CRITICAL: Meltdown and Specter CPU Bugs

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
I did not see a thread discussing this, so I post this in the hopes the mods pick up this story.

It has recently been disclosed that modern CPUs suffer from two critical CPU hardware bugs that allows an attacker to read kernel-protected RAM (i.e. all system RAM) from userspace. The exploits have been dubbed Meltdown and Specter. Both exploits are clever in that they exploit a feature called speculative execution--that is, modern CPUs try to guess at which instruction is next to be fetched, and then execute said instruction.

Meltdown is an Intel-specific problem Intel and ARM problem, and can and will be fixed on all major OSes soon, at a cost of up to 30% performance hit. Specter is more problematic as all CPUs that have speculative execution built in are vulnerable because the hardware engineers assumed (incorrectly!) that kernel memory was properly sequestered from userland processes at the hardware level.

What this all means is that as long as an attacker can run userland code, an attacker could use either bug to leak all kernel-mapped memory, leaking encryption keys, passwords, etc.

Meltdown will be fixed soon, while Specter requires new hardware. So everyone, update your phones, tablets, PCs, and be vigilant about what you do and download online.

Sources
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
https://twitter.com/nicoleperlroth/status/948684376249962496

Update
Apparently certain ARM architectures are also vulnerable to Meltdown or a Meltdown-variant (as ARM calls it). The following architectures are affected: Cortex A75 (Meltdown); Cortex A72, Cortex A57, Cortex A15 (Meltdown-variant). Users with affected Cortex cores (cell phones mostly) are advised to update their OSes once security updates are rolled out.
Source: https://developer.arm.com/support/security-update
 
Last edited by sansnumen,

TotalInsanity4

GBAtemp Supreme Overlord
Member
Joined
Dec 1, 2014
Messages
10,806
Trophies
0
Location
Under a rock
XP
9,803
Country
United States
I did not see a thread discussing this, so I post this in the hopes the mods pick up this story.

It has recently been disclosed that modern CPUs suffer from two critical CPU hardware bugs that allows an attacker to read kernel-protected RAM (i.e. all system RAM) from userspace. The exploits have been dubbed Meltdown and Specter. Both exploits are clever in that they exploit a feature called speculative execution--that is, modern CPUs try to guess at which instruction is next to be fetched, and then execute said instruction.

Meltdown is an Intel-specific problem, and can and will be fixed on all major OSes soon, at a cost of up to 30% performance hit. Specter is more problematic as all CPUs that have speculative execution built in are vulnerable because the hardware engineers assumed (incorrectly!) that kernel memory was properly sequestered from userland processes at the hardware level.

What this all means is that as long as an attacker can run userland code, an attacker could use either bug to leak all kernel-mapped memory, leaking encryption keys, passwords, etc.

Meltdown will be fixed soon, while Specter requires new hardware. So everyone, update your phones, tablets, PCs, and be vigilant about what you do and download online.

Sources
https://www.nytimes.com/2018/01/03/business/computer-flaws.html
https://twitter.com/nicoleperlroth/status/948684376249962496
Meltdown has already been posted, but yes, Specter hasn't had a news slot yet
 

Xathya

residence aparents trols of temps
Banned
Joined
Aug 20, 2017
Messages
441
Trophies
0
Location
green hil zone
Website
knucklestheechidna.com
XP
184
Country
Australia
very cool and scares how it cans be unfounded fror 1995 year and then suden found and afect all the cpus and scare the worlds and force my servers to update the kernal on times off from work because ned to protec
 

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
very cool and scares how it cans be unfounded fror 1995 year and then suden found and afect all the cpus and scare the worlds and force my servers to update the kernal on times off from work because ned to protec

Indeed it is very scary. What's more amazing is that like you say the bugs are over 20 years old. This is why bug bounty programs and white hat hackers are so important. It can be the difference between smooth sailing and disaster.
 
  • Like
Reactions: orangy57

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
I just noticed that the official sources all use the British spelling "Spectre" instead of the American spelling "Specter". Oops.
 

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
I should note that performance should not affect games and other similar programs. I/O stuff, workloads, benchmarks. Many sources reported games, emulators, etc as relatively unaffected by the OS patch.

