Get the most out of your Centmin Mod LEMP stack
Become a Member

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    10:39 AM
    I spent nearly an hour spinning up Linodes the other day just to get an Epyc processor. Nothing I personally rely on will ever touch Intel processors. Typing this from my AMD 1950x Threadripper. AMD from here on out for the foreseeable future.

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    which Linode plans ? and which Linode data center regions ? You're more likely to get them for newer data center regions that older ones.
     
  3. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    10:39 AM
    Atlanta. I found that if you do not use Dedicated you are far less likely to get AMD. Dedicated is much more consistent.

    Ended up with

    Code:
    Architecture:          x86_64
    CPU op-mode(s):        32-bit, 64-bit
    Byte Order:            Little Endian
    CPU(s):                8
    On-line CPU(s) list:   0-7
    Thread(s) per core:    1
    Core(s) per socket:    1
    Socket(s):             8
    NUMA node(s):          1
    Vendor ID:             AuthenticAMD
    CPU family:            23
    Model:                 1
    Model name:            AMD EPYC 7501 32-Core Processor
    Stepping:              2
    CPU MHz:               1999.996
    BogoMIPS:              4001.65
    Hypervisor vendor:     KVM
    Virtualization type:   full
    L1d cache:             64K
    L1i cache:             64K
    L2 cache:              512K
    L3 cache:              16384K
    NUMA node0 CPU(s):     0-7
    Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ssbd ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 virt_ssbd arat
    on dedicated.
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah Linode dedicated plans are more likely to get higher end cpus :)
     
  5. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    4:39 PM
    1.9.x
    10.1.x
    Things are going to start getting serious.

    Google Publishes "Leaky.Page" Showing Spectre In Action Within Web Browsers

    Google Publishes "Leaky.Page" Showing Spectre In Action Within Web Browsers - Phoronix

    Just tried it with chrome and my i5-8400 and the attack is successfully.


    In the beginning of this month, a functional Spectre exploit was uploaded to VirusTotal, for Windows and Linux:

    Spectre exploits in the "wild"


    It's not possible to mitigate the exploit via software. This is going to be big, and a real problem to all of us.
     
  6. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ouch :eek::(

    Thanks for the heads up!
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    And there's more New Spectre Flaws in Intel and AMD CPUs Affect Billion of Computers

     
  8. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wow neverending issue meet Retbleed New working speculative execution attack sends Intel and AMD scrambling

    Retbleed: New speculative execution attack sends Intel and AMD scrambling | Hacker News

    Wow mitigations for RetBleed can have as much as 28% performance penalty!

    and Chips & Salsa Episode 21: July 2022 Security Advisories - Retbleed

    Affected Intel cpus seems to go as far back as old Haswell cpus onwards
     
    Last edited: Jul 13, 2022
  9. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ouch Benchmarking The Linux Mitigated Performance For Retbleed: It's Painful - Phoronix

    Worse for AMD Gen 1 cpus
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  11. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Looks like RHEL does not have a Kernel fix for RetBleed yet and only posted a mitigation for RHEL8 according to Red Hat response to Retbleed (CVE-2022-29900 / CVE-2022-23816, CVE-2022-29901, CVE-2022-23825) vulnerabilities - Red Hat Customer Portal. RHEL 7 and CentOS 7 like Windows aren't impacted as it already uses Indirect Branch Restricted Speculation (IBRS) mitigation instead of Reptoline mitigation used in RHEL 8's Linux Kernel.
    • Red Hat Enterprise Linux 7 uses the existing IBRS mitigations for Intel processors.
    • Red Hat Enterprise Linux 8 can mitigate the flaw in affected Intel CPUs if booted with the kernel parameter: spectre_v2=ibrs
    But CentOS 7's Linux Kernel says spectre_v2 is using Retpoline but without IBPB?
    Code (Text):
    find /sys/devices/system/cpu/vulnerabilities -type f -exec bash -c 'echo '---'; echo {}; cat {}' \;
    ---
    /sys/devices/system/cpu/vulnerabilities/mds
    Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
    ---
    /sys/devices/system/cpu/vulnerabilities/l1tf
    Mitigation: PTE Inversion
    ---
    /sys/devices/system/cpu/vulnerabilities/srbds
    Not affected
    ---
    /sys/devices/system/cpu/vulnerabilities/itlb_multihit
    Processor vulnerable
    ---
    /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
    Not affected
    ---
    /sys/devices/system/cpu/vulnerabilities/spectre_v1
    Mitigation: Load fences, usercopy/swapgs barriers and __user pointer sanitization
    ---
    /sys/devices/system/cpu/vulnerabilities/spectre_v2
    Vulnerable: Retpoline without IBPB
    ---
    /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
    Vulnerable
    ---
    /sys/devices/system/cpu/vulnerabilities/meltdown
    Mitigation: PTI
    
     
    Last edited: Sep 14, 2022
  12. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Wow still new vulnerabilities are being found New attack methods work against Spectre mitigations in modern PC CPUs | TechSpot

     
  13. eva2000

    eva2000 Administrator Staff Member

    54,341
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    2:39 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+