Jump to content


Linux vs. Zombieload

intel cpu vulnerability

  • Please log in to reply
4 replies to this topic

#1 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,925 posts

Posted 14 May 2019 - 10:43 PM

More attack vectors have been discovered in Intel CPUs. Linux kernel devs frantically develop patches:

https://www.zdnet.co...-vs-zombieload/
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#2 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,735 posts

Posted 15 May 2019 - 04:23 AM

View Postsunrat, on 14 May 2019 - 10:43 PM, said:

More attack vectors have been discovered in Intel CPUs. Linux kernel devs frantically develop patches:

https://www.zdnet.co...-vs-zombieload/

Quote

Reading between the lines, except for people running stand-alone Linux desktops, Canonical recommended you make the patches and disable hyper-threading.

Quote


This also means Linux-based containers and VMs are also open to attack. To protect yourself, you'll need to patch the following Linux files: Kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, and microcode_clt on all your systems. In particular, there's a known attack vector for CE-2018-12130, which enables a malicious VM or container spy another containers or VMs. In other words, you must patch all your running containers and VMs on a server -- or one bad apple can reveal the data in the patched ones.


Quote

Unlike the earlier Meltdown and Spectre problems, Intel was given time to ready itself for this problem. Intel has released microcode patches. These help clear the processor's buffers, thus preventing data from being read.
To defend yourself, your processor must be updated, your operating system must be patched, and for the most protection, Hyper-Threading disabled. When Meltdown and Spectre showed up, the Linux developers were left in the dark and scrambled to patch Linux. This time, they've been kept in the loop.

:breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#3 ONLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 24,624 posts

Posted 15 May 2019 - 09:13 AM

Archlinux got the patch yesterday:

intel-ucode-20190514-1-any
Posted ImagePosted Image
Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,925 posts

Posted 15 May 2019 - 10:08 AM

Debian also has fresh security upgrades for intel-microcode and kernels.
registered Linux user number 324659  ||    The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted Image
For the things we have to learn before we can do them, we learn by doing them.

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,758 posts

Posted 15 May 2019 - 02:52 PM

Hmm... no issues with AMD??? That's nice. :)
Posted Image

Posted Image Support Slackware: https://paypal.me/volkerdi





Also tagged with one or more of these keywords: intel, cpu vulnerability

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users