[SOLVED] AMD allegedly has its own Spectre-like security flaws
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.
The lack of any kind of emergency response to fix this will be the proof.
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.
The lack of any kind of emergency response to fix this will be the proof.
Yeah, yeah...
BUT, like I said somewhere, the Age of Hardware Vulnerabilities has just begun with Spectre/Meltdown public release and the Heroic Age of Manually Building Packages ended in that day...
Dear Patrick, with all respect I strongly suggest you to arrive to "slackware.SlackBuild" and to ensure you can clean rebuild the entire distribution just hitting it. Just in case, maybe you will need it in a weekly base...
Last edited by Darth Vader; 03-13-2018 at 04:51 PM.
Dear Patrick, with all respect I strongly suggest you to arrive to "slackware.SlackBuild" and to ensure you can clean rebuild the entire distribution just hitting it. Just in case, maybe you will need it in a weekly base...
Such a script would certainly have to be rewritten for the new magic build order before every use. Just look at what nobodino is doing.
The majority of these reported vulnerabilities would require administrative access to work, meaning an attacker would first need to have control of your machine through some type of malware.
The article gives the impression that these exploits are working against the Windows 10 operating system.
Distribution: Slackware/Salix while testing others
Posts: 1,718
Rep:
Quote:
Originally Posted by volkerdi
This smells like a hit-job by Intel. The vulnerabilities not only aren't speculative execution information leak vulnerabilities that would be similar to Spectre and Meltdown, but they also don't seem like they would be usable in the real world.
The lack of any kind of emergency response to fix this will be the proof.
Let's be honest. Speculative and out-of-order execution has been the holy grail of CPU design for a number of years, and they are the major reason for the dramatic increase in CPU power seen in this millenium. We can expect more leeching of side-band information using these mechanisms, in CPUs by all vendors.
I am not so worried that these mechanisms can be abused by persons with local access to a machine - which is bad enough in the current climate of state-owned espionage against their own citizens.
To me, the real scandal is a different one: namely that we allow web browsers to execute Turing-complete software in realtime, allowing remote attackers to exploit this type of security flaw, and others.
Still have to note that "require administrative access to the system", it's only on a small set of their processors, and it's nothing like Spectre/Meltdown.
The person(s) who "disclosed" the information was very much an amateur and I wouldn't give them the time of day for how they handled the situation.
So if I understand well and believe AMD's response I involuntary did spread FUD, as if someone gets root access on a computer all doors are of course open to do nasty things any way.
I am thus tagging this thread as [SOLVED], thanks abga for the link and Skaendo for the comment.
Last edited by Didier Spaier; 03-21-2018 at 12:09 PM.
So if I understand well and believe AMD's response I involuntary did spread FUD, as if someone gets root access on a computer all doors are of course open to do nasty things any way.
I am thus tagging this thread as [SOLVED], thanks abga for the link and Skaendo for the comment.
It's not that AMD doesn't have problems, it's just that it has been blown *WAY* out of proportion by some person(s) looking for fame or money.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.