Intel has had a recent run of bad news, the current architectural generation has been hit with fundamental design flaws long ago part of the original microcode…
Affects up to 10 yrs(?) of processors. Interesting since the current major Intel re-architecture was in 2013.
AMD says it’s not affected by this issue.
Reported approx May 2017 and many have studied it closely for the past half year.
Supposedly cannot be addressed by a firmware upgrade but can and is being addressed at the OS level.
Linux supposedly has been reviewing its patches since November 2017, and is now ready to roll out.
MSWindows is supposedly going to roll out this coming Patch Tuesday (January 2018)
Probably another good reason to ditch unsupported OS of all kinds.
Impact will be a major and possibly noticeable slowdown, up to approx 20% of max system performance(We may see complaints!).
Discovery was through research. No known current exploits in the wild, and even in a Lab. Supposedly proof of concepts have failed but been enough to spur concern to fix regardless.
If any of you were really interested, you would not ask in Chit-Chat but go to openSUSE security pages and found out that both for Leap and Tumbleweed kernels with Meltdown (and partial Spectre) protection are already available. Updated microcode for Intel and AMD is also available for Leap.
Perhaps if you got off your high-horse long enough to stop flinging condescending insults, you might realize that 1) Even though I’ve been using Linux since the mid-90’s, I’m brand new to openSUSE, so perhaps I don’t know where these security pages are? And 2) I was speaking more kernel-side, all of Linux, not just a distro.
Chalk one up to another reason to stay away from this distro… Poor community right off the bat…
I do not know if it is mentioned already above, but when I were a new member on these forums, I probably would think that
Other Forums > News & Announcements > Security Announcements
would be an obvious place to start looking for information on this Meltdown and Spectre.
What @Henk says + if I search the forums for “meltdown” or “spectre”, the security announcements show up nicely.
Another nice starting point is news.opensuse.org , since security announcements go there too.
And, please stay calm and be patient. The devs and packagers are on it.
A road map is not present, since these updates will be pushed through the update repos, seperately from other updates in the case of TW.
There were three openSUSE Leap 42.3 patches published yesterday (Friday the 5th of January 2018) morning Central European time:
openSUSE-2018-1: Security update for kernel-firmware (AMD microcode);
openSUSE-2018-2: Security update for the Linux Kernel;
openSUSE-2018-4: Security update for ucode-intel.
[HR][/HR]May I suggest that, as members of the openSUSE community we give a round of applause for the SUSE employees who, through their contacts within the industry, worked to make these repairs available in a timely fashion.
This repository contains several applications, demonstrating the Meltdown bug. For technical information about the bug, refer to the paper:
Meltdown by Lipp, Schwarz, Gruss, Prescher, Haas, Mangard, Kocher, Genkin, Yarom, and Hamburg
The applications in this repository are built with libkdump, a library we developed for the paper. This library simplifies exploitation of the bug by automatically adapting to certain properties of the environment.