Question

Resolved

Intel Bug and memory

By chenshimeng0323 ·
Hello guys, I am interested in the topic that Intel’s processors have a security bug and the fix could slow down PCs.
Talking about the Intel bug, any impact on computing performance (whether client PCs, or servers)
- how serious is the issue????
- Are there different applications that get slowed down more?
- Any differences between Client PCs and Servers
- Any differences between Intel chips and AMD chips?
- Are hackers actually exploiting this vulnerability?
best answer
Collapse -

Spectre & Meltdown, Intel Bugs (also in other companies chipsets)

by alistair.whitford1 In reply to Intel Bug and memory

You appear to be asking about Meltdown and Spectre. First, I strongly suggest that you have a look at the SANs briefing: -https://www.youtube.com/watch?v=8FFSQwrLsfE&t=731s.

In a nut shell, what do these two vulnerabilities allow an attacker to do?

1. Meltdown allows a local, ‘userland’ (unprivileged) process to read contents of any memory mapped to the process. This includes kernel memory and this is why this vulnerability is dangerous.
2. Spectre allows a local, ‘userland’ (unprivileged) process to read contents of memory of other processes (which is where the SAN’s presentation isn’t so clear). Spectre does not allow reading of kernel memory.

Vulnerability is not being actively exploited YET. Spectre PoC is out, but limited use, Spectre Paper detailed here https://spectreattack.com/spectre.pdf.
Meltdown paper here https://meltdownattack.com/meltdown.pdf
Assessing the risk, in both cases, an attacker actually needs to run some code on the target machine to exploit these vulnerabilities.
So this makes the highest vulnerabilities risk for the following situations:
• Anything that runs untrusted code on your machine (a browser typically),
• Anything running in virtualization or clouds.
Performance Impact is due to firmware fix that removes the use of 'branch prediction and speculative execution' from the chipsets (used to maximize performance in .Modern processors). However, have applied it within VM systems & no appreciable delay.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Security Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums