'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,594
    Location:
    Slovenia, EU
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,775
    Location:
    Under a bushel ...
    WhoCrashed indicates it may have something to do with hardware.sys :eek: ... though there is no such driver on that system :isay:.
    Code:
    On Thu 2018/01/11 9:12:58 AM GMT your computer crashed or a problem was reported
    crash dump file: C:\WINDOWS\Minidump\011118-11515-01.dmp
    This was probably caused by the following module: hardware.sys (hardware)
    Bugcheck code: 0x1000007F (0x8, 0xFFFFDD00450F5F50, 0xE6061880, 0xFFFFF802164C00C6)
    Error: UNEXPECTED_KERNEL_MODE_TRAP_M
    Bug check description: This indicates that a trap was generated by the Intel CPU and the kernel failed to catch this trap.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might also be caused because of overheating (thermal issue).
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hardware.sys .
    Google query: hardware.sys UNEXPECTED_KERNEL_MODE_TRAP_M
    
     
  3. mary7

    mary7 Registered Member

    Joined:
    Oct 17, 2017
    Posts:
    57
    Location:
    Italy
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,597
    Location:
    Italy
  5. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,007
    From the ghacks.net link =
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,735
    Hope it works out, and things improve for that Haswell CPU machine.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,597
    Location:
    Italy
    Opera Mini on Android 7:

    2.png


    _______________________________________

    Opera Mini on Android 2.3.6:

    3.png
     
    Last edited: Jan 11, 2018
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,775
    Location:
    Under a bushel ...
    Thanks for your condolences. I have renamed him Lazarus, in hope :shifty:.
     
  9. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    XP + Chrome Version 49.0.2623.112 m = spectre.jpg

    :confused: :eek:
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,597
    Location:
    Italy
    Hypothesis:

    The test is not reliable or your CPU is safe.
    What is the best option?
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    12,962
    Location:
    UK
    Opera stable run under Sandboxie is NOT vulnerable for me.
     
  12. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    My Intel i7 (Dell) finally has received BIOS/microcode update:

    dell_microcode.png

    Although I have not taken any time to bother checking performance prior to or after the BIOS/microcode hardware mitigation support.
     
  13. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    216
    Location:
    Romania
    It's my computer at work. An old one. :)

    cpu-z.jpg
     
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,809
    Location:
    UK
    Just to report, my first BSOD following this debacle; on W7x64 (after previously applying KB4056894 which appeared ok for several days). After application of the Office2010 KB4011660 series, the .net rollup KB4055532, and malicious tool update KB890830 - the BSOD happened. Now for the joys of rollback and re-application. While these updates are not, to my knowledge, Meltdown/Spectre related, they may well be triggering bugs associated with it, and clearly won't have sufficiently been tested against the Brave New World.

    I think we will be "blessed" with a lot more of these over the next year or two.
     
  15. plat1098

    plat1098 Guest

    Edge browser on machine w/ vulnerable CPU. Isn't this "fun"?

    browser.PNG
     
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,597
    Location:
    Italy
    Hi.
    How did you get the BIOS/microcode update?
     
  17. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,809
    Location:
    UK
    I've been reflecting on the Catch 22 of old versus "new" CPUs and motherboards and systems after this problem.

    On the one hand, we have newer CPUs and motherboards, which have the merit of BIOS updates and nominally higher efficiency CPUs. But that also implies that we'd normally want to keep these assets going, but this means running with a CPU which is exposed to further Spectre-class exploits and successive mitigations, at least until new CPU parts appear that are less vulnerable.

    On the other hand, we have older CPUs and motherboards, which may not have microcode or BIOS updates, but at least are further down their depreciation lifecycle. In this case, one might think it was an opportunity to upgrade. But this is precisely NOT the moment to upgrade because there are no CPU parts available that mitigate properly in any sense, and it will likely be several years before they appear, reliably.

    I know this is not the time to make decisions about all this stuff, the nature of the real threat and mitigations are not well understood right now. However, I think the problems above will take many years to unwind.

