Hacker News new | past | comments | ask | show | jobs | submit login

A really simple test you can compile with cygwin - if it doesn't crash, the bug is present:

  #include <stdio.h>
  int main()
          volatile unsigned long *ptr = (volatile unsigned long *)0xFFFFF6FB7DBED000;
          printf("%lx\n", *ptr);
          return 0;

I seem to be unable to find a patch that will make it so that this doesn't run. Windows Update says that I have all required patches. I first tried KB4088875. That didn't cause this program to fail. Then I tried "2018-03 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4088881)", which was only a recommended update. That didn't help either.

Same for me. I tested a Windows 7 x64 system which has all security patches, but caf's "really simple test" above still runs, which seems to indicate that the bug still exists. Same as you, I applied KB4088881, which was the only pending update, but it made no difference.

Also, I tried the command from the orginal article:

pcileech.exe dump -out memorydump.raw -device totalmeltdown -v -force

This creates 5GB file which does look like a raw memory dump. I'm not sure how to interpret this; I don't know what the behavior should be with or without the bug.

In the off chance that anyone stumbles across this in the future, KB100480 fixes this.


CVSS 3.0 base score of 7.8.

I finally found the fix. It's KB4100480. It makes the little test crash as it should.

So there is no patch that fixes it?

Same here.

I'm worried.

I tested this on a Win7 x64 system with the 2018-01 (KB4056897) and 2018-02 (KB4074587) patches. It segfaulted. Hmmm.

Ahh, I was using a 32-bit gcc. 64-bit gcc shows it :)

  $ x86_64-w64-mingw32-gcc meltdown.c -o meltdown.exe
  $ ./meltdown.exe

But can you find a March patch that makes the correct 64 bit version segfault? I can't :-(


Grammar police warning: The comma in “if it doesn’t crash, the bug is present” actually makes the intention more difficult to understand.

The comma placement "if clause1, clause2" is extremely common. In the above sentence, there is no other place it can go, other than nowhere at all.

"if, it doesn't crash ..." nope

"if it, doesn't ..." nope

"if it doesn't, crash ... " nope

"if it doesn't crash, the " yep!

"if it doesn't crash the, bug ..." nope

"if it doesn't crash the bug, is ..." nope

"if it doesn't crash the bug is, present" nope.

When it is present, it does help to separate the if and then, particularly in the absence of the word "then".

Without the comma, the prefix "if it doesn't crash the bug" can be scanned as a viable clause, only to find that the suffix becomes a fragment.

You brute-forced comma placement. I tip, to you, my hat.

Thank you for this and everyone who has downvoted an incorrect and misleading statement

"If x, y" is a shorthand for "If x then y" in spoken language.

That's the grammatically correct place to put the comma. Fairly sure you're actually grammatically required to have a comma there.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact