Kernel Page-Table Isolation (KPTI) - severe ARM + Intel CPU bug, hits partly AMD



The final paragraph is not encouraging: “Do not expect quick fixes, especially for Spectre. Speculative execution is as fundamental to the working of modern chips as assembly lines are to a modern factory. Redesigning, testing and manufacturing billions of replacement devices would take years. At the same time, the economic incentives within the computing business still favour speed and sharing over security. There are good economic reasons for the lack of diversity in processors, too, chiefly the benefits of standardisation, which makes computers compatible and lowers costs. But all that also promotes brittleness and fragility. In other words, this double blow will be almost certainly be followed by other, equally painful ones.”


Where is VIA CPU? :kr:
No one answered here yet:

But probably not, becaue they are so old.

Edit: They implement out-of-order execution as well, therefore might be affected, too.

Spectre v2 - Status of fixes for different CPU vendors and generations

Contact your laptop manufacturer.


if intel-ucode is installed from the extra repository (which it seems to be on my notebook), shouldn’t the microcode update apply during boot as and when it is made available by Intel and updated accordingly by the package maintainer?

I didn’t enable it, it was set by default during installation and it is working according to dmesg | grep microcode.


when I run that from a command line I get
grep: and: No such file or directory
grep: zcat: No such file or directory

So even though I am running 4.14.11-1-MANJARO #1 SMP PREEMPT Wed Jan 3 I am not sure the requisite patch is/has been applied?


Two separate statements

$ dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled
$ zcat /proc/config.gz | grep -i page_table


How to know if my Kernel version contains mitigation of "Intel Meltdown vulnerability"

According the Intel’s list my old Intel Core2 Quad Q6600 seems not affected by Meltdown not Spectre. Am I right?



Thanks sueridgepipe I’m set then but still find this whole saga a worriesome event. Of course, if there’s any solace to be had it must be in those words of philm above “…Well, it is known for a while (June 2017) and therefore communicated to those of interest…” Which is akin I suppose to “what you don’t know won’t hurt you” :grin::grin:


Meltdown: All Intels since the first Pentium are affected, with the exception of some Atom processors and the Itaniums (-> different architecture).

Spectre: Also affects AMD and some ARM.

Yes, according to that list, your CPU is not affected, but that seems a bit contradictory to what is written on


You should work on the assumption that all Intel CPUs are affected.


I agree, Intel hasn’t been very trustworthy in the last few days with their statements…to say the least.

Here’s what Linus Torvalds thinks:


My thoughts:

There are 2 Security issues: Meltdown and Spectre.

Meltdown is a critical security breach that allows every application to read every memory bit of other applications which is only fixable with affecting performance. That one affects ONLY Intel but apparently every “modern” CPU they made in the last decade.

The second one is Spectre, which needs highly modified, application-specific malware to be usable for exploits and thus “only” a regular security breach. This one is partially valid for AMD and ARM, too. However, Spectre can be fixed without affecting performance.

So yeah, big bugs, extremely bad for Intel and their users. I don’t really care much for Spectre. It needs to be fixed, but its nature does not expose such a big threat like Meltdown does.

Edit: Seems like my general favour for AMD on desktop usage pays off more and more for me and my friends ^^


Intel announces updates:


Phoronix Linux KPTI Tests Using Linux 4.14 vs. 4.9 vs. 4.4

I think we should open up another Topic about this to collect outputs and posts about affected/not affected CPUs.
This topic should be straight about the 2 hardware bugs and comments; thanks.


Ok, on that case I’ll apply the update.

Thank you very much!! :smiley:


Thank you very much for the link!! :smiley:


Ad-blockers are the next anti-virus. Some have already started blocking malware scripts like crypto-mining ones, i’d expect they also block such scripts in the future.


I curious how critical these bugs really are for the normal home user? Reading them they sound critical for cloud providers where different customers are on the same hardware…but for a desktop user who is the only person using the computer?

I guess a virus could use these flaws to access data, but if it’s already running on your computer wouldn’t it be easier to screen scrape and key log to gather information?

I’m guessing if you can use JavaScript to exploit the issues, but then I’m not sure how I would use javascript to try to access kernel memory with out of order execution in the cpu.


With Firefox these settings could help (note the conditional):

user_pref("javascript_options.shared_memory", false)
user_pref("privacy.firstparty.isolate", true)


Then…there is this