What’s wrong with Intel’s 8 new CPU vulnerabilities? What’s the impact? How to fix it?

2018-06-24

Sina Technology News Beijing time in the morning of May 4th news, the German computer magazine “c' t” this Thursday reported that researchers found 8 new vulnerabilities in computer CPU, which are a bit similar to Metldown and Spectre.

The magazine also said that Intel is preparing to release patches and fix holes, and some of ARM’s chips are also affected, and whether AMD chips have the same problem, researchers are investigating. “C' t” does not disclose the source of the information because the researchers will give priority to the corresponding companies and make their own discoveries open after the company finds a repair patch.

In January, researchers discovered vulnerabilities of Meltdown and Spectre, and Google Project Zero was one of the first teams to be discovered. This time, one of the vulnerabilities was discovered by Project Zero, because it was banned from publication within 90 days, so it can not publish its findings until May 7th.

Intel representatives declined to comment on the vulnerabilities described in German magazines. In the official website statement, Intel said it was working with customers, partners, other chipmakers and researchers. Once the problem was confirmed, it would find a way to ease the process, and the whole process involved the CVE numbered block. The statement said: “we believe that collaborative disclosure has great value. In the process of mitigation, we will disclose in time if any potential problems are found.”

For the newly discovered vulnerabilities, c', t did not reveal too many details. When Spectre and Meltdown appear, researchers have said that there may be more similar vulnerabilities that need to be repaired with patches.

Eclypsium CEO and Yuriy Bulygin, a former Intel security researcher, said: “look at the impact of Metldown and Spectre, new vulnerabilities may touch a new round of upgrades, long time, painful process, and may even involve performance and stability problems. Patching the hardware is a tricky business. I hope that under the guidance of Metldown and Spectre, the process will become simpler.

Brigin also said that in the real world, no hackers have been found to use Spectre and Meltdown to launch attacks, but similar attacks have become a hot and new field of research, and some of them may have begun to study new attacks. (star sea)

AiShangHai LoveShangHai