Linked by Thom Holwerda on Wed 3rd Jan 2018 20:36 UTC

Update: Google's Project Zero disclosed details about the vulnerability a week ahead of schedule due to growing concerns, and they indeed confirm AMD and ARM processors are also affected:

The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running them.

Intel just published a PR statement about the processor flaw, and in it, it basically throws AMD and ARM under the bus. According to Intel, reports that only its own processors are affected are inaccurate, namedropping specifically AMD and ARM just to make it very clear who we're talking about here. From the statement:

Recent reports that these exploits are caused by a "bug" or a "flaw" and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices - with many different vendors' processors and operating systems - are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

More to surely come.

Thread beginning with comment 652479
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: WTF Intel?
by Delgarde on Wed 3rd Jan 2018 22:05 UTC in reply to "WTF Intel?"
Member since:

Actually, they state that processors from many other vendors are susceptible, but they've not actually named any of them in the context of that statement – AMD and ARM are specifically mentioned only in the second paragraph, talking about other companies Intel are working with to resolve the issue.

So quite a neatly worded statement, really. They carefully avoid making any claims about AMD and ARM vulnerability, but by mentioning them in the statement, they encourage people to make the association themselves.

Reply Parent Score: 19

RE[2]: WTF Intel?
by flanque on Thu 4th Jan 2018 05:44 in reply to "RE: WTF Intel?"
flanque Member since:

Yes, this was quite clever and obvious, though on the other hand, I thought I missed something with Thom's under the bus comment. I guess not.

Reply Parent Score: 2

RE[2]: WTF Intel?
by galvanash on Thu 4th Jan 2018 16:26 in reply to "RE: WTF Intel?"
galvanash Member since:

I would also stress to people reading this - it isn't an issue of Intel vs AMD or x86 vs ARM or anything like that...

Yes, Intel processors exhibit a rather aggressive form of speculation that AMD processors do not in a very specific usage scenario that makes them more susceptible to a very specific form of this attack. This particular behavior is not the root cause of the problem though - the root cause is simply a result of how all modern processors work.

In hindsight, and probably due more to luck than intent, AMD ended up with a slightly more resilient implementation of a very very specific thing. Problem is deep down all processor end up doing what is really causing the problem - they execute code speculatively and they currently can't hide all of the effects of this. The flaw in Intel's design is not the only way to crack this egg, there are many and more will surface over time...

Everyone is going to have to go back to the drawing board so to speak and work this out... It is a very big problem and it effects the entire industry, not any particular vendor. I think it can be fixed in the long term, and future CPUs will address it on a fundamental level and correct it, but for the time being its all going to be duck tape and bubble gum for everyone...

Hiding kernel page tables just addresses one specific (and very dangerous) form of attack, it doesn't actually fix anything long term...

Reply Parent Score: 3

RE[3]: WTF Intel?
by dionicio on Fri 5th Jan 2018 18:37 in reply to "RE[2]: WTF Intel?"
dionicio Member since:

Thanks Galvanash...

Knew six months amounts to bubble gum at this fundamentally wrong path on multi-tasking architecture.

Erlang language could spark better ideas, if translatable to hardware.

On the chipset this philosophy already being inspiration. Hubs, they're called.

Reply Parent Score: 2

RE[3]: WTF Intel?
by dionicio on Fri 5th Jan 2018 18:55 in reply to "RE[2]: WTF Intel?"
dionicio Member since:

"- the root cause is simply a result of how all modern processors work. "

How Big Is This Issue With Cell Architecture?

Reply Parent Score: 2