this post was submitted on 25 Jul 2023
542 points (97.2% liked)

Technology

59377 readers
4179 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] I_like_cats@lemmy.one 115 points 1 year ago (7 children)

Linux has a merged mitigation so when the new kernel comes out Linux users will be safe

[–] nul9o9@lemmy.world 44 points 1 year ago (17 children)

Looks like I'm getting the final kick to Linux on my main gaming PC.

[–] Dnn@lemmy.world 22 points 1 year ago

Welcome to the club! We're dozens here!

load more comments (16 replies)
[–] MooseBoys@lemmy.world 14 points 1 year ago (3 children)

when the new kernel comes out Linux users will be safe

It’s going to take a lot longer than that for most distros to move to latest upstream. This specific fix might be pulled in as a hotfix if you’re lucky, but it still takes time. The latest Ubuntu LTS is on 5.15, for example, which was released in October 2021. Debian Bookworm, which just released last month, uses 6.1 from December 2022.

[–] I_like_cats@lemmy.one 20 points 1 year ago (1 children)

Critical security fixes are backported. There where a lot of kernels released yesterday that had the fix. For 5.15, 5.15.122 was released with the zenbleed mitigation.

[–] MooseBoys@lemmy.world 7 points 1 year ago

5.15.122 was released with the zen bleed mitigation

But Ubuntu users (for example) won’t get that automatically. Canonical still has to pull the upstream release, run validation, and roll out a patch. It will probably be speedy, but still on the order of several weeks before people see it by default.

[–] bobthecowboy@lemmy.world 18 points 1 year ago (1 children)

This is exactly the kind of thing that gets backported to stable LTS distros tho. The kernel Major.Minor is just the base - it doesn't tell the whole story.

load more comments (1 replies)
[–] andrew@lemmy.stuart.fun 14 points 1 year ago

Thank goodness I'm on arch (btw).

[–] joel_feila@lemmy.world 5 points 1 year ago

Time to sit back and relax

load more comments (4 replies)
[–] Default_Defect@lemmy.world 79 points 1 year ago (6 children)

Why is it that every time there's drama about hardware, its something I own?

[–] tram1@programming.dev 36 points 1 year ago (2 children)

That's because of monopolies... There are only two brands of PC CPUs you could own...

load more comments (2 replies)
[–] PeachMan@lemmy.one 29 points 1 year ago

Well, this happens to affect the Ryzen 5 3600, which I'm pretty sure is one of AMD's most popular processors ever....so you're certainly not alone.

load more comments (4 replies)
[–] aBundleOfFerrets@sh.itjust.works 62 points 1 year ago (2 children)

Nice to know that security researchers are giving AMD some love too. Ill be sure to turn the patch off on my 3600 once it rolls around (can’t be losing any frames for something silly like security)

[–] LoafyLemon@kbin.social 42 points 1 year ago (1 children)

That's a very bad idea.

The bad news is that the exploit doesn't require physical hardware access and can be triggered by loading JavaScript on a malicious website.

[–] notthebees@reddthat.com 14 points 1 year ago (1 children)
[–] LoafyLemon@kbin.social 5 points 1 year ago

I want to say that I know, but it's the internet, so you can never be sure. ¯\_(ツ)_/¯

load more comments (1 replies)
[–] Atemu@lemmy.ml 48 points 1 year ago (1 children)

Planned fix

December 2023

Yikes.

[–] evatronic@lemm.ee 38 points 1 year ago (1 children)

It's worth noting these are the firmware / microcode fixes.

There's already a software solution available,

There is a software workaround, you can set the chicken bit DE_CFG[9]. This may have some performance cost, and the microcode update is preferred.

source: https://www.openwall.com/lists/oss-security/2023/07/24/3

AMD has also already released a fix for the big boy - the EPYC processor.

load more comments (1 replies)
[–] ezchili@iusearchlinux.fyi 30 points 1 year ago (1 children)

The article says it's exploitable via javascript on a random web page. I don't see how that could be possible

[–] nan@lemmy.blahaj.zone 22 points 1 year ago (1 children)

affects all Zen 2-based Ryzen, Threadripper, and EPYC CPUs

I know they’re probably pretty common, all my stuff ended up being Zen 3. Here’s hoping they don’t find similar issues in later generations.

[–] FishInABarrel@kbin.social 5 points 1 year ago

I've got an older 3900X that's Zen 2, but I'm otherwise clear, too.

