CPUs don't check their privilege :P

Oh noes! The internet clutches is ankles as another blockbuster bug makes the news rounds. Will this one be called CPU bleed or silicon hemorrhage? Only time will tell. While still under embargo a serious CPU level bug in Intel processors was discovered when work on page table isolation was being done by the KSPP. TL;DR It’s a privilege escalation bug in Intel processors that causes VM escapes and userland software to modify the host kernel. No microcode updates can save you. However a kernel level fix can be made that will only impact your performance for some workloads by just 30%! Because who doesn’t like a discount? Was this an honest design mistake or an extra “feature” included by the illuminati to inspect your nudes? You decide!

From what I just read the initial report suggested that only Intel chips are vulnerable to this bug. However it appears these vulnerabilities affects almost All major CPUs ( i.e AMD, ARM, Intel ). Sorry if @HulaHoop’s link already mentioned this. Couldn’t get past the damn CAPTCHA! :rage:

True. Much has happened since I posted. Now we know these are two attacks instead of a single one. Intel is affected by both while all architectures are affected by the latter. Also compiler and kernel mitigations are being rammed thru to cope with these developments.

(Unapologetically puts tinfoil hat on) :cowboy_hat_face:

With the Spectre/Meltdown debacle hitting Intel (and other manufacturers), combined with the Intel’s insistence on exposing the majority of users to the potential undetectable ME backdoor, this is something that IMO will go from conspiracy theory to conspiracy fact in the coming years.

Backdooring manufactured products with “accidental” architectural design problems like this one is seriously within the realms of possibility. It would also explains why/how the IC can miraculously get into anything, and also repeats modern IC history where actual code breaking was always done as a last resort e.g. attack weak endpoints, rather than trying to deal with encrypted data, and if you can saddle your enemy (that’s everyone who breathes these days) with weak, back-doored products, then all the merrier.

I mean, who would have really whole-heartedly believed PRISM and a multitude of other invasive programs were in operation - with the generous assistance of major corporations - until it was exposed? But now it is common knowledge that governments and their corporate handmaidens will use any and all technological means to “Sniff it all”, “Collect it all”, and “Exploit it all”.

The (very) long term solution is a coordinated movement (and heavy investment) in 100% verified, powerful open source hardware/software. Preferably this would be combined with a global boycott of all US products, services and companies, since they are completely dominant globally and have accelerated the drive to a surveillance society through their actions. Economic harm is the only thing they understand (and deserve) and which might shape their behavior for the greater good.

Something like 80-90% of all desktops, servers etc. are using Intel chips. I’d like to see Intel crash and burn long term, since the cowboys have sacrificed security for speed, and this speculative processing done by their modern chips without necessary and proper security mechanisms is a shocker. We’d be much better served with 5-10 major manufacturers with near-equal market share in a fragmented market, rather than relying on “TAO Inside”.

The unhealthy stranglehold over the market means that any fundamental flaws will taint nearly the entire eco-system, and this is antithetical to good security principles in general e.g. the dominance of Windows eco-system on the desktop is another example.

Anyway, for Qubes users, refer to the Xen Project’s blog about these latest attacks, since there is tons of FUD out there right now.

Basically, YES, you’re affected. NO, there’s currently no patch (they’re working on it), but there are some minor mitigations available. And if you read around, NO - relying on AMD, ARM and other processors won’t save your ass completely from these attack vectors, but Intel seems to be getting reamed the worst with the Meltdown attack.

A sane general philosophy is that to ultimately win, don’t play in the electronic space at all with anything that can take you down or imperil your future. Only risk what you can afford to have exposed e.g. like the fact you like to post on Whonix forums.

It is better to utilize meatspace only for all critical activities, with no peripherals or modern technology within sight/hearing/on your person. “Distrust everything” as Rutkowska states, and take it to the extreme whenever necessary.

The electronic “God complex” kool-aid drunk by all advanced adversaries fails if basic opsec is adhered to in this regard. That’s why shit happens all the time that they know nothing about and they keep deluding themselves they can determine future outcomes with greater precision if only they had more data. Given their physical resources are limited (now), that is clearly a false assumption in the real, unconnected world.

If you want to beat Roger Federer, then you don’t take him on at center court at Wimbledon. Rather, beat his ass in high-stakes poker instead.

Good day,

Well, there have been Russian efforts to create their own CPUs with their Elbrus line. For now, these seem to be not available to the public. Furthermore, VIA, only other owner of the full license required for the x86 instruction set, has recently made waves announcing their attempt to reenter the CPU market with a multicore chipset that is said to support modern features in all areas and should in the recent future even be able to keep up with the current IPC of Ryzen, if everything goes to plan. Additionally, seeing how everyone under the sun is currently creating their own chipsets based on ARM and both Microsoft, as well as multiple open source projects are looking into ways of making x86 instructions work on said architecture, your wish may (hopefully) become reality in a few years.

Well, Meltdown is by far the most severe of the two. Also, being non-patchable without a massive performance penalty that is going to hit things crucial for secure system use (like compiling programs yourself, etc.) makes this far more troublesome.

Equally, Spectre is far more problematic on Intel chips, compared to AMD. Only “Bounds Check Bypass” has been shown to work on AMD products, thus making patching much easier and less problematic and exploitation more complex.

Also, I’d just like to point out that Intel appears to not only have been caught trading stocks at a point in time which may lead some to assume that their CEO had been insider trading, but also tries to actively throw their competitors under the bus, having released vulnerability reports in which both Spectre and Meltdown are being mentioned in such a way, that it may lead to less technically informed readers assuming that both are intertwined, everyone is affected by both equally and the performance hits that Intel users are now going to have to live with would apply not just to Intel. These practices are really troublesome though nothing new, seeing how Intel has for years utilized illegal anti competitive methods like paying OEMs insane amounts of money, as to solely carry Intel chipsets.

