Language Selection

English French German Italian Portuguese Spanish

​Major Linux redesign in the works to deal with Intel security flaw

Filed under
Linux
Hardware
Security

Long ago, Intel made a design mistake in its 64-bit chips -- and now, all Intel-based operating systems and their users must pay the price.

Linux's developers saw this coming early on and patched Linux to deal with it. That's the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

How bad will it really be? I asked Linux's creator Linus Torvalds, who said: "There's no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Read more

Google and Red Hat

  • Red Hat Says Security Updates for Meltdown & Spectre Bugs May Affect Performance

    Red Hat's John Terrill informs Softpedia today that Red Hat is aware of the two hardware bugs (Meltdown and Spectre) affecting most modern microprocessors and they're working on security updates to mitigate them on their supported operating systems.

    The Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) were publicly disclosed earlier today as critical hardware flaws affecting modern microprocessors made in the last two decades. These can be exploited by an unprivileged attacker to bypass hardware restrictions through three unique attack paths and gain read access to privileged memory.

    Red Hat Product Security provided us with several resources to better understand the impact of these hardware bugs on any of their supported Linux-based operating systems from an open source technology perspective. They said that Intel, AMD, POWER 8, POWER 9, IBM System z, and ARM chips are affected by the newly discovered vulnerabilities.

  • Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

    We're finally getting actual technical details on the CPU vulnerability leading to the recent race around (K)PTI that when corrected may lead to slower performance in certain situations. Google has revealed they uncovered the issue last year and have now provided some technical bits.

    Google says their Project Zero team last year discovered serious flaws in speculative execution that could lead to reading system memory where it shouldn't be authorized. Google was also able to demonstrate an attack where one VM could access the physical memory of the host machine and in turn read memory of other VMs on the same host.

Patched

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security Leftovers

  • CVE-2021-4034 – Ariadne's Space

    Before we get into this, I have seen a lot of people on Twitter blaming systemd for this vulnerability. It should be clarified that systemd has basically nothing to do with polkit, and has nothing at all to do with this vulnerability, systemd and polkit are separate projects largely maintained by different people. We should try to be empathetic toward software maintainers, including those from systemd and polkit, so writing inflammatory posts blaming systemd or its maintainers for polkit does not really help to fix the problems that made this a useful security vulnerability.

  • Windows ransomware LockBit makes the jump to Linux [Ed: Pro-Windows site. Misses the point that over 90% of ransomware is a Windows problem.]

    First, they came for Windows. Then, for Tux. As cool as Linux is, it's increasingly becoming a target for ransomware-friendly cyber criminals intent on ruining people's days.

  • These critical security bugs put Linux servers at risk of attack [Ed: Attack from the inside maybe; you need to actually have an account on such machines to begin with... compare to Windows with remotely-exploitable full compromise bugs/back doors]
  • Patch Now: A newly discovered critical Linux vulnerability probably affects your systems
  • IoT security certification group gains steam [Ed: Another fake security consortium? Their shoddy products might be best off avoided altogether, as there's rarely a practical need for such gimmicks.]

    The ioXT Alliance, which offers a certification program for IoT security, announced it has certified 195 products and grown to 580 members. Meanwhile, Timesys is seeking participants for a survey on IoT security.

Audiocasts/Shows: Videos Editing and More

Chile citizens: Support these constitutional proposals for free software and user privacy by Feb 1

Chile is in the midst of governmental changes, and with these changes comes the opportunity for the people of Chile to make their voices heard for long-term benefits to their digital rights and freedoms. Chilean activists have submitted three constitutional proposals relating to free software and user freedom, but they need signatures in order to have these proposals submitted to the constitutional debate. We encourage free software community members in Chile to have a look at these proposals, and sign those that uphold digital freedom and autonomy. The deadline for collecting signatures is February 1st. Some further explanation and other information gathered by one of our community members, Felix Freeman, is included below. The English version of Felix's message is provided below. Read more

GNU poke 2.0 released

I am happy to announce a new major release of GNU poke, version 2.0. This release is the result of a full year of development. A lot of things have changed and improved with respect to the 1.x series; we have fixed many bugs and added quite a lot of new exciting and useful features. See the complete release notes at https://jemarch.net/poke-2.0-relnotes.html for a detailed description of what is new in this release. We have had lots of fun and learned quite a lot in the process; we really wish you will have at least half of that fun using this tool! Read more