'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

2 Jan 2018
‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Contextually related:

“In x86, beyond ring 0 lie the more privileged realms of execution, where our code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on these negative rings, but 40 years of x86 evolution have left a labyrinth of forgotten backdoors into the ultra-privileged modes. Lost in this byzantine maze of decades-old architecture improvements and patches, there lies a design flaw that’s gone unnoticed for 20 years. In one of the most bizarre and complex vulnerabilities we’ve ever seen, we’ll release proof-of-concept code exploiting the vast, unexplored wasteland of forgotten x86 features, to demonstrate how to jump malicious code from the paltry ring 0 into the deepest, darkest realms of the processor. Best of all, we’ll do it with an architectural 0-day built into the silicon itself, directed against a uniquely vulnerable string of code running on every single system.”

46:33
29 Dec 2015
The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal Privilege Escalation - YouTube
https://www.youtube.com/watch?v=lR0nh-TdpVg&feature=youtu.be

“A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we’ll demonstrate how page fault analysis and some creative processor fuzzing can be used to exhaustively search the x86 instruction set and uncover the secrets buried in your chipset.”

44:29
31 Aug 2017
Breaking the x86 Instruction Set - YouTube
https://www.youtube.com/watch?v=KrksBdWcZgQ&feature=youtu.be

2 January 2018
Initial Benchmarks Of The Performance Impact Resulting From Linux’s x86 Security Changes - Phoronix
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1

3 January 2018
Further Analyzing The Intel CPU “x86 PTI Issue” On More Systems - Phoronix
https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1

3 January 2018
VM Performance Showing Mixed Impact With Linux 4.15 KPTI Patches - Phoronix
https://www.phoronix.com/scan.php?page=article&item=linux-kpti-kvm&num=1

2 January 2018
Linux Gaming Performance Doesn’t Appear Affected By The x86 PTI Work - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

3 January 2018 at 12:45 PM EST
Linux Will End Up Disabling x86 PTI For AMD Processors - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Linux-Tip-Git-Disable-x86-PTI

(Note the article’s original title in the URL)

January 3, 2018, 7:37 AM EST Updated on January 3, 2018, 1:27 PM EST
Intel Confronts Potential ‘PR Nightmare’ With Reported Chip Flaw - Bloomberg
https://www.bloomberg.com/news/articles/2018-01-03/amd-soars-after-rival-intel-said-to-reveal-processor-flaw

Wow. It’s almost like an industry-wide scandal of ‘inappropriate touching’.

[i]"…Google says their Project Zero team last year discovered serious flaws in speculative execution that could lead to reading system memory where it shouldn’t be authorized. Google was also able to demonstrate an attack where one VM could access the physical memory of the host machine and in turn read memory of other VMs on the same host.

Google reports that this vulnerability not only affects Intel CPUs but also AMD and ARM… Contrary to AMD saying they are not affected by this issue…"[/i]

3 January 2018
Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Google-CPU-Disclosure

January 3, 2018
Intel Responds to Security Research Findings
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

An Update on AMD Processor Security | AMD
https://www.amd.com/en/corporate/speculative-execution

4 January 2018
Ubuntu Updates for the Meltdown / Spectre Vulnerabilities | Ubuntu Insights
https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

Intel and AMD

Install the latest microcode for your processor - Easy Linux tips project
https://sites.google.com/site/easylinuxtipsproject/microcode#TOC-Intel-processors

Jan 10, 2018
Canonical Releases Ubuntu Kernel and Nvidia Updates to Fix Meltdown and Spectre - Updated
http://news.softpedia.com/news/canonical-releases-ubuntu-kernel-and-nvidia-updates-to-fix-meltdown-and-spectre-519305.shtml

January 10, 2018
Meltdown & Spectre Patches Causing Boot Issues for Ubuntu 16.04 Computers
https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-causing-boot-issues-for-ubuntu-16-04-computers/

12 January 2018
AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2 - Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=AMD-Is-Vulnerable-Variant-2

Includes plenty of informative links:

14:01
Jan 14, 2018
Meltdown & Spectre - Massive CPU Security Flaws - YouTube
https://www.youtube.com/watch?v=qhsPIjZStOA

January 15, 2018
Device Manufacturers Working on BIOS Updates to Patch CPU Flaws
http://www.securityweek.com/device-manufacturers-working-bios-updates-patch-cpu-flaws

January 15, 2018
Fake Meltdown/Spectre Patch Installs Malware
http://www.securityweek.com/fake-meltdownspectre-patch-installs-malware

January 12, 2018
Intel’s Spectre BIOS Fix Causes Crashes On Broadwell, Haswell Systems
http://www.tomshardware.com/news/intel-spectre-bios-crash-broadwell-haswell,36324.html