Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
AMD and Intel CPU security bugs bring Linux patches - Best Business Review Site 2024

AMD and Intel CPU security bugs bring Linux patches

[ad_1]

penguin-gettyimages-1473514702

Dimitrios Manias/Getty Images

It’s not really a Linux problem, but as is so often the case, Linux kernel developers have to clean up after AMD and Intel. It happened again with the chipmakers’ latest CPU vulnerabilities: AMD Inception and Intel Downfall. To fix these, Linux creator Linus Torvalds has released a new set of patches.

Oddly, both are speculative side-channel attacks, which can lead to privileged data leakage to unprivileged processes. Torvalds described them as “yet another issue where userspace poisons a microarchitectural structure which can then be used to leak privileged information through a side channel.”

Also: How to choose the right Linux desktop distribution for you

Does that sound familiar? It will be to Linux security experts. Yes, it’s yet another example of the kind of security vulnerabilities that made Intel’s Meltdown and Spectre infamous in Linux circles. Fortunately, unlike those two earlier cases, developers this time knew well in advance that there was trouble with the silicon, so the patches came out before news of the latest holes appeared. 

In this recent merge, Torvalds and company incorporated kernel-side measures that counteract AMD’s Speculative Return Address Stack (RAS) overflow vulnerability to its Zen 3 and Zen 4 architectures. This vulnerability allows userspace to contaminate a microarchitectural structure, which can subsequently be exploited to siphon privileged information via a side channel.  

AMD will tell you it’s not that big a deal: The chip giant believes this vulnerability is only potentially exploitable locally, such as via downloaded malware. Nevertheless, AMD “recommends customers employ security best practices, including running up-to-date software and malware detection tools.”

However, the ETH Zurich security researchers who found the flaw aren’t so optimistic. They believe Inception could be used by an attacker in cloud computing, where customers commonly share the same processing hardware resources.

The researchers say that Inception is a new class of transient execution attacks that uses Training in Transient Execution (TTE). Instead of attempting to leak data in a transient window, TTE attacks abuse the transient window to insert new predictions into the branch predictor. Combined with the Phantom, which is a way of triggering transient windows from arbitrary instructions, Inception can be a nasty way to vacuum down private data. 

Also: If you’re looking to up your desktop computer security, Linux might be your best bet

Amusingly, veteran Linux kernel developer Peter Zijlstra, who is affiliated with Intel, refined the AMD patches. It’s somewhat ironic to witness an Intel engineer spearheading the kernel’s refinement of AMD mitigation code. Welcome to the open-source community spirit!

The Linux kernel developers also addressed the Intel Gather Data Sampling (GDS) vulnerability, known as Downfall. This particular vulnerability affects Intel Core processors from the 6th-generation Skylake to the 11th-generation Tiger Lake. In short, chances are your PC, your servers, and your cloud processors are all vulnerable. 

According to Daniel Moghimi, the Google senior research scientist who discovered Downfall, “The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not normally be accessible.” 

So, how bad is it? Moghimi has shown that an exploit can be used to steal another user’s security keys and passwords. Worst still, such attacks are  “Highly practical,” Moghimi notes. “It took me two weeks to develop an end-to-end attack stealing encryption keys from OpenSSL. It only requires the attacker and victim to share the same physical processor core, which frequently happens on modern-day computers, implementing preemptive multitasking and simultaneous multithreading.”

Also: AMD vs Intel: Which desktop processor is right for you?

Intel Software Guard Extensions (SGX), an Intel hardware security feature available on Intel CPUs to protect users’ data against malicious software, is also helpless against this vulnerability.

For some users, the fix may seem more trouble than the problem. According to Intel, some workloads may experience up to 50% overhead. That’s some slowdown! Moghimi warns, however, “This is a bad idea. Even if your workload does not use vector instructions, modern CPUs rely on vector registers to optimize common operations, such as copying memory and switching register content.” 

For Linux, however, the slowdown may not be that bad. Michael Larabel, a Linux software engineer and editor-in-chief of the hardcore Linux site Phoronix, has benchmarked the Downfall patches. Larabel found that instead of impacting I/O or user-space and kernel interactions — as the fixes for Meltdown, Spectre, and their relatives did — Downfall’s fix impairs user-space bound software only. He also found that while the performance hit tended to be not as bad as Intel predicted, there were still some significant slowdowns.

The Linux security patches have been incorporated into the Linux Git for the upcoming Linux 6.5 kernel. The latest stable point releases incorporating these patches include Linux versions 6.4.9, 6.1.44, 5.15.125, 5.10.189, 4.19.290, and 4.14.321. These releases encompass the current Linux 6.4 stable series and the supported Long-Term Support (LTS) series kernels. 

Also: The best all-in-one computers: Mac, Lenovo, and more compared

The patches facilitate the reporting of the CPU speculative execution vulnerabilities state and introduce new controls to modify their behavior in conjunction with the latest CPU microcode.  Of course, for these patches to work, you must also install the AMD and Intel microcode updates.

So, what should you do? Get ready to install the new microcode as soon as it’s available. Then, follow up, by patching your Linux systems as the patches become available. This won’t be a big deal for Linux desktop users, but it will be for those of you running Linux on your servers and clouds.  



[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto