Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kernel Memory Leak Affects Intel CPUs on Linux and other OS's


  • Please log in to reply
32 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 03 January 2018 - 09:42 PM

I just watched this video about Intel's vulnerability on Linux and other OS's, It's not in the wild yet but it's just a matter of time. :( :devil:

https://www.youtube.com/watch?v=lsQAGqMaXi0



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,074 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:18 PM

Posted 03 January 2018 - 11:08 PM

Read more here   List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#3 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 04 January 2018 - 08:26 PM

So it looks like Mozilla fixed this vulnerability in Firefox 57 if I understand correctly. :scratchhead:



#4 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:18 AM

Posted 05 January 2018 - 05:50 AM

So it looks like Mozilla fixed this vulnerability in Firefox 57 if I understand correctly. :scratchhead:

 

Yes, although oddly, it was Google that found it, will be address in their next release. Chromium users (the next Google Chrome in Preview) may already be protected, yet it's not a sure deal. There's a fix to protect the issue for Google Chrome that we can do now. 

 

https://www.ghacks.net/2017/12/08/how-to-enable-strict-site-isolation-mode-in-google-chrome/

 

And Linux machines has been compromised. :(

 

 

 

 Researchers are already showing how easy this attack works on Linux machines (2nd link shows demo!)

 

https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw

 

https://twitter.com/misc0110/status/948706387491786752

 

Unfortunately, any fix may slow the speed of many modern Intel CPU's, up to 30% according to some sources. :o

 

https://www.theguardian.com/technology/2018/jan/03/major-security-flaw-found-intel-processors-computers-windows-mac-os-linux

 

Glad that I purchased the Rockit 88 delid/re-lid tool for 1150/1150 CPU's & some liquid metal (in shipment), am going to need these to overclock even further to make up lost performance. Fortunately, AMD's CPU lineup is largely unaffected by these threats, until otherwise proven. The really bad deal is this bug affects most Intel CPU's manufactured in the last two decades, so there won't be a fix for everyone. Some of this will likely be blamed on the '86-64' deal, having to make the CPU's backwards compatible for years on end to accept both 32 & 64 bit OS's, which should had ended with 'Certified for Windows Vista' 64 bit computers in 2007. That action alone may have limited damage to many computers no longer in use & any (long term) fix should eliminate backwards compatibility via firmware or microcode updates. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,074 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:18 PM

Posted 05 January 2018 - 07:41 AM

Canonical engineers have been working on this since we were made aware under the embargoed disclosure (November 2017) and have worked through the Christmas and New Years holidays, testing and integrating an incredibly complex patch set into a broad set of Ubuntu kernels and CPU architectures.
Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible. Updates will be available for:

  • Ubuntu 17.10 (Artful) — Linux 4.13 HWE
  • Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
  • Ubuntu 14.04 LTS (Trusty) — Linux 3.13
  • Ubuntu 12.04 ESM** (Precise) — Linux 3.2
    • Note that an Ubuntu Advantage license is required for the 12.04 ESM kernel update, as Ubuntu 12.04 LTS is past its end-of-life
Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15 kernel, which includes the KPTI patchset as integrated upstream.

 

https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities


Edited by NickAu, 05 January 2018 - 08:14 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#6 mremski

mremski

  • Members
  • 493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:09:18 AM

Posted 05 January 2018 - 12:19 PM

Mozilla and Google/Chromium are mitigating an attack vector they are not "fixing" the issue. Truly fixing the root cause can only come from the CPU manufacturers (Intel, AMD, ARM, Freescale/Power). Any software changes are mitigating an attack. This is a very good example of "yes, we acknowledge the hardware has a bug, but you can fix it in software". Sorry if all that sounds like picking of nits, but it's an important distinction.

FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#7 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:18 AM

Posted 05 January 2018 - 02:56 PM

Here's an article that backs what I've stated above & have in the past, 32 bit (or x86) is the problem, even for open source.

