers are unlikely to be doing that sort of processing very heavily and will likely not be seriously affected by the patch.
 
Old 01-06-2018, 02:41 PM   #9
cynwulf
Senior Member
 
Registered: Apr 2005
Location: /dev/planet2
Distribution: OpenBSD
Posts: 2,337
Blog Entries: 6

Rep: Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648Reputation: 1648
Quote:
Originally Posted by dave@burn-it.co.uk View Post
It is such a serious issue that it has been around for about 15 years and has NEVER been exploited.
Often the case. Though who's to say it hasn't been exploited...?
 
1 members found this post helpful.
Old 01-06-2018, 04:01 PM   #10
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
It would have been reported before now if any serious exploits had ocurred.
 
Old 01-06-2018, 04:03 PM   #11
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,226
Blog Entries: 11

Rep: Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175
Quote:
Originally Posted by dave@burn-it.co.uk View Post
It would have been reported before now if any known serious exploits had ocurred.
I fixed that for you.

And not necessarily even if they had been detected. Many important targets would just as soon not publish the fact they had been compromised.

Last edited by astrogeek; 01-06-2018 at 04:05 PM.
 
1 members found this post helpful.
Old 01-06-2018, 05:23 PM   #12
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
I would think that pretty much anyone would report it, being as they could BLAME IT on someone else rather than their own attempts at security.
 
Old 01-06-2018, 05:37 PM   #13
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: Currently OpenMandriva. Previously openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,091

Rep: Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595Reputation: 1595
Quote:
Originally Posted by dave@burn-it.co.uk View Post
I would think that pretty much anyone would report it, being as they could BLAME IT on someone else rather than their own attempts at security.
Well then, I'm glad you ain't working for me in any IT security related capacity.
 
Old 01-06-2018, 06:02 PM   #14
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_12{.0|.1}
Posts: 5,226
Blog Entries: 11

Rep: Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175Reputation: 3175
Quote:
Originally Posted by dave@burn-it.co.uk View Post
I would think that pretty much anyone would report it, being as they could BLAME IT on someone else rather than their own attempts at security.
The first part of reporting it would require that they understand it, and in this case they would have to be absolute top of the line in both their monitoring methods and analysis capability. Unfortunately, not common job qualifications in many corporate server environments (Sony, Equifax, etc.), and not even on the radar for clients, customers, random web surfers.

The nature of this exploit makes it extremely difficult to even recognize if not already aware of the method. It requires no login access violations, no elevated permissions, no unauthorized file transfers and leaves no trace at all in common logs. Unless you were monitoring network traffic byte-for-byte in real-time I would think it is unlikely that you would recognize anything amiss even if you were staring directly at it, and running processes would never report it by their very nature.

But given that you see something in the traffic that is "different", the nature of the exploit, stealing data from memory one byte or word at a time, would make it extremely difficult for you to put the pieces together unless you were already aware that such an exploit were even possible. For example, unless the person doing the exploit was stuipd or very careless (not likely if they understood how to do it at all!), even if they steal a password already known to the analytics person, you would probably never see that password in the traffic, even if sent home in plain text in the order stolen.

In this case, until the problem had been looked at from the other end as has now been done, I don't think it would have been recognized nor understood for what it was even if it had been seen - hence, nothing to report.

Last edited by astrogeek; 01-06-2018 at 06:02 PM. Reason: typo
 
2 members found this post helpful.
Old 01-07-2018, 07:12 AM   #15
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 601

Rep: Reputation: 172Reputation: 172
Quote:
Well then, I'm glad you ain't working for me in any IT security related capacity.
Did you UNDERSTAND my comment or are you just being a bit slow??
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Intel cpu bug _roman_ Linux - Security 16 01-09-2018 04:01 AM
[SOLVED] KDE meltdown qrange Linux - Newbie 4 07-08-2012 09:46 AM
Intel chip bug affects HP, Dell, Samsung and Lenovo Jeebizz Linux - News 1 02-04-2011 10:25 AM
LXer: Likely Cause of Intel e1000e Bug Discovered LXer Syndicated Linux News 0 10-18-2008 04:42 AM
intel 855GM crash - bug or feature? crashmeister Linux - Hardware 1 12-06-2003 07:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware

All times are GMT -5. The time now is 08:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration