Nobody ever got fired for going with Intel/AMD/ARM (ha). - (Meltdown / Spectre) - update now including Foreshadow (SGX / Skylake and later processors only)

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

Some workloads just took a hit on many Intel processors made in the last 10 years.

- stop the presses - looks like Intel might patch 90% of the processors less than 5 years old:
Guess that would not be most folks anyway.

TLDR: Looks like kernel memory can probably be read by user space without a patch in kernel code.
Problem is, you pay a penalty for the patch in performance for some workloads.
Meltdown - side channel timing attack to learn kernel memory space secrets.
Spectre - predictive out of order CPU execution to work around slow memory fetches by malicious code to use timing differences from sequential and out-of-order executions - attacks memory from victim process.

Forcefully Unmap Complete Kernel With Interrupt Trampolines

Might want to enable some protection in your browsers:

Light reading before you consider any of this below this line:
Here is some code to check for the Windows - won't update without the new reg key:
import _winreg
import sys

# replace None with \computer-name for remote...
rem_reg = _winreg.ConnectRegistry(None, _winreg.HKEY_LOCAL_MACHINE)
  # change _winreg.KEY_WOW64_64KEY with _winreg.KEY_WOW64_32KEY for 32 bit systems...
  akey = _winreg.OpenKey(rem_reg, r'SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat', 0, _winreg.KEY_READ | _winreg.KEY_WOW64_64KEY)
except WindowsError:
	print "Key not found or is WIN32"

for i in range(0,_winreg.QueryInfoKey(akey)[1]):
		n, v, t = _winreg.EnumValue(akey, i)
		print i, n, v, t

Here is the same above as an exe:
Checker for 64 bit Windows -
reg key to add if not added by your non-existent Anti Virus software :-)
Now we have Foreshadow (2015 and later Intel only with the SGX extension)
8/15/2018 - If you have the SGX extension in your processor, there is a new (timing sorta) attack for that added but not thought out cpu "feature".
Details here