It's kind of hard to figure out which Zen # a CPU falls under, so here's the Wiki page listing all Zen 2 CPUs.

[–] Jane2187@lemmy.world 22 points 1 year ago (2 children)

How come branch prediction seems so vulnerable to exploits? Both spectre and meltdown were also caused by branch prediction not working quite right.

[–] JackbyDev@programming.dev 10 points 1 year ago

The more steps in the instruction pipeline the more ways there are for there to be an error where some result doesn't get erased when undoing stuff from the wrong branch. It's basically like telling someone to move into a new house and get settled then stopping them six hours in and trying to make sure you get all their stuff out.

[–] anlumo@feddit.de 8 points 1 year ago (1 children)

It wasn't branch prediction alone, it was the cache combined with branch prediction. The problem is that even discarded outcomes fill the cache with data. Those older vulnerabilities also had the problem that the access permissions check was done after the branch prediction. It's probably too expensive to do when it's not even clear yet whether the branch is going to be taken (that's just speculation on my part though).

[–] jumperalex@lemmy.world 7 points 1 year ago

(that’s just speculation on my part though).

I see what you did there, even if you didn't :)

[–] iByteABit@lemm.ee 14 points 1 year ago (1 children)
[–] r00ty@kbin.life 52 points 1 year ago

The guys themselves made a pretty good write-up. https://lock.cmpxchg8b.com/zenbleed.html

The short version is that the very large registers on the modern CPUs aren't fixed things like they used to be, they're allocated from some register area on the die. When they "zero" the upper portion of one of the large registers it doesn't really clear it. It just releases the block back to available.

Another thing all CPUs need these days to keep fast is branch prediction. CPUs are only fast if they can keep the pipeline of upcoming commands (opcodes) to process full. So they often run both possible routes for a branch and discard the loser.

In this case they "trick" the CPU by asking it to "clear" a block of one of these large registers (the upper half). But then have the branch go the other way. What sometimes happens is that the register space is "released" but it has to take it back. In some specific circumstances they are able to have the register come back, but not with the original contents but with some random contents of maybe another register that was used by another thread (maybe even running on a different VM guest).

I have a server with a 3000 series CPU. I can confirm this definitely works. You'll get all kind of random blocks of memory from processes running as all users (and kernel code). For AMD processors running VM servers it is even worse. Because if you have say a VPS running on an AMD Zen2 CPU, you can login as any user run this and get random data from people on other VPS on the same hardware!

There is a linux workaround, and it seems most CPUs will be fixed by December.

Note: If you have access to a VPS that is vulnerable, do note that in most countries it is illegal to even try to exploit this.

[–] malloc@programming.dev 12 points 1 year ago (1 children)

Intel had something like this as well (side channel attack?). I remember it because Linus Torvalds (creator of Linux kernel) ripped Intel a new one.

[–] elscallr@lemmy.world 8 points 1 year ago

They've had a couple. Spectre is the one to which you're referring, I bet.

[–] _haha_oh_wow_@sh.itjust.works 11 points 1 year ago
[–] ScaredDuck@sopuli.xyz 10 points 1 year ago (1 children)

Is there any information on the performance impact of the microcode fix or is it too early for that?

load more comments (1 replies)
[–] peopleproblems@lemmy.world 8 points 1 year ago

Well

that's not great

[–] wjrii@kbin.social 7 points 1 year ago

Feeling pretty smudge about my 2400g and RX580 "gaming" rig.

[–] iByteABit@lemm.ee 5 points 1 year ago (1 children)
[–] Balinares@pawb.social 15 points 1 year ago* (last edited 1 year ago)

A CPU performs operations like "read a small bit of thing from the memory into the CPU" and "do a small bit of computation on things inside the CPU" and "put a small bit of thing from the CPU into the memory".

Doing small bits of computation on things inside the CPU is very fast but moving bits of things from or to the memory is slow in comparison. In order to not be slowed down, CPUs read the code ahead of what is currently being executed, and try to guess what is going to happen and what will need to be moved from the memory into the CPU, so they can do it ahead of time, and have the small bit of thing from the memory already available right there in the CPU when it's time to do a bit of computation on it. That way, there is no need to wait on slow memory, and the CPU runs much faster overall. That's a good thing.

In this case, a researcher found a way to make certain CPUs guess what is going to happen with the code wrong, in such a way that the small bits of things that were read from the memory ahead of time do not get properly cleaned up, and can still be found inside the CPU by another program. Those small bits of things might be your password or banking details, so that's bad.

load more comments
view more: next ›