Oh no.
Downfall, Inception, Meltdown, Spectre, I hate to see new vulnerabilities, but their naming choices are solid.
They should name them after their investors and board members.
can’t wait for “shellshock”, “wildfire” and “collapse”.
Intel claims most consumer software shouldn’t see much impact, outside of image and video editing workloads…
But that’s, like the one place other than games where consumers are looking for performance. What’s left, web browsing and MS Office?
"whew* my horrible bubble sort implementation is safe from performance impacts
I just skimmed through the article and it seems like this vulnerability is only really meaningful on multi-user systems. It allows one user to access memory dedicated to other users, letting them read stuff they shouldn’t. I would expect that most consumer gaming computers are single-user machines, or only have user accounts for trusted family members and whatnot, so if this mitigation causes too much of a performance hit I expect it won’t be a big risk to turn it off for those particular computers.
All these kind of CPU level vulnerabilities are the same, they are only really “risky” if there is malicious software running in the computer in the first place.
The real problem is that these CPU-level vulnerabilities all break one of the core concepts of computers, which is process separation and virtual memory. If process separation is broken then all other levels of security become pointless.
While for desktops this isn’t a huge problem (except when sometimes vulnerabilities might even be able to be exploited though browsers), this is a huge problem for servers, where the modern cloud usually has multiple users in virtual machines in a single server and a malicious user could steal information across virtual machines.
deleted by creator
Processes that run on the same system can run as different users (including kernel) which is used for privilege separation. This can still allow a program in userland to peer into otherwise restricted system processes or the kernel. Every system is a “multi-user” system, even if there is only a single human user.
Yes, but all the data that I care about is in my single human user’s account already. If I install malicious software then I’m already hooped regardless.
Look, I’m not saying this is no biggie. There are plenty of systems out there that will have to install this patch. Single-user computers probably should too. The situation I’m addressing is the case where a gaming computer has its performance as a gaming measurably harmed by the patch’s overhead, which is reportedly significant in some cases. In those cases it’s reasonable to weigh the merits and decide that this vulnerability isn’t all that big a problem.
Install backdoors and sell that info to governments and companies, then years later reveal the issue to justify downgrading performance of older CPUs to encourage people to upgrade.
Just feels like Prism all over again.
According to him, billions of Intel processors are affected, which are used in private user computers as well as in cloud servers.
Update: Intel’s Downfall was closely followed by AMD’s Inception, a newfound security hole affecting all Ryzen and Epyc processors.so both desktop and server chips are affected on both cpu manufacturers products. can’t take any measures if your password is online on some server.
Downfall was disclosed to Intel a year ago but was on embargo until this week. Can’t help but suspect that Intel waited for AMD to be impacted by a similar event to reveal downfall
It took them a year for a microcode fix and it still has a performance loss of 50% in some cases? Ew
50% 💀
Ha-ha. My chip’s too old to be affected. I don’t see my architecture on the list.
I knew putting off upgrading for around a decade would pay off. (Windows Update tells me my PC is not “ready” for Windows 11 due to its hardware, either. Oh no, whatever shall I do.)
Dont the older chips suffer from a greater performance drop from spectre and meltdown vulnerabilities?
Every article is a copy paste of the same bullshit talking about the vulnerability and pointing to the stupid cryptic list of processors that requires you to jump through hoops to read it. You can’t just search for your processor in a database I mean fuck that would take them at least an a couple hours of their precious time to set up and they have only had a year. How do you fix it? Why with a microcode update of course!!..from where you ask? Well don’t worry just look at the cryptic list it will tell you if you need a microcode update!!
Fuck every article about this shit. Anyone wanna bust an Eli5 on how to fix this problem for people? (I was assuming it’s a BIOS update but the articles have only confused me further)
ELI5, or ELIAFYCSS (Explain like I’m a first year CS student): modern x86 CPUs have lots of optimized instructions for specific functionality. One of these is “vector instructions”, where the instruction is optimized for running the same function (e.g. matrix multiply add) on lots of data (e.g. 32 rows or 512 rows). These instructions were slowly added over time, so there are multiple “sets” of vector instructions like MMX, AVX, AVX-2, AVX-512, AMX…
While the names all sound different, the way how all these vector instructions work is similar: they store internal state in hidden registers that the programmer cannot access. So to the user (application programmer or compiler designer) it looks like a simple function that does what you need without having to micromanage registers. Neat, right?
Well, problem is somewhere along the lines someone found a bug: when using instructions from the AVX-2/AVX-512 sets, if you combine it with an incorrect ordering of branch instructions (aka JX, basically the if/else of assembly) you get to see what’s inside these hidden registers, including from different programs. Oops. So Charlie’s “Up, Up, Down, Down, Left, Right, Left, Right, B, B, A, A” using AVX/JX allows him to see what Alice’s “encrypt this zip file with this password” program is doing. Uh oh.
