Jump to content

Intel CPU hardware vulnerability

apianti

By apianti,
in Reader News and Reviews

 Share
86 posts in this topic

Recommended Posts

apianti
apianti
Posted
  • Author
Posted

Oh that's really not good 23 years??? Yikes, and I knew eventually this would pull in AMD and ARM, there's no way they don't have this vulnerability if it goes back that far. AMD is vehemently denying it but we all know what happened with bulldozer....

Link to comment
Share on other sites
MacNB
MacNB
Posted
Posted

sure, I'm on 10.13.2, gonna do a benchmark then update to 10.13.3 and check if there is any performance improvement and post here (since, where else would one discuss it)..

Apparently 10.13.2 already had the fix (lookup Double_map) in that last security update but a more rigorous fix is coming in 10.13.3.

 

If you want to check the performance 10.13.2 then you have to compare it with 10.13.1 to see if there's a hit.

Chances are you will not see a difference unless the synthetic benchmarks you choose to use make lots os system calls (into the kernel).

  • Like 1
Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

If you have a haswell or better which it appears you both do then the hit won't be as much, maybe 5% at the most because of PCID feature. But you also need something that makes a lot of system calls to determine the difference, not sure geekbench is doing that much. I think it's doing instruction and memory tests.

Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

Yes, that ME fix is not the same vulnerability. And OMG do not remove ME from your firmware unless you want to brick it or have the worst experience of your life or both.

The fix for CVE-2017-5754 is only a partial solution. The vulnerabilities for SPECTRE, CVE-2017-5753 and CVE-2017-5715, still need to be patched too. Unless that fixes all three or that is what they meant when they said more coming in 10.13.3.

  • Like 1
Link to comment
Share on other sites
Baio77
Baio77
Posted
Posted

List vulnerability CPU Intel:

  • Intel® Core™ i3 processor (45nm and 32nm)
  • Intel® Core™ i5 processor (45nm and 32nm)
  • Intel® Core™ i7 processor (45nm and 32nm)
  • Intel® Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel® Core™ processors
  • 3rd generation Intel® Core™ processors
  • 4th generation Intel® Core™ processors
  • 5th generation Intel® Core™ processors
  • 6th generation Intel® Core™ processors
  • 7th generation Intel® Core™ processors
  • 8th generation Intel® Core™ processors
  • Intel® Core™ X-series Processor Family for Intel® X99 platforms
  • Intel® Core™ X-series Processor Family for Intel® X299 platforms
  • Intel® Xeon® processor 3400 series
  • Intel® Xeon® processor 3600 series
  • Intel® Xeon® processor 5500 series
  • Intel® Xeon® processor 5600 series
  • Intel® Xeon® processor 6500 series
  • Intel® Xeon® processor 7500 series
  • Intel® Xeon® Processor E3 Family
  • Intel® Xeon® Processor E3 v2 Family
  • Intel® Xeon® Processor E3 v3 Family
  • Intel® Xeon® Processor E3 v4 Family
  • Intel® Xeon® Processor E3 v5 Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor E5 Family
  • Intel® Xeon® Processor E5 v2 Family
  • Intel® Xeon® Processor E5 v3 Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E7 Family
  • Intel® Xeon® Processor E7 v2 Family
  • Intel® Xeon® Processor E7 v3 Family
  • Intel® Xeon® Processor E7 v4 Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
  • Intel® Atom™ Processor C Series
  • Intel® Atom™ Processor E Series
  • Intel® Atom™ Processor A Series
  • Intel® Atom™ Processor x3 Series
  • Intel® Atom™ Processor Z Series
  • Intel® Celeron® Processor J Series
  • Intel® Celeron® Processor N Series
  • Intel® Pentium® Processor J Series
  • Intel® Pentium® Processor N Series
Link to comment
Share on other sites
Qwels
Qwels
Posted
Posted

I think it would have been easier for you to write which ones weren't afflicted lol

IMHO.

Theme for thought-of course a lot of vulnerability, but they used to be.

When sales plummeted to video cards and new CPU (appears Bitkoin and Has Mining)

Immediately took off everything sales and manufacturer rubbed pens.

At the moment (few who buy the latest CPU and the manufacturer loses billions).

Conclusion-the vulnerability appeared in the CPU; does someone is necessary.

All this makes the manufacturer specifically for sales of the new "iron".  :whistle:

If your CPU features; blocking executable code, protection from the fool, error correction, etc. Live quietly. :yes:

  • Like 2
Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

This vulnerability has been found in CPUs as far back as 23 years, Intel says it doesn't affect like two models, some xeons and some atoms. There is 100% no way that intel (or all the others that based their design on the speculation) did not know that their undocumented speculation instructions/exceptions did not check to see if they crossed privilege domains. They purposefully withheld that information and continued to make the chips because it would be too hard to fix and they would have to completely redesign their chips which is evidenced by it not being able to be fixed with a microcode update. This is an actual on silicon issue. That would have cost them years and billions of dollars, this will cost them some PR and a security fix by others. Effectively wiping the CPU manufacturers hands clean of their own mess. I think I understand now why AMD all the sudden just stopped pushing tons of CPUs and went into seclusion to make the Zen chips, which ironically seem to be the only modern chip that actively prevents this vulnerability.

