BTRY B 529th FA BN
Lifer
Last edited:
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Massive Pre 2011 Intel CPU Exploit
- Thread starter BTRY B 529th FA BN
- Start date
BTRY B 529th FA BN
Lifer
Sorry, forgot to include this link/article, too
http://www.engadget.com/2015/08/08/...site&utm_source=sendgrid.com&utm_medium=email
http://www.engadget.com/2015/08/08/...site&utm_source=sendgrid.com&utm_medium=email
Like a virtual machine? AFAIK hardware accelerators (KVM) run in ring-0
zir_blazer
Golden Member
Intel VT-d and AMD-V were considered Ring -1 in some papers, so that's where the Hypervisor runs. And as far that I recall, Ring 1 and 2 are barely used in the x86 world since for portability reasons with other architectures which have more simple Ring designs, they use only Ring 0 and 3.A VM shouldnt run in ring0. They run in ring1.
It may be different between certain VM hypervisors tho.
I recall having suggested a year or so ago that SMM was related to how Intel programs Processors to enable/disable feature bits and such, when a Core i5 that magically had Hyper Threading turned on appeared on overclock.net.
VirtualLarry
No Lifer
Looks like fun. Crazy exploit idea. I like it. Pretty freaking brilliant.
I've done some programming back in the day in "flat real mode" on 386's, which is somewhat similar to SMM mode (I think), in that you have essentially full physical access to a machine's hardware. (TBH, my memory is pretty fuzzy, I don't remember if the 386 even had SMM.)
SMM is supposed to exist in a special protected memory space. (It used to use the same aliased system memory used for the VGA memory address space.)
Edit: It will be interesting to see if AMD CPUs are vulnerable to this.
I've done some programming back in the day in "flat real mode" on 386's, which is somewhat similar to SMM mode (I think), in that you have essentially full physical access to a machine's hardware. (TBH, my memory is pretty fuzzy, I don't remember if the 386 even had SMM.)
SMM is supposed to exist in a special protected memory space. (It used to use the same aliased system memory used for the VGA memory address space.)
Edit: It will be interesting to see if AMD CPUs are vulnerable to this.
ShintaiDK
Lifer
VT-D/AMD-Vi is very rarely used.
Burpo
Diamond Member
Worry for nothing.. 🙄
"These things have not happened yet, and the level of expertise needed to exploit this bug to do these things is certainly high. And, to top it off, you do need access to Ring 0 memory to get to SMM, so using this for privilege escalation is questionable right now."
"These things have not happened yet, and the level of expertise needed to exploit this bug to do these things is certainly high. And, to top it off, you do need access to Ring 0 memory to get to SMM, so using this for privilege escalation is questionable right now."
zir_blazer
Golden Member
I mean, VT-x and AMD-V. I think you should figure it out that I made a typo there.
And VT-d itself isn't "very rarely used". I used it daily since I use a VM for my gaming needs and VT-d is a must to get the GPU in there.
DrMrLordX
Lifer
I concur. AMD's market share may have dropped to the point of non-existence in today's market, but 5-7 years ago, they were still selling a fair number of chips. There are a lot of K10.5 Stars chips still in use/circulation. The used market for those things is still alive and kicking.
I get a good 3 hours out of that, just enough time to stave off leg ischemic damage due to poor circulation.
ninaholic37
Golden Member
Nah, make a program that will unlock that "reverse-hyperthreading" mode that everyone was talking about before Conroe arrived, but never showed up for some strange reason!
zir_blazer
Golden Member
The guy that talked a lot about that was Charlie from The Inquirer (Now he is on SemiAccurate).
There is a point in SMM. It is pretty much undocumented and can be used for a lot of nasty tricks. Since Intel uses just a handful of physical dies for a thousand different SKUs, there should be an easy way to program their specs to them AFTER the binning process. It may even be by using a special Socket that make contact with pins that aren't used on the standard version and enables the model specific registers write mode. However, when Intel launched their "CPU upgrade" pilot programs some years ago that could unlock features on some specific CPUs, I got obsessed that there is a pure Software way to deal with this.
That would be an incredible unlock, if it were possible. If you could buy a hex core 2603v3 for $200 and software mod it to an unlocked 8(16), it would be an ridiculous value at least until Intel shut it down in future generations.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