    Personally, I do not want Intel to profit in any sense from any refresh cycle implied, because of the disgraceful way they behaved during all the years when they were dominant on the desktop and mercilessly milked their cash cow with glacial improvements. And, as we've seen, not using their cash mountain to do continuous R&D including security research. That was done by universities and Google, NOT funded by Intel in any way. But I'm also not clear I have many ethical alternatives because the other corporations would have likely behaved just the same if they had the chance.
     
  18. plat1098

    plat1098 Guest

    Yes, but Intel got caught. It's not like suspicions weren't in place about it well before this disclosure. My perspective isn't that sophisticated. I'm recalling the recent US-based outcry and righteous fury over certain non-US firms with "suspected" backdoors and it turns out US-based Intel seems by far the worst culprit, with real and most deep-seated global repercussions. Since it's hardware based, what antivirus software is going to combat it? Sneaky and foul. Hit Intel in the wallet with a slew of class-action lawsuits, bans and punitive fines. Oh but the "investigation" will last decades. Dang.
     
  19. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria
    There is a similar option for FF as well (first-party isolation => https://www.ghacks.net/2017/11/22/how-to-enable-first-party-isolation-in-firefox/) but this is not the case.
    FF released an update for Meltdown/Spectre in version 57.0.4 and Google will push the update(s) for Chrome between 6th and 23rd January 2018:

    https://www.chromium.org/Home/chromium-security/ssca
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,815
    Location:
    U.S.A.
    As far as the Tencent test goes is this wording:
    So I wouldn't take it as more than a determination that any current applied browser patches are effective against current known attack methods.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,815
    Location:
    U.S.A.
    In another MS article I read yesterday if a individual policy setting is set to "Undefined," PowerShell will then use the policy setting for local machine. So, the one that must be set to "Restricted" is the local machine policy.

    Or, alteratively as noted previously:
    https://docs.microsoft.com/en-us/po.../about_execution_policies?view=powershell-5.1
     
    Last edited: Jan 11, 2018
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,430
    Location:
    DC Metro Area
    "Almost everyone is wrong about Nvidia’s GPU patch and the Spectre vulnerability...

    Nvidia hasn’t released an update to patch the Spectre vulnerability in its GPU hardware,...

    Nvidia technically doesn’t need to issue an upgrade, because its GPUs aren’t vulnerable to the Spectre bug – nor are they affected by the Meltdown exploit, which is exclusive to Intel chips.

    That said, it decided to cover its bases by distributing an update designed to tighten the security of its software drivers, in a bid to mitigate the impact of the CPU-based Spectre bug – doing consumers a favour..."

    http://www.trustedreviews.com/news/nvidia-spectre-metldown-patch-vulnerability-cpu-flaw-3370363
     
  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I got my Dell BIOS update here:
    http://www.dell.com/support/article...e-2017-5754---impact-on-dell-products?lang=en

    So far I can notice that my computer is considerably slower than it previously was. The hardware support was supposed to alleviate any kind of performance hit and my assumption was that the performance hit would have come from operating system / software related mitigations. I will have to do some more testing.
     
  24. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    979
    Location:
    Member state of European Union
    Mozilla only disabled one feature and changed second to mitigate Spectre... for now. I saw on Twitter a list of other features, which can be used to create timer required to exploit Spectre vuln. In the middle and long run it is not a reliable approach. They need to do something more.
    Chrome's sandbox with Strict site isolation and NoScript for Firefox are IMHO the only reliable mitigations so far.
    Unfortunately Firefox (even Quantum) is not designed to be sandboxed to the degree Chrome is and after post-Spectre world it will severely bite them in the *** if they will not quickly discover way to mitigate this at JIT engine and compiler level, while maintaining reasonable performance.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,815
    Location:
    U.S.A.
    If this is the case, then its NVidia's own fault based on this below excerpt from their own security advisory. Sorry Nvidia, I am not buying the recent "clarification." Yes, your chipsets might be immune, but your current drivers could be exploited:
    http://nvidia.custhelp.com/app/answ...ver-security-updates-for-cpu-speculative-side
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.