Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel's Chip Bug Fixes Have Bugs of Their Own (bleepingcomputer.com)

Posted by msmash on from the bugception dept.

From a report: Intel said late Thursday it is investigating an issue with Broadwell and Haswell CPUs after customers reported higher system reboot rates when they installed firmware updates for fixing the Spectre flaw. The hardware vendor said these systems are both home computers and data center servers. "We are working quickly with these customers to understand, diagnose and address this reboot issue," said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel Corporation. "If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue," Shenoy added. The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs.

9 of 59 comments (clear)

  1. Why am I not surprised? by davidwr · · Score: 2

    Regression of new-bug risk is why many non-critical bugs go unfixed and why companies like IBM sometimes release patches only to those customers who complain and who are willing to accept a fix that hasn't been thoroughly tested.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. Reminds me of the 2009 flu pandemic by Hal_Porter · · Score: 4, Informative

    In both cases there was a lot of worry about the threat. An countermeasure was rushed out, and it seems like the countermeasure may have some side effects.

    https://en.wikipedia.org/wiki/...

    You have to wonder in each case if there's an element of overreaction going on.

    In the Meltdown/Spectre case it the browser vendors are going to fuzz the timing functions to make side channel timing attacks harder to pull off

    E.g.

    http://news.softpedia.com/news...

    Just like Microsoft and Mozilla, Google Chrome 64 will disable SharedArrayBuffer by default and modify the behavior of performance.now() by reducing precision from 5us to 20us in order to block exploits attempting to take advantage of the security vulnerabilities.

    Also you can block third party scripts using uBlock Origin.

    https://github.com/gorhill/uBl...

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    1. Re:Reminds me of the 2009 flu pandemic by sjames · · Score: 3, Interesting

      It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.

      As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.

    2. Re:Reminds me of the 2009 flu pandemic by TechyImmigrant · · Score: 2

      It doesn't help that Intel spread some confusion. Meltdown is very serious and really does need a quick fix. Spectre needs addressing but isn't as urgent since it is quite hard to exploit successfully. Meltdown workarounds should NOT be deployed on AMD systems.

      As best as I can tell, the microcode updates (BIOS) are for spectre, not meltdown.

      That depends on your definition of urgent. Spectre is the problem with legs and it's going to keep running. Fix meltdown once and it's fixed. But unlike meltdown, which is a poor target, because it's being addressed, Spectre presents thousands of targets on many platforms and there is no shortage of governments and criminals sharpening their attacks right now.

      There is a lot more to do to address Spectre and it involves some kind of magic where all the software engineers suddenly learn how to both develop effective threat models and develop effective mitigations. Intel gave software engineers a safe place to put secrets and they didn't do it. SGX is there for a reason. If you're squealing "Oh noes! Teh Malwarez can read secrets in my process state", why the hell are you not using the tools in place to protect those secrets?

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Re:Don't feel discouraged?? by houstonbofh · · Score: 2

    I too am holding back updates for exactly the same reason... And this made me laugh...

    "The Intel exec said users shouldn't feel discouraged by these snags and continue to install updates from OS makers and OEMs."

    Sure...

  4. There is a better fix available. by Gravis+Zero · · Score: 2, Informative

    Use AMD chips because they actually are immune to Meltdown and have already mitigated Spectre at the Microcode and OS level with a negligible impact on performance. Intel has yet to get their shit together and it's performance impact is growing with every new patch.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:There is a better fix available. by green1 · · Score: 2

      it's not called "Wintel" for nothing....

  5. Re:It takes courage by tomxor · · Score: 2

    Yo Brian, It takes courage to put bugs in your bugs.

    Clearly putting a CPU in their CPU wasn't enough.

    ...Yes i'm replying to my own comment, it's not weird, i'll be here all week.

  6. 99 Little bugs in the code by corychristison · · Score: 2

    99 little bugs in the code
    Take one down and patch it around
    127 little bugs in the code.