Browsing Posts tagged MeltdownSpectre

Reading Time: 4 minutes The 2018 was the year of the CPU related threats, starting with the Meltdown and Spectre bugs affecting several processors, but with most of issues related to Intel based CPU. Unfortunately, this was only the beginning and many other bugs were discovered later. And we’re probably just at the tip of the iceberg.

Reading Time: 3 minutes This year has started with the revelation of the Meltdown and Spectre vulnerabilities afftecting most of the (old and new) processors including Intel, AMD and ARM… but also others. In little less than one year we are still far from the solution because there are some patches, but those patches have serious performance impacts and sometimes are those patches require more and more time to become effective (instead of causing new issues).

Reading Time: 9 minutes With all those Meltdown, Spectre, Foreshadow, … bugs that affect several CPU, you may be interested in what can be the overall performance impact for all the related patches. There isn’t a simple answer, because it really varies by the processor vendor (Intel CPUs are more affected than AMD CPUs), probably also by CPU the family, for sure by the type of workloads (CPU bound workloads will be more affected, but it depends also on which instructions are used), … but also the type of environment.

Reading Time: 3 minutes Meltdown and Spectre remediations can imply not only performance degradation, but also some management issues. For example in how EVC works as described in VMware KB 52085 (Hypervisor-Assisted Guest Mitigation for Branch Target injection). An ESXi host that is running a patched vSphere hypervisor with updated microcode will see new CPU features that were not previously available. These new features will be exposed to all Virtual Hardware Version 9+ VMs that are powered-on by that host. Because these virtual machines now see additional CPU features, vMotion to an ESXi host lacking the microcode or hypervisor […]

Reading Time: 3 minutes VMware has released (on Feb, 15th) a new vCSA version: vCenter Server 6.5 U1f, with build number 7801515. This release patches the vCSA operating system (Photon OS) mainly against two vulnerabilities: bounds-check bypass (Spectre-1, CVE-2017-5753) and rogue data cache load issues (Meltdown, CVE-2017-5754). As of now, there is still no patch for branch target injection vulnerability (Spectre-2, CVE-2017-5715). VMware has also updated the security advisory dealing with all of its virtual appliances updates for Spectre and Meltdown vulnerabilities, VMSA-2018-0007. But note that VMSA-2018-0004.2 has not been updated yet, and it still report that the suggested version for […]

Reading Time: 2 minutes We are still far from a solution for the Meltdown and Spectre, considering the delay of the microcode releases and the complexity of the possible Spectre fixes… And now, some security researchers from NVIDIA and Princeton have discovered new variants of the Meltdown and Spectre flaws that may be more difficult to be fixed (but also to be exploited) than the originals.

Reading Time: 6 minutes The mitigations for Meltdown and Spectre issues have involved a combination of different type of fixes: some software based, such as Microsoft and Linux versions of the “kernel page table isolation” protection, but also fome hardware based, like the Intel’s microcode updates (part that is still missing in most cases). Both type of patches can cause performance overheads and have some kind of impact on your environment. But how can you estimate it (before apply the patches) and how can you measure it (when the patches have been applied)?

© 2024-2011 vInfrastructure Blog | Disclaimer & Copyright