Meltdown Fallout Continues
Qualcomm confirms it’s chips are vulnerable. Microsoft’s fix kills some AMD processors. Intel hit with first lawsuits.
The ongoing fallout from the Meltdown and Spectre CPU bugs has revealed more misery for computer users (and hardware manufacturers) around the world.
Qualcomm, the Californian technology giant, issued a statement saying its processors were vulnerable, though declined to say exactly which chips were vulnerable to which threats.
The company is the creator of the Snapdragon ‘system-on-a-chip’ processors, which are used in a wide range of Android smartphones, tablets and other devices. In a statement released late Friday afternoon (Pacific time), the company said:
“We are actively incorporating and deploying mitigations against the vulnerabilities for our impacted products, and we continue to work to strengthen them as possible. We are in the process of deploying these mitigations to our customers and encourage people to update their devices when patches become available.”
The Register provided a more in-depth breakdown:
Qualcomm uses a mix of customized off-the-shelf Arm cores and its homegrown Arm-compatible CPUs in its products, which drive tons of Android-based smartphones, tablets, and other devices. A selection of Arm Cortex-A and Cortex-R CPU core designs are vulnerable to the CVE-2017-5753 and CVE-2017-5715 Spectre vulnerabilities, but only one – the Cortex-A75 – is also vulnerable to the easily exploitable CVE-2017-5754 Meltdown flaw. The A75 is not in any shipping product at the moment.
Qualcomm will use that A75 core for its Snapdragon 845, while other Snapdragon lines list the A53 and A72, which are only vulnerable to the two Spectre variants. As we said, Qualcomm uses a mix of custom and off-the-shelf cores; they are probably affected by Spectre, and maybe Meltdown. Qualy won’t clarify either way.
Look out for operating system updates – particularly Android and Linux – to install on your Qualcomm-powered devices and machines.
Microsoft Fix Kills AMD Chips
The Register also reports that Microsoft’s update (KB4056892) to address the Meltdown and Spectre bugs may be killing certain AMD processors. In a thread on Microsoft’s answers forum, a number of users with Athlon-powered machines have reported that applying the update leaves them with a ‘bricked’ device.
Worse yet is the fact that the patch does not create a recovery point, so ‘rolling back’ doesn’t help and in some cases is reportedly inaccessible. Some users have even found a new Windows install has not helped, while others have reinstalled the operating system, only to have the patch automatically download and install once more.
Lawsuits start hitting Intel
Three class-action lawsuits have already hit Intel, thanks to the Spectre and Meltdown bugs. Complaints have been filed in San Francisco, Eugene, and Indianapolis district courts, accusing the technology company of negligence, deceptive practices, unfair competition, breach of implied warranty, and unjust enrichment.
The suits claim that Intel misled consumers by failing to disclose the security issue, as well as the reduction in performance resulting from patches
According to The Register:
“The defect renders the Intel x86-64x CPUs unfit for their intended use and purpose,” the complaints read. “In essence, Intel x86-64x CPU owners are left with the unappealing choice of either purchasing a new processor or computer containing a CPU that does not contain the Defect, or continuing to use a computer with massive security vulnerabilities or one with significant performance degradation.”
On the bright side, it has been revealed that the ARM11 cores in the Raspberry Pi are immune to both bugs.