back to article IBM’s complete Meltdown fix won’t land until mid-February

IBM’s started to release its own patches for the Meltdown mess and the Spectre SNAFU, which it’s half-confirmed impact its hardware and operating systems, but won’t have a complete fix until mid-February. We say half-confirmed because Big Blue has only said it has problems with the processor issues Google mentioned last week, …

  1. rmason

    And yet HP...

    And yet HP are pointing us to BIOS versions that are a few months old for some models/generations as the "fixed" version.

    Other generations/models are also feb patches.

    How long was this embargo, exactly?

    1. Anonymous Coward
      Anonymous Coward

      Re: And yet HP...

      I've heard rumours that it was released to Tier 1 vendors in the community June or July.

  2. Blotto Silver badge

    Patents

    did all the major chip designers buy in commercial designs for their chips hence why so many vendors are have been caught out?

    will they be releasing fixes for chips in space craft / off world rovers etc?

    how about embedded military systems?

    1. Bubba Von Braun

      Re: Patents

      They will need to as the Power architecture chips are in use in military and space hardware. Spirit, Opportunity, Curiosity, Dawn are all running rad hardened Power architecture chips.

      But I guess most hackers don't have a 200ft dish laying around their back yard to upload code to it :-)

      Lots of 805/x and 80386/486 up there but Power has become a weapon of choice for big probes it seems. There is also the 1750a used allot of flight control systems 16bit RISC from a 1980's time.

  3. Anonymous Coward
    Anonymous Coward

    Not happening

    Again, security, no Local Code, no issue.

    The System has to be wide effing open for a chance of this to be a problem.

    Fake news!

  4. rotmos

    If "a party" has access to your systems perhaps you have a bigger problem than Meltdown and Spectre?

    1. Michael Wojcik Silver badge

      VMs, where there are multiple VMs running on a single physical system, and they have isolation requirements. Anything running in the cloud, for example. Anything running in a data center where different VMs have different regulatory requirements.

      Javascript drive-by attacks.

      All of this has been discussed at great length, and is in the original papers.

  5. Anonymous Coward
    Anonymous Coward

    Motherhood???

    "Big Blue’s also said “Clients should review these patches in the context of their datacenter environment and standard evaluation practices to determine if they should be applied.”

    The latter is a motherhood statement..."

    Even assuming that's a typo, I can't figure out what it is supposed to mean.

  6. Michael Wojcik Silver badge

    Spectre, not Meltdown

    POWER CPUs are vulnerable to Spectre. It's unlikely they're vulnerable to Meltdown.

    Spectre is a very broad class of attacks that affects most modern CPUs.

    Meltdown only applies to CPUs that are subject to Spectre-class attacks and do not enforce permissions on speculative loads. And even then, Meltdown only applies if you have higher-privilege pages mapped when running at low privilege, which is an OS architectural choice.

  7. Anonymous Coward
    Anonymous Coward

    Fujitsu SPARC not requiring a BIOS/Firmware update!

    FYI. According to recent update from Fujitsu, https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-Side-Channel-Analysis-Method-Security-Review-CVE2017-5715-vulnerability-Fujitsu-products.pdf

    All recent Fujitsu SPARC servers will not require a new BIOS update (firmware update) and only an OS update to address SPECTRE vulnerability. So looks like no reboot will be necessary unlike majority of Power Systems! Hah!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like