Multiple OS Vendors Release Security Patches After Misinterpreting Intel Docs

Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks. From a report: The vulnerability is in how the OS vendors implemented a hardware debug mechanism for Intel x86-64 architectures -- and more specifically the MOV SS and POP SS instructions. "In certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3," the CERT/CC team explained in an advisory published yesterday. Explained in layman's terms, "this may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions." Operating systems that mishandle this debug exception and had their systems open to attacks include Apple, Microsoft, FreeBSD, Red Hat, Ubuntu, SUSE Linux, and other Linux distros based on the Linux Kernel -- which is also affected.

Re:AMD

[Megol]

No AMD isn't affected. Intel isn't either. The problem is in software, it's the software that is affected.

AMD implements the x86 ISA which was designed by Intel and second sourced by AMD for a while. AMD then started designing their own CPUs based on the same ISA as they had a license that let them do that (as decided by a court of law). They have reverse engineered and used documented sources to make their processors compatible with those of Intel.

So if the hardware works in some specific way (with a few exceptions) then Intel and AMD will work the same. This is ignoring some processor extensions not always implemented by both companies.

Re:Understandable

[caseih]

Not at all. You may be the only human user on your system but every day you bring untrusted data and actually programs onto your computer in the form of web pages. With these vulnerabilities, a rogue JavaScript program running in a web site could grab your passwords sitting in memory for other processes. In fact one of the meltdown exploits first demonstrated was in JavaScript. So it's a bigger deal than you think and it does affect you even though you don't run a server and are the only user on your computer.

Re:NetBSD and OpenBSD "Not Affected"

[afidel]

Yeah, looked for OpenBSD and wasn't all that surprised that they weren't affected. Theo is a bit of a douche to work with but he's usually right when it comes to security. OpenBSD also wasn't vulnerable to Meltdown and the OS level variants of Specter because he was already paranoid about cache flushing when thunking between rings due to an earlier Intel bug that he didn't believe was correctly addressed.

Re:AMD

[UnknownSoldier]

TL:DR; Cross Licensing

Intel cross licensed the x86 stuff (32-bit) to AMD.
AMD cross licensed the AMD64 stuff (64-bit) to Intel.

The longer version:

Intel and AMD got tired of suing each other over patents. They have a LONG history of cross licensing agreements. They renewed it in 2001 and again in 2009.; AMD clarifyied the deal in 2015

It is only natural AMD would use Intel's docs as part of the verification process for the 32-bit stuff.

You can search intel amd cross license agreement for more info. but the agreement are (usually?) confidential.

Re: Linux distros based on the Linux Kernel

[laffer1]

This is still a thing. https://www.debian.org/ports/k...