Want to subscribe to topics you're interested in?
Become a Member

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. Andy

    Andy Active Member

    543
    89
    28
    Aug 6, 2014
    Ratings:
    +133
    Local Time:
    5:29 AM
    I seem to have the latest kernel after the reboot
    Code:
    uname -r
    3.10.0-693.11.6.el7.x86_64
    However this command returns nothing
    Code:
    yum list updates -q | tr -s ' '


     
  2. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You already updated to latest kernel so no yum updates to list
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm Microsoft Windows users be wary of the update to fix this Damned if you do, damned if you don't. Meltdown and Spectre keep getting worse | PC Perspective

    Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

    from compatible anti-virus vendor table https://docs.google.com/spreadsheet...tckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0
    I personally use Webroot SecureAnywhere anti-virus and they suggest to manually add the registry key now. They aren't doing it automatically until next week Microsoft Patch Release - 1/3/18 - Webroot Community

     
  4. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Linode blog update Linode Blog » CPU Vulnerabilities: Meltdown & Spectre
    One of my Linode KVM VPS rebooted
    Code (Text):
    uname -r
    4.14.12-x86_64-linode92
    

    Checking Kernel KPTI and related tunables - looks like Linode custom 4.14.12 kernels do not support Redhat/CentOS backported 3.10 kernel's tunable settings
    Code (Text):
    cat /sys/kernel/debug/x86/pti_enabled
    cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory
    
    cat /sys/kernel/debug/x86/ibpb_enabled
    cat: /sys/kernel/debug/x86/ibpb_enabled: No such file or directory
    
    cat /sys/kernel/debug/x86/ibrs_enabled
    cat: /sys/kernel/debug/x86/ibrs_enabled: No such file or directory
    
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nginx response for Meltdown & Spectre NGINX Response to the Meltdown and Spectre Vulnerabilities - NGINX

     
  6. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More from phoronix
    And
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    negative effects of updates Epic Games blames Meltdown CPU performance issues for Fortnite downtime

     
  9. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Vultr response Vultr: High Performance SSD Cloud.

     
  10. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    For folks interested in more technical side/info for Kernel Page Table Isolation (KPTI) patches Kernel page-table isolation - Wikipedia

     
  11. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm how likely is it that Android mobiles get relevant updates for this as Android development is so fragmented and updates from alot of the manufacturers are not frequent ?

    Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

     
  12. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Anandtech's coverage of Meltdown & Spectre vulnerabilities Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs

    full details and more at Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs

    interesting comment at Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs
    Understandably some Kernel programmers are pissed off !
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Some insights on consumer hardware side as to required Intel cpu microcode updates required from Asus ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

    So check out your PC's motherboard manufacturer web sites for bios updates too !
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Impact on Cryptocurrency private keys What Meltdown and Spectre Flaws Mean for Crypto - CoinDesk

     
  15. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Intel Intel® Product Security Center

     
  16. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I updated earlier Microsoft Windows 10 KB4056892 update as I use Webroot SecureAnywhere which is compatible with update after I manually added registry key.

    win10-update-00.png
     
  17. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Kernel related update status Meltdown and Spectre Linux kernel status - Linux Kernel Monkey Log

    Yes upstream Linux Kernels haven't tackled Spectre related fixes yet. Redhat/CentOS latest have done some though in their backported latest kernel.
    can confirm this with Spectre PoC at GitHub - crozone/SpectrePoC: Proof of concept code for the Spectre CPU exploit.

    test against OVH CentOS 7.4 with distro patched updated Kernel
    Code (Text):
    uname -r
    3.10.0-693.11.6.el7.x86_64
    

    the PoC fails as Kernel update by RedHat/CentOS backported some Spectre related fixes
    Code (Text):
    ./spectre.out
    Reading 40 bytes:
    Reading at malicious_x = 0xffffffffffdffb00... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb01... Unclear: 0xFE=’?’ score=999 (second best: 0xFB score=999)
    Reading at malicious_x = 0xffffffffffdffb02... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb03... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb04... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb05... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb06... Unclear: 0xFB=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb07... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb08... Unclear: 0xFF=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb09... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb0a... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb0b... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb0c... Unclear: 0xFF=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb0d... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb0e... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb0f... Unclear: 0xFC=’?’ score=999 (second best: 0xFB score=999)
    Reading at malicious_x = 0xffffffffffdffb10... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb11... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
    Reading at malicious_x = 0xffffffffffdffb12... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb13... Unclear: 0xFF=’?’ score=999 (second best: 0xFE score=999)
    Reading at malicious_x = 0xffffffffffdffb14... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb15... Unclear: 0xFC=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb16... Unclear: 0xFE=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb17... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb18... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb19... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb1a... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb1b... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb1c... Unclear: 0xFD=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb1d... Unclear: 0xFC=’?’ score=999 (second best: 0xFA score=999)
    Reading at malicious_x = 0xffffffffffdffb1e... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb1f... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb20... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb21... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb22... Unclear: 0xFA=’?’ score=999 (second best: 0xF9 score=999)
    Reading at malicious_x = 0xffffffffffdffb23... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb24... Unclear: 0xFE=’?’ score=999 (second best: 0xFD score=999)
    Reading at malicious_x = 0xffffffffffdffb25... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb26... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    Reading at malicious_x = 0xffffffffffdffb27... Unclear: 0xFE=’?’ score=999 (second best: 0xFC score=999)
    

