Language Selection

English French German Italian Portuguese Spanish

​Major Linux redesign in the works to deal with Intel security flaw

Filed under
Linux
Hardware
Security

Long ago, Intel made a design mistake in its 64-bit chips -- and now, all Intel-based operating systems and their users must pay the price.

Linux's developers saw this coming early on and patched Linux to deal with it. That's the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

How bad will it really be? I asked Linux's creator Linus Torvalds, who said: "There's no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Read more

Google and Red Hat

  • Red Hat Says Security Updates for Meltdown & Spectre Bugs May Affect Performance

    Red Hat's John Terrill informs Softpedia today that Red Hat is aware of the two hardware bugs (Meltdown and Spectre) affecting most modern microprocessors and they're working on security updates to mitigate them on their supported operating systems.

    The Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) were publicly disclosed earlier today as critical hardware flaws affecting modern microprocessors made in the last two decades. These can be exploited by an unprivileged attacker to bypass hardware restrictions through three unique attack paths and gain read access to privileged memory.

    Red Hat Product Security provided us with several resources to better understand the impact of these hardware bugs on any of their supported Linux-based operating systems from an open source technology perspective. They said that Intel, AMD, POWER 8, POWER 9, IBM System z, and ARM chips are affected by the newly discovered vulnerabilities.

  • Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

    We're finally getting actual technical details on the CPU vulnerability leading to the recent race around (K)PTI that when corrected may lead to slower performance in certain situations. Google has revealed they uncovered the issue last year and have now provided some technical bits.

    Google says their Project Zero team last year discovered serious flaws in speculative execution that could lead to reading system memory where it shouldn't be authorized. Google was also able to demonstrate an attack where one VM could access the physical memory of the host machine and in turn read memory of other VMs on the same host.

Patched

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security: Updates, IBM, Elytron and Container Vulnerability Scanning

  • Security updates for Friday
  • IBM Security launches open-source AI
    IBM Security unveiled an open-source toolkit at RSA 2018 that will allow the cyber community to test their AI-based security defenses against a strong and complex opponent in order to help build resilience and dependability into their systems.
  • Elytron: A New Security Framework in WildFly/JBoss EAP
    Elytron is a new security framework that ships with WildFly version 10 and Red Hat JBoss Enterprise Application Platform (EAP) 7.1. This project is a complete replacement of PicketBox and JAAS. Elytron is a single security framework that will be usable for securing management access to the server and for securing applications deployed in WildFly. You can still use the legacy security framework, which is PicketBox, but it is a deprecated module; hence, there is no guarantee that PicketBox will be included in future releases of WildFly. In this article, we will explore the components of Elytron and how to configure them in Wildfly.
  • PodCTL #32 – Container Vulnerability Scanning

NetBSD 8.0 RC1 Available, Bringing Initial USB 3.0 Support & Spectre/Meltdown Mitigation

It's a busy month for the BSDs with DragonFlyBSD 5.2 having come along with OpenBSD 6.3 and right before that was TrueOS 18.03. Now there's finally the release candidate of the long-awaited NetBSD 8.0 update. NetBSD 7.0 arrived back in October 2015 while the NetBSD 8.0 release should not be too much further out. Arguably most interesting with NetBSD 8.0 is its finally bring initial USB 3.0 support though the change-log currently just describes it as "some USB 3 support." Read more

FFmpeg 4.0 Released

  • FFmpeg 4.0 released
    Version 4.0 of the FFmpeg multimedia toolkit is out. There is a long list of new filters, formats, and more; see the announcement for details.
  • April 20th, 2018, FFmpeg 4.0 "Wu"
  • FFmpeg 4.0 Released With New Encoders/Decoders, NVIDIA NVDEC Decoding
    FFmpeg 4.0 is now available as the latest major release for this widely-used open-source multimedia encode/decoder library. FFmpeg 4.0 introduces NVIDIA NVDEC GPU-based decoding for H264 / MJPEG / HEVC / MPEG-1/2/4, VC1, VP8, and VP9 formats. This release also adds an Intel QSV accelerated overlay filter, an OpenCL overlay filter, VA-API MJPEG and VP8 decoding support, new VA-API filters, and many other accelerated code path improvements.

Graphics: AMD, Intel and Vulkan

  • AMDGPU DC Fixes For Linux 4.17 Take Care Of "The Dark Screen Issue"
    AMD's Alex Deucher has sent in a small set of fixes for the AMDGPU Direct Rendering Manager driver in the Linux 4.17 kernel. The three patches are for fixing a dark screen issue with AMDGPU DC, a fix for clock/voltage dependency tracking for WattMan, and an updated SMU interface for the yet-to-be-announced Vega 12 GPU.
  • Intel KVMGT 2018-Q1 Release Offers Mediated GPU Pass-Through Improvements
    While the relevant bits for supporting Intel GPU mediated pass-through to virtual machines with KVM are now upstream in the Linux kernel as well as in QEMU 2.12, Intel developers have just announced their quarterly release of "KVMGT" for those wanting the officially blessed configuration for running Intel virtual GPU support with KVM virtual machines.
  • RADV Vulkan Driver Adds Vega M Support
    Following RadeonSI adding "Vega M" support for the new Radeon graphics appearing embedded on select Intel Kabylake processor packages, the RADV developers have similarly staged their Vega M support in this open-source Vulkan driver.
  • The Forge Now Offers Full-Featured Vulkan Support On Linux
    Earlier this month we covered "The Forge" picking up initial Linux support and now they have rounded out their full-featured Linux support with Vulkan rendering.