To this point, I’d like to refer to the kernel patch regarding Meltdown and a recent change to it:

	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-	/* Assume for now that ALL x86 CPUs are insecure */
-	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+	if (c->x86_vendor != X86_VENDOR_AMD)
+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
 
 	fpu__init_system(c);

Now, because of the host of anti competitive things Intel has done over the years and the fact that (hypothetically) this patch with its up to 30% performance penalty could be applied to every CPU, including those unaffected, I’m hoping that Microsoft doesn’t do the wrong thing and rather follows the Linux kernels example, not patching what doesn’t benefit from a patch simply for Intels sake, which, looking at Intels history sadly may be something they’d enjoy seeing…

In general, the reaction of Intel annoys me the most here. No sorry, no proper unbiased technological information and certainly no voluntary refunds for anyone who has a third of his/her performance robbed in a lot of tasks after the patch has been applied. Or rather, non without a class action lawsuit…

I’m wondering though what the server market is going to do. They have been Intels bread and butter for years, as AMD hasn’t been properly competitive for some time. With Epyc, they are now though. And seeing how Intel just cut a third of their VM performance to fix a bug, that would allow one to simply rent ONE AWS instance and get ALL PASSWORDS FROM THE ENTIRE SERVER, switching just became a lot more attractive. I mean, Amazon has millions of servers on Intel basis, now far less powerful. Is Intel going to pay settlements to appease companies like Amazon, Alphabet, Facebook, Microsoft, etc. with their server farms? Maybe, maybe not. Even if they do, will that be enough to safe face with these big customers? I mean, the chips will have to be replaced now, either way, yesterday preferably, as you can’t just take one third of a server farms performance and not get into some problematic situations…

We as average customers with our notebooks and PCs will likely get nothing out of this, as mentioned, not even a “Sorry”. If a class action gets through, by the time their lawyers give up they’ll likely have to pay less then 5 bucks per customer that actually makes a claim, as the CPUs are outdated by that point anyways.

All in all, this is just one more of the many reasons, why my current Intel system shall be replaced by a Ryzen based one fairly soon.

Don’t get me wrong though, I don’t trust the half Texan, half Saudi Arabian AMD/Global Foundries any more than the Californian Intel when it comes to including backdoors, etc. Seeing how they currently have nothing like the ME though, never dabbled in any major anti competitive practices and are currently handling this situation rather gracefully, not even mocking Intel for it (while they try to throw their competitors under the bus and have made literally false and fraudulent claims to discredit the performance of the Zen architecture for the entirety of 2017), staying professional and on topic, they just seem like a company that deserves my money a bit more.

Have a nice day,

Ego

3 Likes

+1 I think Intel’s reaction is pretty disgusting. I wish they would get burned in a class action,

I wonder how long the IC has known about these bugs and if they rented servers in every hosting cloud with Tor nodes and harvested the hell out of them…

Good day,

Well, what I can tell you is that a solution to Meltdown was officially first “accidentally” found by researchers at an University in Graz (were I currently study myself) in June of last year, when they realized that the kernel address space layout randomization contained a few security flaws, which could be resolved by kernel page-table isolation, a solution that by design also prevented Meltdown from being exploitable, despite not even having been isolated as a security flaw at that point in time.

They discovered Meltdown, as well as Spectre shortly thereafter independently of Google’s Project Zero and appear to have been the first to thus not only find these vulnerabilities, but actually a potential solution.

Whether or not this has been exploited in the wild before June however is unknown. Why Intel took so long to properly address this, is equally mysterious. They knew of this officially since the 28th of July 2017, however didn’t rush to fix it, instead having their CEO sell the absolute maximum of stock he could while still holding onto majority ownership of the company.

Furthermore, Meltdown should have been made public tomorrow, not last week. The only reason we know of it “already” is because developers got (justifiably) impatient with the non-existent patches and thus made commits to the kernel by themselves.

Now, again, we can only speculate, why Intel would take so long to fix this bug. Aside from the obvious “back-door-conspiracy-theories”, there could however also be a less spectacular, though equally interesting reason.

Consider the problems Meltdown creates for Intel:

  1. It is a flaw that does not affect AMD, just after AMD got competitive and offers a product that is superior in every area but pure IPC.
  2. Ryzen’s value has surprised Intel in a way they haven’t been in a long time. Look at the launch of Skylake-X. It was a mess for everyone, OEM’s and customers. It was solely reactionary to Threadripper with low availability, outrageous pricing and poor thermal and general performance. Coffee Lake, their reaction for the “normal” desktop was even worse. “Released” in October, it not only appeared to under-perform, but was also unavailable up until and even past December. Adding to that, they actually only guarantee Turbo Boost for a single core now, a move which may have something to do with them trying to sell lower quality silicone. AdoredTv has a few great videos detailing these things in a very professional manner.
  3. As if that wasn’t enough, this flaw, that will affect their Server customers the most, costs them up to 30% in performance, right at the point in time when their competitor gets competitive once more.
  4. If there was insider trading (not saying that there was), releasing the patch and making this public as late as possible, could have been used to “muddy the waters” a bit as well.

So, in conclusion, while this flaw may have been “kept active” for as long as possible, as to ensure that a backdoor could be exploited, it is equally possible, that this flaw was kept secret as to ensure that Intel doesn’t lose out on even more than they already did in 2017.

I have no doubt however, that the military, the NSA and other agencies, as well as government institutions in the USA were informed of this. This would happen simply, as to ensure that security of government data, it is well-known that for this reason companies like Intel are mandated to submit any flaw they find immediately. Whether or not these are then utilized in an effort to spy on the public however is something we sadly cannot confirm.

Have a nice day,

Ego