Welcome to Centmin Mod Community
Become a Member

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm bad Intel Intel Released "Coffee Lake" Knowing it Was Vulnerable to Spectre and Meltdown


     
  2. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Window 10 updates and AMD cpu issues http://windowsreport.com/amd-display-issues-windows-update/

     
  3. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Benchmarking Linux With The Retpoline Patches For Spectre - Phoronix

     
  4. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Update: January 8th, 2018 Linode blog update Linode Blog » CPU Vulnerabilities: Meltdown & Spectre

     
  6. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  8. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Potentially bad news that some older Intel cpus aren't getting microcode updates like v1/v2/v3 sandybridge, ivybridge and haswell microcode updates for Sandy/Ivy Bridge? • r/intel

     
  9. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Benchmarking Clear Linux With KPTI + Retpoline Support (Meltdown + Spectre Patches) - Phoronix

     
  10. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Intel's CES 2018 Key Note presentation Intel at CES 2018: Brian Krzanich Keynote Live Blog (18:30 PT, 02:30 UTC). So it could be as long as one month later to get all Intel CPUs patched up microcode/bios update wise.

     
  11. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    since Windows 10 update fix for meltdown, had a couple of system hangs and windows event viewer logged these errors, wonder if it's related ?

    on Samsung ATIV Book 8 laptop with Core i7 3635QM 4C/8T cpu

    eventlog-01.png
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    The Combined Impact Of Retpoline + KPTI On Ubuntu Linux - Phoronix

    ouch full result in the OpenBenchmarking.org result file

    • nginx test - This is a test of ab, which is the Apache Benchmark program running against nginx. This test profile measures how many requests per second a given system can sustain when carrying out 2,000,000 requests with 500 requests being carried out concurrently
    • apache test - This is a test of ab, which is the Apache benchmark program. This test profile measures how many requests per second a given system can sustain when carrying out 1,000,000 requests with 100 requests being carried out concurrently

    nginx ~21-26% reduction with KPTI + Retpoline Kernel patch fixes

    upload_2018-1-10_14-8-10.png

    Apache ~21-32% reduction with KPTI + Retpoline Kernel patch fixes

    upload_2018-1-10_14-8-27.png

    Redis ~6.5-11% drop

    upload_2018-1-10_14-14-25.png
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  14. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

     
  15. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Meltdown and Spectre a big deal for enterprises

     
  16. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Dell and bios updates Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on Dell products | Dell Australia
    Looks like I need to update my Dell Inspiron 13 7000 (D7378) too :)
     
  17. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Meltdown-Spectre: Four things every Windows admin needs to do now | ZDNet

    Sadly, my Samsung ATIV Book 8 laptop is using Ivybridge based Intel Core i7 3635QM 4C/8T cpu :( Maybe AMD Ryzen mobile cpus will come soon Ryzen Mobile is Launched: AMD APUs for Laptops, with Vega and Updated Zen :)
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Online.net has one of the most comprehensive running updates for meltdown and spectre related fixes for their servers I have seen
     
  19. buik

    buik “The best traveler is one without a camera.”

    2,023
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,672
    Local Time:
    1:20 AM
    Sorry to say but if you asked me.
    Its more and more a story of big company's.
    And that goes as follows:

    Heeej hi look at me, how well I am working.
    How important I think that security is (so-called).

    They would like to make it seems that all is going fine,
    that they are startled because they just know about Spectre and Meltdown.

    Boeeeeee boeee I did not know that and now I have to cry.
    And now have to make a quick solution and thats difficult, because of the complexity
    , so they ask for understanding.

    But in fact it appears that they already knew it for 180 days.
    They could have easily taken measures.

    But now only a week before the embargo the news leaked.
    Everyone is in turmoil.

    What a shame.

    Only Red Hat has succeeded.
    Their EL changelog show that they already had a solution ready in December.

    Finally, every provider has been emailing all the week long about how dangerous and critical it is. That they have to take measures immediately etc etc.

    Once gain. The impact is NOT critical but Important / Moderate.

    Kernel Side-Channel Attacks - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 - Red Hat Customer Portal
    Synology-SA-18:01 Meltdown and Spectre Attacks | Synology Inc.
     
    Last edited: Jan 11, 2018
  20. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:20 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+