    while Linode 4.14.12 based on upstream doesn't have any Spectre related fixes only Meltdown ones
    Code (Text):
    uname -r
    4.14.12-x86_64-linode92
    

    so Spectre PoC succeeds to reading/revealing the secret text string = "The Magic Words are Squeamish Ossifrage."
    Code (Text):
    ./spectre.out
    Reading 40 bytes:
    Reading at malicious_x = 0xffffffffffdffb20... Unclear: 0x54=’T’ score=998 (second best: 0xC8 score=955)
    Reading at malicious_x = 0xffffffffffdffb21... Unclear: 0x68=’h’ score=999 (second best: 0xC9 score=969)
    Reading at malicious_x = 0xffffffffffdffb22... Unclear: 0x65=’e’ score=995 (second best: 0xC9 score=946)
    Reading at malicious_x = 0xffffffffffdffb23... Unclear: 0x20=’ ’ score=996 (second best: 0xC6 score=955)
    Reading at malicious_x = 0xffffffffffdffb24... Unclear: 0x4D=’M’ score=997 (second best: 0x5D score=966)
    Reading at malicious_x = 0xffffffffffdffb25... Unclear: 0x61=’a’ score=995 (second best: 0xC9 score=967)
    Reading at malicious_x = 0xffffffffffdffb26... Unclear: 0x67=’g’ score=999 (second best: 0xC7 score=974)
    Reading at malicious_x = 0xffffffffffdffb27... Unclear: 0x69=’i’ score=999 (second best: 0x5D score=970)
    Reading at malicious_x = 0xffffffffffdffb28... Unclear: 0x63=’c’ score=997 (second best: 0x5D score=974)
    uReading at malicious_x = 0xffffffffffdffb29... Unclear: 0x20=’ ’ score=995 (second best: 0xC9 score=965)
    Reading at malicious_x = 0xffffffffffdffb2a... Unclear: 0x57=’W’ score=999 (second best: 0xC7 score=968)
    Reading at malicious_x = 0xffffffffffdffb2b... Unclear: 0x6F=’o’ score=999 (second best: 0x5D score=974)
    nReading at malicious_x = 0xffffffffffdffb2c... Unclear: 0x72=’r’ score=998 (second best: 0xC8 score=974)
    Reading at malicious_x = 0xffffffffffdffb2d... Unclear: 0x64=’d’ score=999 (second best: 0xC8 score=976)
    aReading at malicious_x = 0xffffffffffdffb2e... Unclear: 0x73=’s’ score=999 (second best: 0xC7 score=974)
    Reading at malicious_x = 0xffffffffffdffb2f... Unclear: 0x20=’ ’ score=996 (second best: 0xC9 score=980)
    mReading at malicious_x = 0xffffffffffdffb30... Unclear: 0x61=’a’ score=999 (second best: 0x5D score=978)
    Reading at malicious_x = 0xffffffffffdffb31... Unclear: 0x72=’r’ score=999 (second best: 0xEC score=978)
    Reading at malicious_x = 0xffffffffffdffb32... Unclear: 0x65=’e’ score=999 (second best: 0xC7 score=978)
    Reading at malicious_x = 0xffffffffffdffb33... Unclear: 0x20=’ ’ score=999 (second best: 0xC9 score=976)
    Reading at malicious_x = 0xffffffffffdffb34... Unclear: 0x53=’S’ score=999 (second best: 0xC9 score=966)
    eReading at malicious_x = 0xffffffffffdffb35... Unclear: 0x71=’q’ score=999 (second best: 0xC8 score=972)
    Reading at malicious_x = 0xffffffffffdffb36... Unclear: 0x75=’u’ score=999 (second best: 0xC6 score=973)
    Reading at malicious_x = 0xffffffffffdffb37... Unclear: 0x65=’e’ score=999 (second best: 0xC6 score=984)
    Reading at malicious_x = 0xffffffffffdffb38... Unclear: 0x61=’a’ score=996 (second best: 0x5D score=969)
    Reading at malicious_x = 0xffffffffffdffb39... Unclear: 0x6D=’m’ score=999 (second best: 0xC9 score=984)
    Reading at malicious_x = 0xffffffffffdffb3a... Unclear: 0x69=’i’ score=999 (second best: 0xE7 score=970)
    Reading at malicious_x = 0xffffffffffdffb3b... Unclear: 0x73=’s’ score=999 (second best: 0xC7 score=974)
    Reading at malicious_x = 0xffffffffffdffb3c... Unclear: 0x68=’h’ score=999 (second best: 0xC9 score=977)
     Reading at malicious_x = 0xffffffffffdffb3d... Unclear: 0x20=’ ’ score=999 (second best: 0xC6 score=981)
    Reading at malicious_x = 0xffffffffffdffb3e... Unclear: 0x4F=’O’ score=996 (second best: 0xE9 score=986)
    Reading at malicious_x = 0xffffffffffdffb3f... Unclear: 0x73=’s’ score=999 (second best: 0xCA score=985)
    Reading at malicious_x = 0xffffffffffdffb40... Success: 0x73=’s’ score=301 (second best: 0xEB score=148)
    -Reading at malicious_x = 0xffffffffffdffb41... Unclear: 0x69=’i’ score=999 (second best: 0x35 score=940)
    Reading at malicious_x = 0xffffffffffdffb42... Unclear: 0x66=’f’ score=999 (second best: 0x35 score=908)
    Reading at malicious_x = 0xffffffffffdffb43... Unclear: 0x72=’r’ score=999 (second best: 0x35 score=897)
    rReading at malicious_x = 0xffffffffffdffb44... Unclear: 0x61=’a’ score=999 (second best: 0x35 score=932)
    Reading at malicious_x = 0xffffffffffdffb45... Unclear: 0x67=’g’ score=999 (second best: 0x35 score=924)
    Reading at malicious_x = 0xffffffffffdffb46... Unclear: 0x65=’e’ score=999 (second best: 0x35 score=895)
    Reading at malicious_x = 0xffffffffffdffb47... Unclear: 0x2E=’.’ score=999 (second best: 0x35 score=794)
    

