Eight New Meltdown-Like Flaws Found

An anonymous reader quotes Reuters: Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel Corp's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable... The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7...

"Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues," said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. "Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware."
Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."

Well, to be expected.

Speculative execution bypasses the memory protection barriers for efficiency reasons. The actual problem is that cache coherence is global rather than per-process and its effects are measurable. That is the vector for wagonloads of side channel attacks. Speculative execution to addresses based on protected locations is just a rather elegant side channel attack since it does not count towards privilege violations and thus does not trigger an exception that would in turn cause a much larger impact on cache coherence and other measurable CPU state than what you are trying to measure.

Cache coherency is a side channel attack that will keep on giving for a long long while to come.

Re:Well which is it?

[Megol]

Actually you got the two things switched:

Meltdown can be totally protected against in software however with a significant performance impact.

Spectre can be divided into two kinds of attacks:
. One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software.
. One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache. This is in general not possible to patch in software.

Good program design have nothing to do with this. That's the whole problem with these speculative vulnerabilities: the code that one write isn't necessarily the code that the processor executes. One have to write bad code taking microarchitectural design into consideration to protect against attack.

Re:Well which is it?

[ravenshrike]

Good program design severely limits the total access of a SPECTRE type flaw. However the access granted by a standard SPECTRE exploit will still give out some information. Thus through good program design you can avoid giving away important information like passwords or cryptography keys even if someone is using a SPECTRE type exploit on your system. Whereas there is no real protection against a MELTDOWN flaw once it is exploited. At that point the person running the exploit has access to everything going on in the system.

Bigger picture for me?

[rbrander]

Computers are a commodity for me, like 99.99% of their purchasers. We have no meaningful option to switch from Intel, because the Genius of the Free Market (tm) took away all our alternatives one-by-one, as we watched the last three decades of open, fair competition. Now the great winner of the Free Market competition, presumably the best of the best, has failed us. And we must wait (no option) for them to fix their failure.

The bigger picture for me is that I don't want to buy one of their computers in the meantime. Why would I? They're all damaged goods, it's as if they were still selling the e-coli lettuce and asking us to just take extra care eating it.

With the first two bugs, I'd heard that, ummm... coffee lake (?) by late this fall might have fixes out of the factory. But not these next eight? When exactly should I buy?

The 'when' question arises if you look back over a few years of my /. posts and see how many have the basic subject of "Moore's Law is over, at least on the desktop", where my 2013 purchase of an i7-3930K CPU @ 3.20GHz × 12 is still hard to beat by more than about 30% - and the chip model, if not my purchase, is already over 5 years of age. I'm mainly wanting a new machine because by this point there's a new bus, faster memory and SSD, though even all that still won't give me a whole doubling of performance.

So I have the option to just wait - what? Will another year do it now? For "Latte Lake"? (I made that up.)

For Intel, it cuts both ways; this has to be holding up other sales, but also, when they have bug-free hardware to sell us again, surely there will be a big burst of replacements. Hard to imagine a stronger economic pressure...except for that dratted "monopoly" status that makes them pretty insensitive to all user pain and pressure.

Re:Explain

[Mal-2]

Replacing an older Intel CPU and board with an AMD CPU+board of equal performance may actually be cheaper than replacing with fixed Intel parts, if the end user is the one paying. But of course, Intel would rather take the bigger hit on paper and hand out its own products, rather than funnel one thin dime to AMD, so unless any payouts are in cash, the replacements for anything are going to be more Intel.