SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Date    Sunday January 07 2018, @11:18PM
Author    Fnord666
Topic   
from the everyone-out-of-the-pool dept.
https://soylentnews.org/article.pl?sid=18/01/07/1724237

janrinok writes:

Arthur T Knackerbracket has found the following story:

Qualcomm has confirmed its processors have the same security vulnerabilities disclosed this week in Intel, Arm and AMD CPU cores this week.

The California tech giant picked the favored Friday US West Coast afternoon "news dump" slot to admit at least some of its billions of Arm-compatible Snapdragon system-on-chips and newly released Centriq server-grade processors are subject to the Meltdown and/or Spectre data-theft bugs.

[...] Qualcomm declined to comment further on precisely which of the three CVE-listed vulnerabilities its chips were subject to, or give any details on which of its CPU models may be vulnerable. The paper describing the Spectre data-snooping attacks mentions that Qualcomm's CPUs are affected, while the Meltdown paper doesn't conclude either way.

[...] Apple, which too bases its iOS A-series processors on Arm's instruction set, said earlier this week that its mobile CPUs were vulnerable to Spectre and Meltdown – patches are available or incoming for iOS. The iGiant's Intel-based Macs also need the latest macOS, version 10.13.2 or greater, to kill off Meltdown attacks.

Knowledge Troll writes:

Google has decided to publicly disclose the well speculated on CPU based security flaw ahead of their original schedule as a response to the rapidly increasing amount of information that is becoming available. It's official: Google was able to construct a PoC that can read kernel memory at a speed around 2000 bytes per second from a user space application. An overview of the situation is available at the Project Zero blog. Despite the AMD Linux kernel patch that disables the existing known mitigation for their processors Google specifically names AMD CPUs as suffering from the flaw along with Intel and ARM.

An Anonymous Coward writes:

Linus Torvalds: "Is Intel basically saying 'We are committed to selling you shit forever and ever, and never fixing anything'?"

Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two bugs that were found to affect most of the company's processors. [...] Torvalds was clearly unimpressed by Intel's bid to play down the crisis through its media statements, saying: "I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed."

The Finn, who is known for never beating about the bush where technical issues are concerned, questioned what Intel was actually trying to say. "Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."

Intel Says Updates Will Render Systems "Immune" to Meltdown and Spectre Exploits

takyon writes:

What does "immunity" to the "Meltdown" bug mean, and at what cost does it come?

Intel says it has developed and is issuing updates for all types of Intel-based machines that will "render those systems immune from both exploits (referred to as 'Spectre' and 'Meltdown') reported by Google Project Zero. "Intel has already issued updates for the majority of processor products introduced within the past five years," says an Intel spokesperson. "By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years."

Intel's reference to "immune" is an interesting twist in this saga. The New York Times reported yesterday that Spectre fixes will be a lot more complicated as they require a redesign of the processor and hardware changes, and that we could be living with the threat of a Spectre attack for years to come. Intel's wording appears to suggest that this isn't the case for its own processors and security fixes.

Intel is facing class action lawsuits over Meltdown:

Just days after The Register revealed a serious security hole in its CPU designs, Intel is the target of three different class-action lawsuits in America.

Complaints filed in US district courts in San Francisco, CA [PDF], Eugene, OR [PDF], and Indianapolis, IN [PDF] accuse the chip kingpin of, among other things, deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

The RISC-V Foundation would like to remind you that RISC-V is not affected.

Previously: Major Hardware Bug Quietly Being Patched in the Open
Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Don't Expect Intel Chip Recall After Spectre and Meltdown, CEO Says



Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5

Links

  1. "janrinok" - https://soylentnews.org/~janrinok/
  2. "following story" - https://www.theregister.co.uk/2018/01/06/qualcomm_processor_security_vulnerabilities/
  3. "data-theft bugs" - https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
  4. "CVE-listed vulnerabilities" - https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
  5. "Spectre" - https://spectreattack.com/
  6. "said earlier this week" - https://support.apple.com/en-us/HT208394
  7. "Knowledge Troll" - https://soylentnews.org/~Knowledge+Troll/
  8. "read kernel memory at a speed around 2000 bytes per second" - https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
  9. "An overview of the situation is available at the Project Zero blog." - https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
  10. "AMD Linux kernel patch" - https://lkml.org/lkml/2017/12/27/2
  11. "Linus Torvalds: "Is Intel basically saying 'We are committed to selling you shit forever and ever, and never fixing anything'?"" - https://www.itwire.com/security/81327-linus-torvalds-says-intel-needs-to-admit-it-has-issues-with-cpus.html
  12. "saying" - https://lkml.org/lkml/2018/1/3/797
  13. "takyon" - https://soylentnews.org/~takyon/
  14. ""immunity" to the "Meltdown" bug" - https://www.theverge.com/2018/1/4/16850776/intel-meltdown-spectre-security-patch-immune-response
  15. "The New York Times reported yesterday" - https://www.nytimes.com/2018/01/03/business/computer-flaws.html
  16. "facing class action lawsuits" - https://www.theregister.co.uk/2018/01/05/intel_meltdown_cpu_flaw_sued/
  17. "San Francisco, CA" - https://regmedia.co.uk/2018/01/05/intelsanfranciscosuit.pdf
  18. "Eugene, OR" - https://regmedia.co.uk/2018/01/05/inteloregoncomplaint.pdf
  19. "Indianapolis, IN" - https://regmedia.co.uk/2018/01/05/intelindianasuit.pdf
  20. "remind you" - https://riscv.org/2018/01/more-secure-world-risc-v-isa/
  21. "Major Hardware Bug Quietly Being Patched in the Open" - https://soylentnews.org/article.pl?sid=18/01/02/0012210
  22. "Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]" - https://soylentnews.org/article.pl?sid=18/01/03/1314247
  23. "Don't Expect Intel Chip Recall After Spectre and Meltdown, CEO Says" - https://soylentnews.org/article.pl?sid=18/01/05/1828250
  24. "Original Submission #1" - https://soylentnews.org/submit.pl?op=viewsub&subid=24184
  25. "Original Submission #2" - https://soylentnews.org/submit.pl?op=viewsub&subid=24139
  26. "Original Submission #3" - https://soylentnews.org/submit.pl?op=viewsub&subid=24155
  27. "Original Submission #4" - https://soylentnews.org/submit.pl?op=viewsub&subid=24193
  28. "Original Submission #5" - https://soylentnews.org/submit.pl?op=viewsub&subid=24199

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News on 2024-04-24 14:22:06