Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

The latest bad news.

Feel free to talk about anything and everything in this board. Just don't post offensive topics that are meant to cause trouble with other members or are derogatory towards people of different genders, race, color, minors (this includes nudity and sex), politics or religion. Let's try to keep peace among the community and for visitors.

No spam on this or any other forums please! If you post advertisements on these forums, your account may be deleted.

Do not copy and paste entire or even up to half of someone else's words or articles into posts. Post only a few sentences or a paragraph and make sure to include a link back to original words or article. Otherwise it's copyright infringement.

You can talk about other distros here, but no MX bashing. You can email the developers of MX if you just want to say you dislike or hate MX.
Message
Author
dr-kart
Forum Regular
Forum Regular
Posts: 121
Joined: Sun Oct 22, 2017 8:12 pm

Re: The latest bad news.

#21 Post by dr-kart » Wed Jan 03, 2018 5:12 pm

Intel is making this statement today because of the current inaccurate media reports
https://newsroom.intel.com/news/intel-r ... -findings/
sure thing )) about "others" vendors.
Should I believe intel? of course: https://www.fool.com/investing/2017/12/ ... stock.aspx

amd wins here. The only clear thing to me so far

bigbenaugust
Forum Novice
Forum  Novice
Posts: 46
Joined: Wed Dec 20, 2017 10:41 am

Re: The latest bad news.

#22 Post by bigbenaugust » Wed Jan 03, 2018 5:26 pm

Ars says ARM operating systems are getting a patch, too, and everything Intel since the PPro could be affected.

https://arstechnica.com/gadgets/2018/01 ... s-patches/
--Ben


User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: The latest bad news.

#24 Post by Stevo » Wed Jan 03, 2018 9:38 pm

Apparently the KAISER fixes have been backported into kernel release 4.14.10, and the latest Liquorix 4.14-13 kernel incorporates that. Unfortunately, that was one of the rapid-fire releases I was going to skip building for MX, but it appears like I'll build and test that kernel now--curious to see if there's noticable slowdown.

I did build 4.14.13 yesterday on the OBS yesterday: https://software.opensuse.org//download ... e=liquorix

But "liquorix" is just a placeholder dummy package, you would still have to install the linux-image and linux-header packages.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: The latest bad news.

#25 Post by Stevo » Wed Jan 03, 2018 9:59 pm

richb wrote:According to that tool my laptop with an i5 -3337U processor is not vulnerable. The machine is 5 years old. The upshot is do not panic. Just because you have an Intel processor on the list does not mean vulnerability, of course if the tool is accurate.
Is that really for the Meltdown flaw, or something related to the Intel Management Engine instead? Seems much different, since this is just a matter of updating some firmware.

Later: appears to be completely yet another issue. But my IME was vunerable, so I downloaded the update from ACER, booted to Win 10 to apply it :frown: , and the system is no longer vulnerable to that particular problem.
Last edited by Stevo on Wed Jan 03, 2018 10:45 pm, edited 2 times in total.

User avatar
richb
Administrator
Posts: 16973
Joined: Wed Jul 12, 2006 2:17 pm

Re: The latest bad news.

#26 Post by richb » Wed Jan 03, 2018 10:41 pm

Stevo wrote:
richb wrote:According to that tool my laptop with an i5 -3337U processor is not vulnerable. The machine is 5 years old. The upshot is do not panic. Just because you have an Intel processor on the list does not mean vulnerability, of course if the tool is accurate.
Is that really for the Meltdown flaw, or something related to the Intel Management Engine instead?

Later: appears to be completely yet another issue.
Do not know just followed the link and trusted the source. I will await any kernel updates for surety.
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX 17.1
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB, 350 GB HD

User avatar
v3g4n
Forum Guide
Forum Guide
Posts: 1783
Joined: Sat Jan 16, 2016 8:20 pm

Re: The latest bad news.

#27 Post by v3g4n » Wed Jan 03, 2018 11:54 pm

Code: Select all

m3lst4d@darkstar~\:=> grep isolation /var/log/messages
Jan  3 21:29:39 darkstar kernel: [    0.000000] Kernel/User page tables isolation: enabled
m3lst4d@darkstar~\:=>
Time will tell if there is any noticeable performance hit from normal desktop use.

User avatar
asqwerth
Forum Veteran
Forum Veteran
Posts: 3080
Joined: Sun May 27, 2007 5:37 am

Re: The latest bad news.

#28 Post by asqwerth » Thu Jan 04, 2018 2:28 am

cyrilus31 wrote:
asqwerth wrote:I'm quite ignorant about hardware, I confess. I thought heat paste was something only gamers and people who really pushed their processors to the limit considered changing.

