Home>Posts>I/O HUB>A Word About Recent CPU Vulnerabilities

A Word About Recent CPU Vulnerabilities

By ·Categories: I/O HUB·Published On: January 17th, 2018·2.1 min read·

You’ve likely heard about the vulnerabilities recently discovered in the majority of CPUs on the market. These flaws, first discovered by Google’s Project Zero, are being called Meltdown and Spectre and take advantage of core functionality in processor architecture to potentially access information stored in system kernel memory.

Ars Technica recently published an in-depth exploration of Meltdown and Spectre, including the actions taken by the hardware manufacturers involved. Their article describes the two distinct vulnerabilities this way:

Meltdown, applicable to virtually every Intel chip made for many years, along with certain high-performance ARM designs, is the easier to exploit and enables any user program to read vast tracts of kernel data. The good news, such as it is, is that Meltdown also appears easier to robustly guard against. The flaw depends on the way that operating systems share memory between user programs and the kernel, and the solution—albeit a solution that carries some performance penalty—is to put an end to that sharing.

Spectre, applicable to chips from Intel, AMD, and ARM, and probably every other processor on the market that offers speculative execution, too, is more subtle. It encompasses a trick testing array bounds to read memory within a single process, which can be used to attack the integrity of virtual machines and sandboxes, and cross-process attacks using the processor’s branch predictors (the hardware that guesses which side of a branch is taken and hence controls the speculative execution). Systemic fixes for some aspects of Spectre appear to have been developed, but protecting against the whole range of fixes will require modification (or at least recompilation) of at-risk programs. (source Ars Technica)

Some early reports about this issue indicated that only Intel® processors were vulnerable and that impending fixes for these flaws would result in significant performance impacts, but those statements have since been walked back. Additional research has revealed that CPUs from all major manufactures are affected and that the performance impacts due to any necessary fixes may be less significant than first thought. For their part, Intel released a statement detailing the vulnerabilities, as well as a white paper describing potential mitigation steps and outlining new features they intend to put in place to help safeguard future processor generations.

Logic Supply takes the security of client data very seriously. We are working directly with Intel, Microsoft and other vendors to determine and implement the necessary steps to ensure the continued security of our hardware and will provide any updates as they become available.

Recommended Resources
Intel Security Alert
Microsoft Security Center
Google Project Zero Report

Share

About the Author: Darek Fanton

Darek is the Communications Manager at OnLogic. His passion for both journalism and technology has led him from the newsrooms of local papers to the manufacturing floor of IBM. His background in news gathering has him always on the lookout for the latest in emerging tech and the best ways to share that information with readers. In addition to his affinity for words, Darek is a music lover, juggler and huge fan of terrible jokes.
Follow OnLogic on LinkedIn

2 Comments

  1. Cincoze DA-1000 March 29, 2018 at 11:41 am

    Are there any news on the microcode/BIOS updates for DA-1000?

  2. Darek Fanton March 29, 2018 at 12:09 pm

    Thank you for your question. The Meltdown and Spectre vulnerabilities are being addressed by manufacturers through Windows update. We have found that the following link offers a useful explanation of how to protect systems. https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help.

Leave A Comment

SHARE

Have a project? Let's talk

More Articles

WHITEPAPER

Learn the 5 ways Fanless Computers can help your business

Get the Whitepaper
View All Articles

OnLogic Industrial Computers

Discover OnLogic's multitude of industrial computers that will help you to advance your IoT project

Shop OnLogic

Learn more at OnLogic.com

OnLogic Industrial PCs: Designed to last. Built to order. Delivered in days. Visit our online store at OnLogic.com