    Linode users can switch back from Linode custom 4.14.12 kernel to CentOS distro Kernel for the additional Spectre backported fixes not included in Linux 4.14 upstream Kernels by using guide outlined at Run a Distribution-Supplied Kernel on a KVM Linode

    Maybe need to install grub2 before hand though
    Code (Text):
    yum -y install grub2
    


    After switching Linode KVM VPS back to distro kernel
    Code (Text):
    3.10.0-693.11.6.el7.x86_64
    

    looks like still vulnerable
    Code (Text):
    ./spectre.out 
    Reading 40 bytes:
    Reading at malicious_x = 0xffffffffffdffb20... Unclear: 0x54=’T’ score=999 (second best: 0x00 score=890)
    Reading at malicious_x = 0xffffffffffdffb21... Unclear: 0x68=’h’ score=999 (second best: 0x98 score=894)
    Reading at malicious_x = 0xffffffffffdffb22... Unclear: 0x65=’e’ score=999 (second best: 0x53 score=848)
    Reading at malicious_x = 0xffffffffffdffb23... Unclear: 0x20=’ ’ score=997 (second best: 0x4E score=971)
    Reading at malicious_x = 0xffffffffffdffb24... Unclear: 0x4D=’M’ score=999 (second best: 0x52 score=958)
    Reading at malicious_x = 0xffffffffffdffb25... Unclear: 0x61=’a’ score=999 (second best: 0x50 score=969)
    Reading at malicious_x = 0xffffffffffdffb26... Unclear: 0x67=’g’ score=999 (second best: 0x4F score=956)
    Reading at malicious_x = 0xffffffffffdffb27... Unclear: 0x69=’i’ score=999 (second best: 0x4F score=965)
    Reading at malicious_x = 0xffffffffffdffb28... Unclear: 0x63=’c’ score=996 (second best: 0x4E score=972)
    Reading at malicious_x = 0xffffffffffdffb29... Unclear: 0x20=’ ’ score=999 (second best: 0x4E score=969)
    Reading at malicious_x = 0xffffffffffdffb2a... Unclear: 0x57=’W’ score=994 (second best: 0x4E score=967)
    Reading at malicious_x = 0xffffffffffdffb2b... Success: 0x6F=’o’ score=147 (second best: 0x00 score=70)
    Reading at malicious_x = 0xffffffffffdffb2c... Unclear: 0x72=’r’ score=999 (second best: 0x9A score=736)
    Reading at malicious_x = 0xffffffffffdffb2d... Unclear: 0x64=’d’ score=988 (second best: 0x9A score=717)
    Reading at malicious_x = 0xffffffffffdffb2e... Unclear: 0x73=’s’ score=999 (second best: 0x9A score=737)
    Reading at malicious_x = 0xffffffffffdffb2f... Unclear: 0x20=’ ’ score=994 (second best: 0x9A score=772)
    Reading at malicious_x = 0xffffffffffdffb30... Unclear: 0x61=’a’ score=999 (second best: 0x4F score=910)
    Reading at malicious_x = 0xffffffffffdffb31... Unclear: 0x72=’r’ score=999 (second best: 0x4F score=973)
    Reading at malicious_x = 0xffffffffffdffb32... Unclear: 0x65=’e’ score=995 (second best: 0x4E score=979)
    Reading at malicious_x = 0xffffffffffdffb33... Unclear: 0x20=’ ’ score=999 (second best: 0x50 score=977)
    Reading at malicious_x = 0xffffffffffdffb34... Unclear: 0x53=’S’ score=999 (second best: 0x50 score=966)
    Reading at malicious_x = 0xffffffffffdffb35... Unclear: 0x71=’q’ score=999 (second best: 0x50 score=965)