  • Like 5
Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

Apianti, you seriously need to calm down and get back to reality. This seems true:

 

You should also refrain from making such affirmative statements for which you have absolutely no evidence. If you want a tribune to vest a personal hatred of Intel, maybe you ought to take it elsewhere. Ever heard of defamation?

 

That's not defamation, it's an observation, how can you go 23 years and not notice such a huge vulnerability? They have thousands of engineers shrinking and optimizing these dies on a constant basis, looking over every aspect. You're telling me no one in 23 years looked at the speculation instructions/exceptions and that they worked correctly? Look at the design error that was discovered in sandy bridge support chipsets (not the actual CPUs) in 2011. It cost them $300 million in one quarter, and $700 million to fix the problem, in a SUPPORT chip. Now imagine if this was the case with every CPU they made in 23 years, except two models. They themselves gave that statement after the vulnerability was released. They didn't even acknowledge it existed for years until an actual exploit was created. What is the cost of revealing this themselves as they did in 2011? It's the collapse of Intel. I actually like Intel and have multiple Intel CPUs so don't know why you think you know what my mindset is. And obviously never heard of sarcasm... BTW, I actually do have a neurological disorder from getting drag by a truck and having my head slammed into the ground tons of times. Broke a lot of bones in my face, including multiple bones in my nose and all my sinus cavities, and two cervical vertebrae. I think I'm pretty well grounded in reality.

  • Like 1
Link to comment
Share on other sites
MacNB
MacNB
Posted
Posted

IMHO.

Theme for thought-of course a lot of vulnerability, but they used to be.

When sales plummeted to video cards and new CPU (appears Bitkoin and Has Mining)

Immediately took off everything sales and manufacturer rubbed pens.

At the moment (few who buy the latest CPU and the manufacturer loses billions).

Conclusion-the vulnerability appeared in the CPU; does someone is necessary.

All this makes the manufacturer specifically for sales of the new "iron".  :whistle:

If your CPU features; blocking executable code, protection from the fool, error correction, etc. Live quietly. :yes:

sorry but this total gibberish 

  • Like 1
Link to comment
Share on other sites
Qwels
Qwels
Posted
Posted

Here's the answer to all questions.

QED.On Apple, worldwide spread of claim (their special braking system).

As I said above, this all makes the manufacturer.

Apple specifically make obsolete work of your equipment.

Apple has already apologized!

Old hardware-has always been more reliable,

less than productive, but reliably.

And all software.

IMHO.

And now as new scandal between Microsoft and AMD.!

Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

That is old news

 

Not at all, but ok. Don't see how it could be known that he illegally unloaded shares when they conspired to keep the vulnerability private, until this information was leaked just in the past week. I think the SEC investigating your CEO for securities fraud is going to MESS your company up. It's going to freeze all the companies assets and operations, not to mention stop trading of the stock.......

Link to comment
Share on other sites
Awesome Donkey
Awesome Donkey
Posted
Posted

Not at all, but ok. Don't see how it could be known that he illegally unloaded shares when they conspired to keep the vulnerability private, until this information was leaked just in the past week. I think the SEC investigating your CEO for securities fraud is going to MESS your company up. It's going to freeze all the companies assets and operations, not to mention stop trading of the stock.......

 

So... invest in AMD stock now?  ^_^

Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

So... invest in AMD stock now?  ^_^

 

Not necessarily, because the entire market could be frozen to protect an industry. AMD and third parties could probably not supply enough chips to keep up with the demand that Intel alone could. Not to mention Apple exclusively uses Intel chips, along with many other OEM manufacturers. What happens to those companies? macOS is very optimized for Intel CPUs....

Link to comment
Share on other sites
ammoune78
ammoune78
Posted
Posted
I booted this night to Windows 10 and my AntiVirus pop up with Fixing Intel CPU's vulnerabilty. the download is in progress!

I've seen a week a go that, AMD accused Intel to uses their code since 2009 on their CPUs with that Core 2 Duo, and maybe before! What's that about this: Intel failure Inside  :hysterical: ?

IMHO. companies have to switch to AMD's with enough very good costs at all  :yes:  :D  :thumbsup_anim:  !
  • Like 1
Link to comment
Share on other sites
  • 3 weeks later...
apianti
apianti
Posted
  • Author
Posted

They could switch to AMD all they want but AMD chips still have this vulnerability too. Seems like it is fixable with a microcode update for ryzen chips, and apparently already had plans to fix the problem in the actual hardware... I'm assuming Intel will get there too, so there won't really be an issue with new CPUs, it's the one's that already exist that are the issue.

Link to comment
Share on other sites
frankiee
frankiee
Posted
Posted

Question, out of curiosity: does anyone know how macOS does actually implement such CPU microcode updates?

 

a) by loading the code at boot only

B) or in a more persistent way, i.e. by updating the firmware

 

I mean only in case a) this would work for hacks as well ...

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...