Scary security issue with Intel processor chips

  • A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
    At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel's memory.
    The kernel's memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.
    source:
    https://www.theregister.co.uk/…02/intel_cpu_design_flaw/



    ### update ###


    These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.
    https://security.googleblog.co…bility-what-you-need.html

    Edited once, last by fulltilt ().

  • Has anyone noticed any performance issues yet?



    Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.


    Here's a video demonstrating a Meltdown attack:
    http://www.theregister.co.uk/2…md_arm_cpu_vulnerability/


    @Nuxwin
    could this affect FCGID systems?

    Edited 4 times, last by fulltilt ().

  • No it could not.


    Please do not panic updating firmware etc. This is a very hard issue to exploit. And as long as there is not security issues towards your internet accessible software you use dont worry.


    If you panic upgrade you can expect performance degeneration of up to 40% I've seen and heard of this is several setups.

  • I know old Topic but just to know - the most problems are software side fixed by kernel side. We release in several time all new kernels from kernel.org at http://mirror.ip-projects.de/kernel/ - there you find modified kernel from www.kernel.org. -gs mean 1000 hz Kernel for Gameservers for example -md means with Software RAID Support.