 

http://www.zdnet.com/article/why-intel-x86-must-die-our-cloud-centric-future-depends-on-open-source-chips-meltdown/

 

It's time to put the pressure on CPU OEM's to stop producing backwards compatible ones, these are making the entire Internet less secure. :thumbdown:

 

Unfortunately, there may never be a permanent fix (if any at all) for CPU's that preceded the 1st gen Intel 'i' series (Arrandale). Those with legacy Core2Duo/Quad, P4, Celeron & others won't get any firmware patch, other than what any OS may provide. OEM's aren't going to release new BIOS updates for every affected model on the market. Given there's hundreds of thousands of former corporate/business models at excellent pricing on eBay, this will be a huge problem to address & ignoring shouldn't be on the table. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#8 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 05 January 2018 - 04:26 PM

@ NickAu

 

So how will these Kernel updates be handled by Linux Mint? Will it be a level 3 update or higher?

 

@ mremski

 

Well at least its better than nothing. And I wonder how much Firejail would protect against this type of attack?


Edited by SuperSapien64, 05 January 2018 - 04:26 PM.


#9 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 821 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 05 January 2018 - 05:32 PM

Since any remote Spectre attack will first need malware to install on your machine, then sandboxing your browser using Firejail should help prevent the initial infection from establishing.

 

Using a script blocker like NoScript with your browser, will also reduce your chances of contacting a "drive-by" infection.

 

As far as I'm aware, Meltdown needs the attacker to have direct access to your machine.


Edited by Gary R, 05 January 2018 - 05:34 PM.


#10 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,074 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:18 PM

Posted 05 January 2018 - 06:22 PM

 

So how will these Kernel updates be handled by Linux Mint? Will it be a level 3 update or higher?

I do not know yet, as soon as I do I will post the information here.


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#11 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 05 January 2018 - 07:10 PM

Since any remote Spectre attack will first need malware to install on your machine, then sandboxing your browser using Firejail should help prevent the initial infection from establishing.

 

Using a script blocker like NoScript with your browser, will also reduce your chances of contacting a "drive-by" infection.

 

As far as I'm aware, Meltdown needs the attacker to have direct access to your machine.

I use both Firejail and NoScript so I should be fairly safe. :thumbup2:



#12 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:18 AM

Posted 05 January 2018 - 09:31 PM

 

As far as I'm aware, Meltdown needs the attacker to have direct access to your machine.

 

According to what I've been reading, unless there's a detail I've overlooked, a criminal who can create the code to take advantage of the threats can do so. :(

 

What's not known yet, is whom, other than Google, first knew about either or both of these wide open security holes, that affects most every Intel CPU that anyone of this & other Tech forums members are running. The issue predates the turn of the Millenium, so in essence, affects anyone running Intel CPU's, even if not 64 bit capable, going back to between the Windows 95 release & Win 98. This is a big deal & Intel's stock will drop big time, if AMD needed another boost, they got it huge with this dual threat scam. 

 

Intel likely could had controlled the bleeding once 64 bit CPU's were released & ceased making these backwards compatible for years on end. No one seems to have a grasp on this issue yet, it's been their continual support for 32 bit that's today's issue. Most of those manufactured before 2000 are no longer in use, or maybe 2-3 years sooner, we rarely see folks with 2002-03 CPU's any longer. Intel had the chance to fix this & didn't, that's the bottom line & they need to be held accountable by their customers, who has the option to vote with their wallets. 

 

Hopefully this will be in the headlines on every major news network until the issue is fully resolved, which isn't going to happen. At best, only those with 'i' series CPU's will get any fixes. For those of us with socket 775 CPU's or older, it'll be up to any installed security to (hopefully) cover our backs, the future isn't promising for anyone other than AMD as it stands. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#13 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 05 January 2018 - 09:56 PM

Intel’s Response to Meltdown & Spectre Vulnerabilities: https://www.youtube.com/watch?v=8ZzuR0v3UKw



#14 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:18 AM

Posted 21 January 2018 - 10:15 PM

Linux Mint/Ubuntu Kernel patches for Meltdown Ubuntu 14.04 Kernel 3.13.0-139 and Ubuntu 16.04 Kernel 4.4.0-108.



#15 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,074 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:18 PM

Posted 21 January 2018 - 10:49 PM

 

Ubuntu 16.04 Kernel 4.4.0-108.

Kernel 4.4.0-108 is no good it causes boot issues please use 4.4.0-109


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users