    Reading at malicious_x = 0xffffffffffdffb36... Unclear: 0x75=’u’ score=992 (second best: 0x4F score=968)
    Reading at malicious_x = 0xffffffffffdffb37... Unclear: 0x65=’e’ score=999 (second best: 0x50 score=973)
    Reading at malicious_x = 0xffffffffffdffb38... Unclear: 0x61=’a’ score=999 (second best: 0x4E score=984)
    Reading at malicious_x = 0xffffffffffdffb39... Unclear: 0x6D=’m’ score=999 (second best: 0x50 score=964)
    Reading at malicious_x = 0xffffffffffdffb3a... Unclear: 0x69=’i’ score=999 (second best: 0x4F score=965)
    Reading at malicious_x = 0xffffffffffdffb3b... Unclear: 0x73=’s’ score=999 (second best: 0x50 score=961)
    Reading at malicious_x = 0xffffffffffdffb3c... Unclear: 0x68=’h’ score=995 (second best: 0x4F score=961)
    Reading at malicious_x = 0xffffffffffdffb3d... Unclear: 0x20=’ ’ score=999 (second best: 0x4F score=968)
    Reading at malicious_x = 0xffffffffffdffb3e... Unclear: 0x4F=’O’ score=999 (second best: 0x52 score=973)
    Reading at malicious_x = 0xffffffffffdffb3f... Unclear: 0x73=’s’ score=999 (second best: 0x4E score=965)
    Reading at malicious_x = 0xffffffffffdffb40... Unclear: 0x73=’s’ score=999 (second best: 0x4E score=966)
    Reading at malicious_x = 0xffffffffffdffb41... Unclear: 0x69=’i’ score=999 (second best: 0x4F score=964)
    Reading at malicious_x = 0xffffffffffdffb42... Unclear: 0x66=’f’ score=999 (second best: 0x50 score=959)
    Reading at malicious_x = 0xffffffffffdffb43... Unclear: 0x72=’r’ score=998 (second best: 0x50 score=962)
    Reading at malicious_x = 0xffffffffffdffb44... Unclear: 0x61=’a’ score=999 (second best: 0x50 score=944)
    Reading at malicious_x = 0xffffffffffdffb45... Unclear: 0x67=’g’ score=989 (second best: 0x4F score=948)
    Reading at malicious_x = 0xffffffffffdffb46... Unclear: 0x65=’e’ score=999 (second best: 0x4E score=942)
    Reading at malicious_x = 0xffffffffffdffb47... Unclear: 0x2E=’.’ score=999 (second best: 0x50 score=967)
    


    grub2-distro-kernel-profile-edit-01.png

    maybe it's the OVH server's microcode updates for i7 4790K vs Linode E5-2680v2 ?

    on Linode KVM VPS
    Code (Text):
    journalctl -b --no-pager | grep microcode | sed -e "s|$(hostname)|hostname|g"
    Jan 07 10:14:58 hostname kernel: microcode: CPU0 sig=0x306e4, pf=0x1, revision=0x1
    Jan 07 10:14:58 hostname kernel: microcode: CPU1 sig=0x306e4, pf=0x1, revision=0x1
    Jan 07 10:14:58 hostname kernel: microcode: Microcode Update Driver: v2.01 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Interesting article How So Many Researchers Found a 20-Year-Old Chip Flaw At Once
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,564
    12,224
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,793
    Local Time:
    9:29 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Popular server motherboard/chassis manufacturer's PR

    Security Vulnerabilities Regarding Side Channel Speculative Execution and Indirect Branch Prediction Information Disclosure (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)