If you wish to disable the patch without uninstalling, do the following:

https://support.microsoft.com/en-us...-to-protect-against-the-speculative-execution

To enable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

To disable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

So far, I've noticed no degradation in performance, even after using Source filmmaker.


Meltdown has already been posted, but yes, Specter hasn't had a news slot yet

I thought Meltdown was only posted in the Xbox section, and not PC section?
 
Last edited by the_randomizer,

jDSX

Well-Known Member
Member
Joined
Jun 15, 2015
Messages
1,202
Trophies
1
Age
31
Location
Lost woods
XP
1,625
Country
United States
I should note that performance should not affect games and other similar programs. I/O stuff, workloads, benchmarks. Many sources reported games, emulators, etc as relatively unaffected by the OS patch.

If you wish to disable the patch without uninstalling, do the following:

https://support.microsoft.com/en-us...-to-protect-against-the-speculative-execution

To enable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

To disable the mitigations

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

So far, I've noticed no degradation in performance, even after using Source filmmaker.




I thought Meltdown was only posted in the Xbox section, and not PC section?


Safe to say 30% is more like 3% right?
 

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
Safe to say 30% is more like 3% right?

I don't know, I didn't do extensive tests on my Core i7 4470, but I tested Dolphin with multiple games, but all ran 100% speed, tested Source Filmmaker, which is CPU intensive, no impact there. IDK. But again, I/O, networking, workload related things would be impacted the most, if at all. And again, I provided the link to those who're adventurous enough to disable the patch with a regedit if it does kill performance that badly. So far, I've seen no such degradation. But, I installed the OS patch anyways, and it seems to be running good as before.
 
Last edited by the_randomizer,

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
I don't know, I didn't do extensive tests on my Core i7 4470, but I tested Dolphin with multiple games, but all ran 100% speed, tested Source Filmmaker, which is CPU intensive, no impact there. IDK. But again, I/O, networking, workload related things would be impacted the most, if at all. And again, I provided the link to those who're adventurous enough to disable the patch with a regedit if it does kill performance that badly. So far, I've seen no such degradation.

Google just gave us a great gift called Retpoline, which is Google's implementation of a Spectre mitigation that Google claims will have negligible performance cost ~5%. Read more here https://support.google.com/faqs/answer/7625886
 
  • Like
Reactions: Xzi

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
Google just gave us a great gift called Retpoline, which is Google's implementation of a Spectre mitigation that Google claims will have negligible performance cost ~5%. Read more here https://support.google.com/faqs/answer/7625886

And how does it work? I'm more worried about Meltdown, hence why I installed the hotfix for Windows on MS's site today, OS is running fine and my tests indicate no drop in performance. Like I said before, the only real worry is I/O workload-related tasks, Linux CLI-related things, are going to experience it the most, if at all. Games, emulators, 3D software, are unaffected. Cloud-based services could also suffer performance dips.

I'm surprised nothing has happened in the 22 years this exploit's been around.

Edit: Also from the article:

The personal computers used by consumers are also vulnerable, but hackers would have to first find a way to run software on a personal computer before they could gain access to information elsewhere on the machine. There are various ways that could happen: Attackers could fool consumers into downloading software in an email, from an app store or visiting an infected website.

In other words, don't download anything without knowing if it's truly legit, be careful, that hasn't changed.
 
Last edited by the_randomizer,

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
And how does it work? I'm more worried about Meltdown, hence why I installed the hotfix for Windows on MS's site today, OS is running fine and my tests indicate no drop in performance. Like I said before, the only real worry is I/O workload-related tasks, Linux CLI-related things, are going to experience it the most, if at all. Games, emulators, 3D software, are unaffected. Cloud-based services could also suffer performance dips.

I'm surprised nothing has happened in the 22 years this exploit's been around.

Google's Retpoline is pretty technical and requires some understanding of assembly language to appreciate fully. To simplify it, Google claims that Retpoline allows branching instructions to be isolated from speculative execution by manually filling in where the return address is going to be for any branch that executes a return instruction at the end.
 
