Published in News

Intel blocked kernel fixes on Meltdown and Spectre

by on03 September 2018

Odd behaviour from Chipzilla which it now has realised was dumb

Linux kernel developer Greg Kroah-Hartman criticized Intel's slow initial response to the Spectre and Meltdown bugs in a talk at the Open Source Summit North America.

Kroah-Hartman said that when Intel finally decided to tell Linux developers, the disclosure was siloyed.

"Intel silenoed SuSE, they siloed Red Hat, they siloed Canonical. They never told Oracle, and they wouldn't let us talk to each other."

When there is a set of vulnerabilities, Kroah-Hartman said the different Linux vendors typically work together. However, in this case they were forced to work by themselves and each came up with different solutions.

"It really wasn't working, and a number of us kernel developers yelled at [Intel] and pleaded, and we finally got them to allow us to talk to each other the last week of December [2017]", he said.

"All of our Christmas vacations were ruined. This was not good. Intel really messed up on this", Kroah-Hartman said.

"The majority of the world runs Debian, or they run their own kernel", Kroah-Hartman said. "Debian was not allowed to be part of the disclosure, so the majority of the world was caught with their pants down, and that's not good."

Kroah-Hartman said that after Linux kernel developers complained loudly to the company in December 2017 and into January 2018, Intel fixed its disclosure process for future Meltdown- and Spectre-related vulnerabilities and got better at it.

One side effect of Meltdown and Spectre vulnerabilities is that Linux and Windows developers are now working together, since both operating systems face similar risks from the CPU vulnerabilities.

"Windows and Linux kernel developers now have this wonderful back channel. We're talking to each other and we're fixing bugs for each other", Kroah-Hartman said. "We are working well together. We have always wanted that."

Last modified on 03 September 2018
Rate this item
(0 votes)