Questions tagged [cpu]

51 questions
32
votes
7 answers

If I know the CPU architecture of a target, can I send instructions embedded in an image?

Can I send instructions embedded in an image to a target, if I know his CPU architecture?
Faminha102
  • 545
  • 1
  • 5
  • 8
16
votes
2 answers

Are new AMD processors more secure than Intel ones?

Since the discovery of Meltdown and Spectre, CPU security has been compromised and trust to the main manufacturers reduced, particularly Intel. 8 months later I wonder, what CPUs are more secure at this moment? Why? Have the patches achieved the…
user3770060
  • 163
  • 1
  • 5
15
votes
1 answer

Security considerations of x86 vs x64

What if any, are the security considerations of deciding to use an x64 vs x86 architecture?
WireInTheGhost
  • 275
  • 2
  • 5
14
votes
1 answer

New CVE-2018-5407 "PortSmash vulnerablity" in Intel CPU

I just heard in the news: Intel CPUs impacted by new PortSmash side-channel vulnerability. Is it as threatening as Meltdown/Spectre? Is it patched? What should we do to be safe? Does it affect AMD CPU's? It is found by a team in a university so…
0_o
  • 1,142
  • 1
  • 9
  • 19
11
votes
2 answers

Does recent Intel hardware mitigate Meltdown at the hardware level?

Recently a security researcher made the following claim via Twitter (emphasis added): If you're running Windows, I'm about to publish a tool that checks if you have the "Variant 3: rogue data cache load (CVE-2017-5754)" aka #Meltdown patches…
Alexander O'Mara
  • 8,774
  • 6
  • 34
  • 38
9
votes
3 answers

How can CPU designers prevent information leaks from speculated execution?

We know about short-term measures to mitigate the Meltdown and Spectre vulnerabilities in certain microprocessors where speculative execution has measurable effects on cache timings (mainly patches to microcode, operating systems and any…
Toby Speight
  • 1,214
  • 9
  • 17
8
votes
1 answer

Intel firmware/microcode updates that make processors "immune" to both Spectre and Meltdown?

Recently Intel has claimed the following in a press release (emphasis added): SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and…
Alexander O'Mara
  • 8,774
  • 6
  • 34
  • 38
6
votes
2 answers

Capability of microcode hacking?

Before Spectre and Meltdown, I've never heard of users updating microcode on a chip through firmware or otherwise. I actually thought it was written into the silicon and immutable. Now I'm seeing a lot of mentions about this., things like disabling…
Evan Carroll
  • 2,325
  • 4
  • 22
  • 29
5
votes
1 answer

Can speculative execution on intel cpu be disabled?

In the light of all the recent Intel Vulnerabilities with speculative execution, can speculative execution be fully disabled to protect from all this vulnerabilities, from BIOS or OS kernel? Maybe stupid question, but is it possible?
user3604665
  • 153
  • 4
5
votes
2 answers

Are VIA CPUs vulnerable to Spectre/Meltdown attacks?

I couldn't find any information about the recently published Spectre/Meltdown attacks affecting VIA CPUs. Are they also affected by this vulnerabilities?
ml_
  • 153
  • 4
5
votes
1 answer

What was state of the art knowledge on security of speculative evaluation when it was introduced to Intel CPUs?

Many sources claim that almost all Intel x86 CPUs back to Pentium Pro are vulnerable to the Meltdown attack. Pentium Pro was introduced to the market in 1995. What was the state of the art knowledge on security of speculative evaluation, the basis…
liori
  • 161
  • 4
5
votes
1 answer

Does the main OS run "virtualised" under the ring -1 hypervisor?

After reading this answer which explains that modern CPUs have a ring -1 that is running a hypervisor on the CPU and handles vmenter & stuff, I am wondering: The main operating system, like the one installed directly on the hard disk (and not one…
Ela782
  • 153
  • 4
4
votes
1 answer

Sacrificing 30% of my CPU performance (by disabling Hyper-Threading) to fully mitigate CPU vulnerabilities, necessary?

I used the spectre-meltdown-checker, version 0.42, without any option resulting in all-green results. But, in a help page, I found the --paranoid switch, which resulted in about a half of later CVEs to become red. I read what it told me, that for…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
4
votes
3 answers

Do the Spectre and Meltdown CPU bugs affect AMD in addition to Intel?

If a server or or PC is running AMD CPUs, will those be affected by the Spectre and/or Meltdown bugs currently effecting Intel chips? Why or why not? What makes it affect one and not the other? How does architecture play a role?
TestinginProd
  • 908
  • 3
  • 9
  • 14
4
votes
3 answers

Understanding the scope of Intel hyperthreading errata KBL095

Recently, many motherboards supporting skylake or kabylake, got a uefi update described as cpu microcode security update for a specific Intel errata, described by Intel as : Short Loops Which Use AH/BH/CH/DH Registers May Cause Unpredictable System…
user2284570
  • 1,402
  • 1
  • 14
  • 33
1
2 3 4