Intel are not having a good time lately are they? More vulnerabilities in their CPUs have been made public.
How many is that Intel have had recently that affect them? Quite a lot. This time, it appears AMD are not affected at least. Still, this is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. Currently, Intel are saying that they're "not aware of any use of these issues outside of a controlled lab environment" so you don't need to go and panic just yet. Just keep an eye on updates for your distribution and motherboard BIOS updates.
Here's they two they're now talking about:
CVE-2020-0548 is an information disclosure vulnerability with a CVSS score of 2.8, low, referred to as Vector Register Sampling. This issue is rated “low” as the user would first need to be authenticated on the target system, the high complexity of an attack, and low confidence in the attacker’s ability to target and retrieve relevant data.
CVE-2020-0549 is also an information disclosure vulnerability requiring authenticated local access. The CVSS score is 6.5, medium. Referred to as L1D Eviction Sampling, the severity score is higher on this one because the attack complexity is lower and the ability to target specific data higher. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.
If you have an Intel CPU made before Q4 2018, you're likely affected. CVE-2020-0549, which is also being called CacheOut which has a dedicated website mentions that "Intel inadvertently managed to partially mitigate this issue while addressing a previous issue".
You can see Intel's official post on it here.
Article taken from GamingOnLinux.com.
My next system will be AMD based, and for good, i never will use Intel again.
Koopacabras Jan 28, 2020
Quoting: EikeQuoting: The_Aquabatthere is no reason for using Intel over AMD, in gaming I think that the top tier are even. So not sure why anyone would use intel provided pretty much everything else runs slower on their counterparts.
Not everybody changed their computer yesterday, and Intel was better for decades.
Sigh, :( I understand that now I wish I could buy one of those juicy navis these days but things have not been so good economically lately here.
If I were on a really tight budget and stuck with an old pc then I would probably get an Athlon 3000g for 50 bucks, that has a vega IGPU, and with a cheap mobo and ddr4 memories . I bet that you could upgrade for 200/250 (provided that you have a case/tower and the PSU).
Yeah but sometimes some of us don't value what we have, we always want the latest and greatest and in some part of the world, like in Asia/China/India if you have a PC like the ones we have, you are basically a millionaire. In China most ppl are running windows XP!
Last edited by Koopacabras on 28 January 2020 at 10:23 pm UTC
Comandante Ñoñardo Jan 29, 2020
... than the PGA ....
If, someday, AMD decide to implement the LGA system in the mid class processors, I will try them....
Sadly, actually AMD use the LGA system only in the Threadripper processor.
Koopacabras Jan 29, 2020
Quoting: Comandante ÑoñardoIf, someday, AMD decide to implement the LGA system in the mid class processors, I will try them....actually maybe it is LGA... lol
Sadly, actually AMD use the LGA system only in the Threadripper processor.
that makes me remember of this ... someone thought that Ryzen was LGA :P
Last edited by Koopacabras on 29 January 2020 at 3:06 am UTC
Also, my next build will be a AMD system. ;)
But the important facts is:
These vulnerabilities were discovered bei the Defense Advanced Research Projects Agency (DARPA) and the Air Force Reseach Laboratory (AFRL) of Australia. So now the military (and probably secret services) seem to have an interest in such vulnerabilities. I wonder why...
Quoting: GrimfistThe vulnerabilities itself are not that interesting, because they are a lot more theoretical than previous ones.
But the important facts is:
These vulnerabilities were discovered bei the Defense Advanced Research Projects Agency (DARPA) and the Air Force Reseach Laboratory (AFRL) of Australia. So now the military (and probably secret services) seem to have an interest in such vulnerabilities. I wonder why...
Them releasing their knowledge to the public is not the dangerous case...
Patreon
PayPal
See more from me