Slashdot Mirror
New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed (bleepingcomputer.com)
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2. From a report: Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution -- a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections. Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that "currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1." As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags.
ARM Cortex A8, 9, 12, 15, 17, 57, 72, 73, 75... all of those implement speculative execution are are all vulnerable to Spectre v1 and v2. Some also v3, v3a and v4
The A76 is only vulnerable to v1 and v4
https://developer.arm.com/supp...
IBM Power CPUs do speculative execution. IBM aren't fixing Power 6 and earlier.
Power 7, 8 and 9 have been patched apparently (requires both firmware and OS updates to mitigate)
I'm sure there's more.
Mitigation of prior SPECTRE attacks is cheaper on AMD than on intel. I would be surprised to learn that was not the case again. In addition, it's more difficult to exploit on AMD, and further, AMD was NOT vulnerable to all the classes of SPECTRE attack which affected intel processors. So while you're technically correct, there are also caveats.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You have been doing things wrong, then. I have been using AMD processors literally since the K6, and that was literally the last processor to give me any kind of trouble. And the last K6 I owned was in a laptop and gave me literally zero trouble (although the garbage ATI rage pro lt sure did.) My current PC has an FX-8350 and a pair of Zotac GTX 950 AMP! cards in, and has literally been my most trouble-free hardware ever - and I've owned SGI, DEC, Sun, IBM, Apollo, Amiga, Macs... You name it.
The K6 that caused me problems had a VIA chipset. Yep, there's the problem, it says VIA on it.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Power6 is very high frequency, but essentially in order. It does not speculate very far and is likely very hard to exploit. Power4 and 5 are really old now, although G5 are essentially a Power4 with Altivec.
IBM's Power Architecture is vastly more secure than X86 or amd64. Security has always been a priority for the Power Architecture since the beginning about 1985. Now Intel and x86 on the other didn't start implementing security features until about 2010. And lets not forget it was Hewlett-Packard engineers who tought Intel how to attempt to make and implement security features. Intel has always made shity insecure heaters. So you got extremely classified document well lets hope there on {Power or Sparc} because once on x86 it gets leaked to the world.
We did tests on a Power 8 frame with real-life Java application and Oracle DB workloads.
- up to ~30% slower for Java
- up to ~15% slower for Oracle DB
It's ... bad ...
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.