  • Like
Reactions: the_randomizer

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
Google's Retpoline is pretty technical and requires some understanding of assembly language to appreciate fully. To simplify it, Google claims that Retpoline allows branching instructions to be isolated from speculative execution by manually filling in where the return address is going to be for any branch that executes a return instruction at the end.

If only the same could be done to mitigate Meltdown, but luckily, I can revert if it does adversely affect performance, and ultimately in the end, I don't think most consumers will be adversely affected; if they went 22 years without anything major happening, I don't see it being an issue in the foreseeable future. Is it something to be made aware of? Certainly, it's good to be informed, but at the same time, I just don't want everyone to mass panic. It's a shame that I know nothing of pure ASM code.
 

sansnumen

Well-Known Member
OP
Member
Joined
Aug 4, 2017
Messages
319
Trophies
0
XP
1,314
Country
United States
If only the same could be done to mitigate Meltdown, but luckily, I can revert if it does adversely affect performance, and ultimately in the end, I don't think most consumers will be adversely affected; if they went 22 years without anything major happening, I don't see it being an issue in the foreseeable future. Is it something to be made aware of? Certainly, it's good to be informed, but at the same time, I just don't want everyone to mass panic. It's a shame that I know nothing of pure ASM code.

I would suggest that you do not revert the hotfix for Meltdown. There are already proof-of-concepts floating around that exploit Meltdown. People that don't accept the patch for Meltdown are at risk of identity theft, ransomware, stolen passwords for things like email and bank accounts. Meltdown is very serious and should be treated as such!
 
  • Like
Reactions: the_randomizer

the_randomizer

The Temp's official fox whisperer
Member
Joined
Apr 29, 2011
Messages
31,284
Trophies
2
Age
37
Location
Dr. Wahwee's castle
XP
18,927
Country
United States
I would suggest that you do not revert the hotfix for Meltdown. There are already proof-of-concepts floating around that exploit Meltdown. People that don't accept the patch for Meltdown are at risk of identity theft, ransomware, stolen passwords for things like email and bank accounts. Meltdown is very serious and should be treated as such!

I won't, I'm just saying it's an option, hopefully, the mitigation/patch can be updated in such a way to not kill performance permanently, you know? So far, all seems good on my end. MS actually did something right for a change.


Dumbass hackers -_-
 
Last edited by the_randomizer,

zoogie

playing around in the dsiware
Developer
Joined
Nov 30, 2014
Messages
8,432
Trophies
2
XP
13,899
Country
Micronesia, Federated States of
Last edited by zoogie,
  • Like
Reactions: TotalInsanity4

Joe88

[λ]
Global Moderator
Joined
Jan 6, 2008
Messages
12,695
Trophies
1
Age
34
XP
6,742
Country
United States
i'm just waiting for the class action lawsuit
and ces is right around the corner too...

also I'd like to point out that there has been no different in my cinebench scores pre and post update, so the whole 30% thing is bs
 
Last edited by Joe88,
  • Like
Reactions: Friendsxix

MasterControl90

Well-Known Member
Newcomer
Joined
Dec 18, 2017
Messages
91
Trophies
0
Age
32
Location
Italy
Website
www.capslocktech.com
XP
216
Country
Italy
Sadly this is not a bullshit, just not well explained.
For us, normal users, we will see no difference and all the benchmark around of both actual software and hardware benchmarks are showing pretty much no difference. If we speak about games specifically, if you run a game at about 150fps you will drop to 145fps worst case scenario in a cpu bounded game with no gpu and bus bottlenecks, so nothing to panic about. What will have serious problems are big data center with a lot of different and simultaneous calls happening: going back to games specifically, Epic Games showed a graph where they compared 3 of their data centers for their game fortnite hosting for thousands of players, the results? 1 of the 3 data centers was updated to fix meltdown security hole and the general cpu usage was indeed around 30% higher than the other 2...

In a nutshell for us users this patch means nothing, while enterprises with huge data centers will be all the sudden forced to upgrade their infrastructure which, at the same time, in the future can hurt users that relies a lot on cloud and remote services.
Is it clear enough now guys? :P
 
General chit-chat
Help Users
    KenniesNewName @ KenniesNewName: Well new hocus pocus already looks like shit