So, that sounds bad. But lets take a step back: how bad would this affect existing consumer devices (e.g. Non-Xeon, non-Epyc CPUs)?
Well good news: AVX-512 is not available on most Intel/AMD consumer CPUs until recently (13th gen/zen 4, and zen 4 isn’t affected). So 1) your CPU most likely doesn’t support it and 2) even if your CPU supports it most pre-compiled programs won’t use it because the program would crash on everyone else’s computer that doesn’t have AVX-512. AVX-512 is a non-issue unless you’re running Finite Element Analysis programs (LS-DYNA) for fun.
AVX-2 has a similar problem: while released in 2013, some low end CPUs (e.g. Intel Atom) didn’t have them for a long time (this year I think?). So most compiled programs wouldn’t compile with AVX-2 enabled. This means whatever game you are running now, you probably won’t see a performance drop after patching since your computer/program was never using the optimized vector instructions in the first place.
So, the affect on consumer devices is minimal. But what do you need to do to ensure that your PC is secure?
Three different ideas off the top of my head:
-
BIOS update. The CPU has a some low level firmware code called microcode which is included in the BIOS. The new patched version adds additional checks to ensure no data is leaked.
-
Update the microcode package in Linux. The microcode can also be loaded from the OS. If you have an up-to-date version of Intel-microcode here this would achieve the same as (1)
-
Re-compile everything without AVX-2/AVX-512. If you’re running something like Gentoo, you can simply tell GCC to not use AVX-2/AVX-512 regardless of whether your CPU supports it. As mentioned earlier the performance loss is probably going to be fine unless you’re doing some serious math (FEA/AI/etc) on your machine.
-
You can’t just search for your processor in a database I mean fuck that would take them at least an a couple hours of their precious time to set up and they have only had a year. How do you fix it?
This page tells you how to get your CPUID: https://www.intel.com/content/www/us/en/support/articles/000006831/processors/processor-utilities-and-programs.html
Then search for the CPUID here: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
I figured out how to do it fairly quickly but it would be a hell of a lot easier if people could just type in “11700K” in a box on a web page or something and it could just tell them. Or they could have added a little bit of code to their CPU ID utility that says “yupp your processor is effected by the flaw”. I am mostly annoyed at all this not for me but for all the people who would read those pages and the contents would seem like an insane foreign language to them all while articles are telling them it’s a major security flaw that would allow people to steal their encryption keys.
. Or they could have added a little bit of code to their CPU ID utility that says “yupp your processor is effected by the flaw”.
That is a fair point.
It’ll probably just be something that happens through ordinary OS updates tbh (though I understand you’d rather know one way or another.)
I just found this on the page where they list effected models:
“Note The latest software can be obtained through operating system or VMM vendors”
/tinfoilhat
I admittedly stopped reading halfway through but I feel like these newest vulnerabilities being discovered are probably just fucking government back doors the manufacturers have been forced to include.
/tinfoilhat
Check out the documentary Zero Days (2016) if you haven’t already. That’s not really a tinfoil hat take these days IMO.
Just means they have to intentionally create new ones to be eventually found for the next generation.
On the plus side now we can steal the info from the criminal’s computers. The cycle of internet life…
Guess it’s time for another FPS hit…
While the article says it won’t impact most applications, I suspect it’s closer to saying “won’t impact most applications as much”.
I would say you’ll be fine. Most games don’t compile with avx-2 anyways since it’ll crash if you run it on something that doesn’t have them (which is a lot of CPUs) and AVX-512 is straight up only available on Xeons, Epyc and zen 4. Nobody is going to use that for consumer software.
The only game I can think of using AVX is a Skyrim mod for realistic physics, where the author provided binaries for AVX-2/AVX-512. So it won’t affect most compiled applications much since you need to compile with it first (which almost nobody does).
List of processors without redirect referrer: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
deleted by creator
I’m pretty sure the 8008 is fine.
deleted by creator
> Downfall
Is the Intel CEO holed up in a bunker and raging at his chip designers?
If it’s anything like the industry that I work in, the CEO would have been informed of the short comings of the design numerous times and given a response along the lines of “does it make our CPUs faster and more powerful though?”.
The CEO won’t be pissed of at his chip designer, they’ll be pissed because they’ve been caught out.
Given that the AMD vulnerability was called “Inception,” maybe they just like using movie titles to name CPU vulnerabilities?
Yikes the performance hit is scary but if you’re running a server, what option do you have?
Intel’s newer 12th-gen and 13th-gen Core processors are not affected.
Oh ok
Isn’t that convenient?
Oh don’t worry, you’ll hear about that vulnerability in two years.
*cries in 11th gen laptop*
My old-ass Ivy Bridge: Oh no! Anyway…
Good thing I’m poor can’t afford Intel. AMD for the win 😂
I got a 10400F because AMD completely abandoned the budget segment at that time.
