'Re: [Full-disclosure] Intel Core 2 CPUs are buggy. Patch your cpus'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Intel Core 2 CPUs are buggy. Patch your cpus
From:       "James Matthews" <nytrokiss () gmail ! com>
Date:       2007-06-28 19:42:43
Message-ID: 8a6b8e350706281242p6f915ebbnfbd3047649696672 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


It's scary that these things cannot be patched. And this post will probably
result in intel taking down that document saying look now there are now no
holes!!!!

On 6/28/07, Peter Ferrie <pferrie@symantec.com> wrote:
>
> >   - Basically the MMU simply does not operate as specified/implimented
> >     in previous generations of x86 hardware.  It is not just buggy, but
> >     Intel has gone further and defined "new ways to handle page tables"
> >     (see page 58).
>
> I'm not sure about this - I understood it to mean that if you touch a
> table, you have to invalidate the TLB that corresponds to its linear
> address.  This was always how Intel CPUs behaved, even the old ones.
> What changed?
>
> >   - Some of these bugs are along the lines of "buffer overflow"; where
> >     a write-protect or non-execute bit for a page table entry is
> ignored.
>
> Same thing here - altering tables without flushing the TLBs will result in
> cached data being used instead.  Intel is documenting it very well now,
> but
> it's not new behaviour.
>
> >     Others are floating point instruction non-coherencies, or memory
> >     corruptions -- outside of the range of permitted writing for the
> >     process -- running common instruction sequences.
>
> The FPU memory corruption is old behaviour, too.
>
> Certainly, there are some scary things in the list, but many of them are
> behaviours that are being documented for the first time, yet they exist
> in CPUs since even the 486, for example.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/watches.asp?Brand=14
http://www.jewelerslounge.com

[Attachment #5 (text/html)]

It&#39;s scary that these things cannot be patched. And this post will probably result in intel \
taking down that document saying look now there are now no holes!!!!<br><br><div><span \
class="gmail_quote">On 6/28/07, <b class="gmail_sendername"> Peter Ferrie</b> &lt;<a \
href="mailto:pferrie@symantec.com">pferrie@symantec.com</a>&gt; wrote:</span><blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt \
0.8ex; padding-left: 1ex;"> &gt;&nbsp;&nbsp; - Basically the MMU simply does not operate as \
specified/implimented<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; in previous generations of x86 \
hardware.&nbsp;&nbsp;It is not just buggy, but<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; Intel has gone \
further and defined &quot;new ways to handle page tables&quot; <br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; \
(see page 58).<br><br>I&#39;m not sure about this - I understood it to mean that if you touch \
a<br>table, you have to invalidate the TLB that corresponds to its \
linear<br>address.&nbsp;&nbsp;This was always how Intel CPUs behaved, even the old ones. \
<br>What changed?<br><br>&gt;&nbsp;&nbsp; - Some of these bugs are along the lines of \
&quot;buffer overflow&quot;; where<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; a write-protect or \
non-execute bit for a page table entry is ignored.<br><br>Same thing here - altering tables \
without flushing the TLBs will result in <br>cached data being used instead.&nbsp;&nbsp;Intel \
is documenting it very well now, but<br>it&#39;s not new \
behaviour.<br><br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; Others are floating point instruction \
non-coherencies, or memory<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; corruptions -- outside of the range \
of permitted writing for the <br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; process -- running common \
instruction sequences.<br><br>The FPU memory corruption is old behaviour, \
too.<br><br>Certainly, there are some scary things in the list, but many of them \
are<br>behaviours that are being documented for the first time, yet they exist <br>in CPUs \
since even the 486, for \
example.<br><br>_______________________________________________<br>Full-Disclosure - We believe \
in it.<br>Charter: <a \
href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
 </a><br>Hosted and sponsored by Secunia - <a \
href="http://secunia.com/">http://secunia.com/</a><br></blockquote></div><br><br \
clear="all"><br>-- <br><a \
href="http://www.goldwatches.com/watches.asp?Brand=14">http://www.goldwatches.com/watches.asp?Brand=14
 </a><br><a href="http://www.jewelerslounge.com">http://www.jewelerslounge.com</a>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic