Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When will Linux have a patch for the Intel SPI Flash Flaw


  • Please log in to reply
8 replies to this topic

#1 SuperSapien64

SuperSapien64

  • Members
  • 1,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 23 April 2018 - 08:32 PM

When first read about the Intel SPI Flash Flaw. I automatically thought when will Linux have a patch for this?

 

https://www.bleepingcomputer.com/news/security/intel-spi-flash-flaw-lets-attackers-alter-or-delete-bios-uefi-firmware/

 

Does anyone have an idea when Linux will patch this?



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,105 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:02 AM

Posted 23 April 2018 - 09:53 PM

Intel has released updates that PC and motherboard vendors are expected to deploy as firmware patches or BIOS/UEFI updates.

 

Intel said it discovered the issue internally.

"Issue is root-caused, and the mitigation is known and available," the company said in a security advisory. "To Intel’s knowledge, the issue has not been seen externally."


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 The-Toolman

The-Toolman

  • Members
  • 1,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 23 April 2018 - 11:04 PM

Mistake Removed.


Edited by The-Toolman, 24 April 2018 - 07:20 AM.

I'm grumpy because I can be not because I'm old.

 

The world is what you make of it, if it doesn't fit, you make alterations.

 

Under certain circumstances, profanity provides a relief denied even to prayer.  (Mark Twain)


#4 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 1,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 27 April 2018 - 04:10 PM

Intel has released updates that PC and motherboard vendors are expected to deploy as firmware patches or BIOS/UEFI updates.

 

Intel said it discovered the issue internally.

"Issue is root-caused, and the mitigation is known and available," the company said in a security advisory. "To Intel’s knowledge, the issue has not been seen externally."

So all I have to do is update my UEFI?



#5 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 PM

Posted 29 April 2018 - 03:41 AM

If there's a UEFI update for your computer targeted for this purpose, yes. Just remember that it's not a cureall. :thumbup2:

 

There's been one for my XPS 8700, haven't got around to it, in fact haven't done much as of late. 

 

Be sure to check your OEM for any patches for these threats. These aren't bulletproof by any means, yet any help to increase our security are better than none. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#6 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 1,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 29 April 2018 - 06:58 PM

If there's a UEFI update for your computer targeted for this purpose, yes. Just remember that it's not a cureall. :thumbup2:

 

There's been one for my XPS 8700, haven't got around to it, in fact haven't done much as of late. 

 

Be sure to check your OEM for any patches for these threats. These aren't bulletproof by any means, yet any help to increase our security are better than none. :)

 

Cat

Thanks. BTW could NoScript and Firejail (sandbox) block the SPI Flash exploit?



#7 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:02 PM

Posted 02 May 2018 - 05:25 AM

SuperSapien64, while neither of the above solutions presented above are bulletproof, it doesn't harm to have those extras, generally speaking. :)

 

Just remember this.......all of these patches, be it BIOS/UEFI firmware, other updates such as microcode, are a software attempt to fix a baked in hardware issue. Just like the Samsung 840 EVO SSD line, many of which had read errors, would slow to a crawl after a period of time. Instead of recalling any affected models, Samsung chose to issue a software patch (to be ran monthly or as needed) to 'fix' a hardware issue that didn't affect everyone. I have both the 120GB & 250GB of the series & while the smaller was fine, the 250GB was reading slow, confirmed by running a benchmark. 

 

Well, this is the same, for the ones lucky enough to get any fix, software patches doesn't fully correct manufacturing defects, only placing a layer of duct tape over the issue. :(

 

Therefore, use the above methods you mentioned & any others that you run across to help keep you safe, please don't rely on patches/microcode updates alone. :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#8 rufwoof

rufwoof

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 03 May 2018 - 07:07 PM



 



If there's a UEFI update for your computer targeted for this purpose, yes. Just remember that it's not a cureall. :thumbup2:

 

There's been one for my XPS 8700, haven't got around to it, in fact haven't done much as of late. 

 

Be sure to check your OEM for any patches for these threats. These aren't bulletproof by any means, yet any help to increase our security are better than none. :)

 

Cat

Thanks. BTW could NoScript and Firejail (sandbox) block the SPI Flash exploit?

 

Not as I understand it, only full virtualisation. Noscript will go some way, but running fully with no javascript makes many web pages pretty unusable ... and things can be hidden in the likes of adverts running in background tabs. Not directly associated, however you might be interested in this paper https://misc0110.net/web/files/keystroke_js.pdf and this that is more directly associated https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript


OpenBSD (-current)


#9 SuperSapien64

SuperSapien64
  • Topic Starter

  • Members
  • 1,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 04 May 2018 - 07:31 PM

@ rufwoof

 

So a sandbox wont protect you? But a VM could? About Firejail https://firejail.wordpress.com/ I use the private-home profile https://firejail.wordpress.com/features-3/man-firejail-profile/ for Firejail when surfing the web.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users