As for opening up my laptop, I did it recently because I had to remove the hard drive. It seemed pretty clean on the inside. What am I supposed to clean?
In fact i'm not gamer at all (i should say anymore) so you may consider it's something anybody could do. All you need is a screwdriver, maybe something like tweezers to grab connectors and generally that's all. Your goals are to :
1/ remove dust accumulated into fans
2/ Remove cpu and gpu, generally they are connected to heat pipe which conduct heat to the fans then. You simply have to replace them and add thermal paste between them and heat pipes.
After more than 10 years the original paste is good for nothing and can cause overheating.
Give me inxi output and I will help you to find the good video if you want.
Thanks for the information. It'll probably take me some time before I get down to doing this though, since I don't use this laptop often. But when I do, I'll let you know. The brief details of the ASUS laptop are already in my forum signature.
Desktop: Intel i5-4460, 16GB RAM, Intel integrated graphics
Clevo N130WU-based Ultrabook: Intel i7-8550U (Kaby Lake R), 16GB RAM, Intel integrated graphics (UEFI)
ASUS X42D laptop: AMD Phenom II, 6GB RAM, Mobility Radeon HD 5400

User avatar
penguin
Forum Regular
Forum Regular
Posts: 234
Joined: Wed Jan 04, 2017 3:15 pm

Re: The latest bad news.

#29 Post by penguin » Thu Jan 04, 2018 3:06 am

Seems worse than bad...

Code: Select all

https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html
Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues
Disclosed today by Google Project Zero, the vulnerabilities potentially impact all major CPUs, including those from AMD, ARM, and Intel—threatening almost all PCs, laptops, tablets, and smartphones, regardless of manufacturer or operating system.
These hardware vulnerabilities have been categorized into two attacks, named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could allow attackers to steal sensitive data which is currently processed on the computer.
Both attacks take advantage of a feature in chips known as "speculative execution," a technique used by most modern CPUs to optimize performance.
"In order to improve performance, many CPUs may choose to speculatively execute instructions based on assumptions that are considered likely to be true. During speculative execution, the processor is verifying these assumptions; if they are valid, then the execution continues. If they are invalid, then the execution is unwound, and the correct execution path can be started based on the actual conditions," Project Zero says.
Therefore, it is possible for such speculative execution to have "side effects which are not restored when the CPU state is unwound and can lead to information disclosure," which can be accessed using side-channel attacks.
Meltdown Attack

The first issue, Meltdown (paper), allows attackers to read not only kernel memory but also the entire physical memory of the target machines, and therefore all secrets of other programs and the operating system.
“Meltdown is a related microarchitectural attack which exploits out-of-order execution in order to leak the target’s physical memory.”
Meltdown uses speculative execution to break the isolation between user applications and the operating system, allowing any application to access all system memory, including memory allocated for the kernel.
“Meltdown exploits a privilege escalation vulnerability specific to Intel processors, due to which speculatively executed instructions can bypass memory protection.”
Nearly all desktop, laptop, and cloud computers affected by Meltdown.
Spectre Attack
exploit-for-spectre-vulnerability
The second problem, Spectre (paper), is not easy to patch and will haunt people for quite some time since this issue requires changes to processor architecture in order to fully mitigate.
Spectre attack breaks the isolation between different applications, allowing the attacker-controlled program to trick error-free programs into leaking their secrets by forcing them into accessing arbitrary portions of its memory, which can then be read through a side channel.
Spectre attacks can be used to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.
“In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.” the paper explains.
“KAISER patch, which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.”
According to researchers, this vulnerability impacts almost every system, including desktops, laptops, cloud servers, as well as smartphones—powered by Intel, AMD, and ARM chips.
What You Should Do: Mitigations And Patches
Many vendors have security patches available for one or both of these attacks.
Windows — Microsoft has issued an out-of-band patch update for Windows 10, while other versions of Windows will be patched on the traditional Patch Tuesday on January 9, 2018
MacOS — Apple had already fixed most of these security holes in macOS High Sierra 10.13.2 last month, but MacOS 10.13.3 will enhance or complete these mitigations.
Linux — Linux kernel developers have also released patches by implementing kernel page-table isolation (KPTI) to move the kernel into an entirely separate address space.
Android — Google has released security patches for Pixel/Nexus users as part of the Android January security patch update. Other users have to wait for their device manufacturers to release a compatible security update.
There is no single fix for both the attacks since each requires protection independently.
You do not have the required permissions to view the files attached to this post.
Last edited by penguin on Fri Jan 05, 2018 1:31 pm, edited 1 time in total.

User avatar
galen
Forum Novice
Forum  Novice
Posts: 72
Joined: Thu Dec 15, 2016 1:37 pm

Re: The latest bad news.

#30 Post by galen » Thu Jan 04, 2018 11:22 am

going back to 486 & modem
Linux user since 1999, on-line 1993.
MX17 :number1: over Xubuntu, Sparky, Linux Lite
Dtop#2: MX16, AMD FX4300, G71 7900
Dtop#1: Xubuntu 16.04, AMD FX4300
Ltop#1: XU16-64b T500
Ltop#2: MX16-32b HP nc4400
Ltop#3: Zorin-32b IBM T30 :turtle:

Post Reply

Return to “General”