Jump to content

Meltdown (security vulnerability): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
added to 3 categories
Jerrysmp (talk | contribs)
292 edits
Microsoft has made the Meltdown patches available for Windows 10 today
Line 10: Line 10:


== Patches ==
== Patches ==
[[Microsoft]] is expected to release patches to mitigate Meltdown in [[Microsoft Windows|Windows]] in an upcoming [[Patch Tuesday]].<ref name=":0">{{Cite news|url=https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/|title=Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign|last=|first=|date=|work=The Register|access-date=2018-01-03|archive-url=|archive-date=|dead-url=|language=en}}</ref> [[Linux kernel]] developers have a set of patches named [[kernel page-table isolation]] to be released in kernel 4.15 in early 2018, which has been released as a [[backport]] in kernel 4.14.11.<ref>{{Cite web|url=https://lwn.net/Articles/738975/|title=KAISER: hiding the kernel from user space|last=Corbet|first=Jonathon|date=2017-11-15|website=LWN|archive-url=|archive-date=|dead-url=|access-date=2018-01-03}}</ref><ref>{{Cite web|url=https://lwn.net/Articles/741878/|title=The current state of kernel page-table isolation|last=Corbet|first=Jonathon|date=2017-12-20|website=LWN|archive-url=|archive-date=|dead-url=|access-date=2018-01-03}}</ref> [[macOS]] has been patched since 10.13.2.<ref name=":0" /> In some cases, the fixes would make the computers equipped with those CPUs 30% slower.{{cn}} [[Phoronix]] reported no effect on Linux gaming performance.<ref>{{Cite web|url=https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests|title=Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work - Phoronix|website=www.phoronix.com|language=en|access-date=2018-01-03}}</ref>
[[Microsoft]] released an emergency update to [[Windows 10]] to address the bug on 3 January<ref>{{cite web|last1=Warren|first1=Tom|title=Microsoft issues emergency Windows update for processor security bugs|url=https://www.theverge.com/2018/1/3/16846784/microsoft-processor-bug-windows-10-fix|website=The Verge|publisher=Vox Media, Inc.|accessdate=3 January 2018|ref=warrent_010318}}</ref>, and is expected to release the patches to other supported versions of [[Microsoft Windows|Windows]] in an upcoming [[Patch Tuesday]].<ref name=":0">{{Cite news|url=https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/|title=Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign|last=|first=|date=|work=The Register|access-date=2018-01-03|archive-url=|archive-date=|dead-url=|language=en}}</ref> [[Linux kernel]] developers have a set of patches named [[kernel page-table isolation]] to be released in kernel 4.15 in early 2018, which has been released as a [[backport]] in kernel 4.14.11.<ref>{{Cite web|url=https://lwn.net/Articles/738975/|title=KAISER: hiding the kernel from user space|last=Corbet|first=Jonathon|date=2017-11-15|website=LWN|archive-url=|archive-date=|dead-url=|access-date=2018-01-03}}</ref><ref>{{Cite web|url=https://lwn.net/Articles/741878/|title=The current state of kernel page-table isolation|last=Corbet|first=Jonathon|date=2017-12-20|website=LWN|archive-url=|archive-date=|dead-url=|access-date=2018-01-03}}</ref> [[macOS]] has been patched since 10.13.2.<ref name=":0" /> In some cases, the fixes would make the computers equipped with those CPUs 30% slower.{{cn}} [[Phoronix]] reported no effect on Linux gaming performance.<ref>{{Cite web|url=https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests|title=Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work - Phoronix|website=www.phoronix.com|language=en|access-date=2018-01-03}}</ref>


==See also==
==See also==

Revision as of 00:11, 4 January 2018

Meltdown is a hardware security bug that affects Intel microprocessors by allowing programs and potentially attackers to access the entire contents of a computer's memory.[1][2] It was issued a Common Vulnerabilities and Exposures ID of CVE-2017-5754.

AMD CPUs are not affected, according to Tom Lendacky.[3][4][5]

Impact

According to the authors of the bug, "every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)."[6]

The bug is expected to impact major cloud providers like Amazon Web Services (AWS)[7] and Google Cloud Platform. Cloud providers allow customers to run programs on the same physical servers, and rely on protections that Meltdown bypasses to prevent programs from being able to view the secrets stored in memory of another program.

Patches

Microsoft released an emergency update to Windows 10 to address the bug on 3 January[8], and is expected to release the patches to other supported versions of Windows in an upcoming Patch Tuesday.[9] Linux kernel developers have a set of patches named kernel page-table isolation to be released in kernel 4.15 in early 2018, which has been released as a backport in kernel 4.14.11.[10][11] macOS has been patched since 10.13.2.[9] In some cases, the fixes would make the computers equipped with those CPUs 30% slower.[citation needed] Phoronix reported no effect on Linux gaming performance.[12]

See also

References

  1. ^ Metz, Cade; Perlroth, Nicole (2018). "Researchers Discover Two Major Flaws in the World's Computers". The New York Times. ISSN 0362-4331. Retrieved 2018-01-03.
  2. ^ "Intel's processors have a security bug and the fix could slow down PCs". The Verge. Retrieved 2018-01-03.
  3. ^ "LKML: Tom Lendacky: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors". lkml.org. Retrieved 2018-01-03.
  4. ^ "The mysterious case of the Linux Page Table Isolation patches". python sweetness. Retrieved 2018-01-03.
  5. ^ "Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work - Phoronix". www.phoronix.com. Retrieved 2018-01-03.
  6. ^ "Meltdown and Spectre: Which systems are affected by Meltdown?". meltdownattack.com. Retrieved 2018-01-03. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  7. ^ "Processor Speculative Execution Research Disclosure". Amazon Web Services, Inc. Retrieved 2018-01-03.
  8. ^ Warren, Tom. "Microsoft issues emergency Windows update for processor security bugs". The Verge. Vox Media, Inc. Retrieved 3 January 2018.
  9. ^ a b "Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign". The Register. Retrieved 2018-01-03. {{cite news}}: Cite has empty unknown parameter: |dead-url= (help)
  10. ^ Corbet, Jonathon (2017-11-15). "KAISER: hiding the kernel from user space". LWN. Retrieved 2018-01-03. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  11. ^ Corbet, Jonathon (2017-12-20). "The current state of kernel page-table isolation". LWN. Retrieved 2018-01-03. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
  12. ^ "Linux Gaming Performance Doesn't Appear Affected By The x86 PTI Work - Phoronix". www.phoronix.com. Retrieved 2018-01-03.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Meltdown_(security_vulnerability)&oldid=818511711"