Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 72 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,302
10,490
136
coercitiv said:
Because security is not representative of real world benchmarks.
Click to expand...

Heehee. Funny, but if that were the case, all the patches going back to Meltdown would have been released the same way . . .

joesiv said:
From many peoples perspective the speculative execution attacks are medium risk, and as such don't warrant overreaction (including those in my company). So perhaps Microsoft is leaving it up to the admins to decide if it's worth the effort/performance to apply it?
Click to expand...

Heh! Possibly. Intel has likely noticed a number of their users looking for ways to disable mitigations just to claw back some performance.
 
UsandThem

UsandThem

Elite Member
Super Moderator
May 4, 2000
16,068
7,378
146
  • Wow
  • Like
Reactions: lightmanek and DarthKyrie
UsandThem

UsandThem

Elite Member
Super Moderator
May 4, 2000
16,068
7,378
146
DrMrLordX said:
@UsandThem

Does that mean the later steppings of Cascade Lake-SP (and -AP) are affected by this vulnerability? And what about Cooper Lake?
Click to expand...
That's the way I understand it, but they'll probably clear it up some more over the coming weeks. Honestly, with all the different vulnerabilities Intel has had over the last few years, it's getting tough to remember what CPUs have what hardware mitigation.
 
dualsmp

dualsmp

Golden Member
Aug 16, 2003
1,619
30
91
Another gift from Intel.

www.ptsecurity.com

Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders

Positive Technologies: Unfixable vulnerability in Intel chipsets threatens users and content rightsholders
www.ptsecurity.com www.ptsecurity.com
blog.ptsecurity.com

Intel x86 Root of Trust: loss of trust

The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has ...
blog.ptsecurity.com blog.ptsecurity.com

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc

Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away
www.theregister.co.uk www.theregister.co.uk
 
  • Like
Reactions: lightmanek and DarthKyrie
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,302
10,490
136
Doesn't appear to affect "tenth gen" Intel platforms. I guess? So hey just another reason for people to buy more Intel stuff! Gotta stay up to date!
 
  • Like
Reactions: lightmanek
T

Topweasel

Diamond Member
Oct 19, 2000
5,435
1,651
136
DrMrLordX said:
Doesn't appear to affect "tenth gen" Intel platforms. I guess? So hey just another reason for people to buy more Intel stuff! Gotta stay up to date!
Click to expand...
So instead of purchasing 30% more hardware to make up the difference. They will have to replace everything. Intel's adapting to this pretty dang quickly.
 
  • Like
Reactions: lightmanek
Markfw

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,134
14,156
136
Topweasel said:
So instead of purchasing 30% more hardware to make up the difference. They will have to replace everything. Intel's adapting to this pretty dang quickly.
Click to expand...
There's lots of other things that still affect 10th gen hardware.
 
dualsmp

dualsmp

Golden Member
Aug 16, 2003
1,619
30
91
I also stumbled across this tidbit yesterday where Intel quietly dropped support for older versions of Intel ME. Meaning Broadwell and earlier get no fixes anymore. This was back in May 2019.

https ://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html

Firmware versions Intel® Manageability Engine (Intel® ME) 3.x through 10.x, Intel® Trusted Execution Engine (Intel® TXE) 1.x through 2.x, and Intel® Server Platform Services 1.x through 2.X are no longer supported. Therefore, they weren't assessed for the vulnerabilities/CVEs listed in this Security Advisory. There's no new release planned for these versions.
--
Edit: Broadwell appears to use Intel ME version 10.x .
 
Last edited:
  • Like
  • Wow
Reactions: lightmanek and moinmoin
T

Topweasel

Diamond Member
Oct 19, 2000
5,435
1,651
136
Markfw said:
There's lots of other things that still affect 10th gen hardware.
Click to expand...
Sure creating a scenario where people have to replace everything twice. Eventually they will have a security issue so bad that people will run screaming to Intel to let them by 2400x the amount of equipment in replacement of the new unsecured one.
 
  • Haha
Reactions: lightmanek
H

Hitman928

Diamond Member
Apr 15, 2012
4,801
6,929
136
Gideon said:
Well well, it looks that there was an AMD security flaw discovered instead:

https://twitter.com/i/web/status/1235979728860872705

More news probably coming later
Click to expand...

While there's something there, it seems even harder to realize an actual attack than Spectre and also seems really easy to mitigate because it requires the attacker to be able to execute code on the same physical CPU core for one attack vector or the same logical core for the other attack vector. In other words, if you're in a cloud environment, then as long as you make sure instances don't share cores, you're good. If you're not in a cloud environment, you're probably pretty screwed anyway because the attacker is executing code on your system. I'll wait to see how AMD responds for the rest.
 
  • Like
Reactions: lightmanek, IEC, DarthKyrie and 2 others
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
4,728
7,245
136
I'd take this serious, the people (from TU Graz) behind this paper also unearthed many of the Meltdown and Spectre vulnerabilities. Note that finding vulnerabilities is actually good news if it results in hardening the affected products (of which AMD's track record so far is fine). Also Intel's "involvement" says nothing, the team has been looking at CPUs for these kinds of weaknesses for years now and gets the chips directly from Intel and AMD these days, so they are acknowledged for that.
 
  • Like
Reactions: lightmanek, Nothingness and Gideon
N

nicalandia

Diamond Member
Jan 10, 2019
3,327
5,279
136
I call this BS.. Why did they had to reverse engineered AMD's L1D Cache way predictor instead of testing it on the actual hardware?

"Additional funding was provided by generous gifts from Intel" ...What kind of Gifts?
 
  • Like
Reactions: DarthKyrie and Jimzz
UsandThem

UsandThem

Elite Member
Super Moderator
May 4, 2000
16,068
7,378
146
It looks like Tom's released an article concerning what was in the Tweet above, although they are still waiting to hear back from both AMD and Intel:

https://www.tomshardware.com/news/new-amd-side-channel-attacks-discovered-impacts-zen-architecture
A new paper released by the Graz University of Technology details two new attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

The university disclosed the vulnerabilities to AMD on August 23, 2019, meaning it was disclosed in a responsible manner (unlike the CTS Lab debacle), but there isn't any word of a fix yet. We've pinged AMD for comment.
Click to expand...
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,009
9,878
126
by manipulating the L1D cache predictor.
Click to expand...

I understand the need for branch "prediction", but I guess I don't understand cache "prediction". Wouldn't that be "way selection", and not"prediction"?

I thought caching didn't rely on prediction, rather, search on tag bits, with final address bit verification, once the tag bits were hit in a "way".

I'm not really up on cutting-edge micro-architecture these days, so I could be wrong. I remember "COAST" modules for cache, that's about as recent as my knowledge on the subject.
 
N

naukkis

Senior member
Jun 5, 2002
637
512
136
nicalandia said:
I call this BS.. Why did they had to reverse engineered AMD's L1D Cache way predictor instead of testing it on the actual hardware?

"Additional funding was provided by generous gifts from Intel" ...What kind of Gifts?
Click to expand...

Because CPU's branch predictors and caches are utilized with microtags, only few bits of whole addresss space are needed for tags. AMD calls that way prediction but L1-cache is read with that microtag and that microtag can be wrong, so wrong data might be get from cache. Full tags are only checked later so side-channel exploit can leak that wrongly accessed data.

That's just why Intel cpu's are so vulnerable. Intel didn't hash their microtags at all so exploiting those vulnerabilities is as easy as it can be. AMD hashed those microtags so to exploit those vulnerabilities they first need to reverse-engineer those hash functions to be able to know how to attack against them.
 
  • Like
Reactions: moinmoin
N

Nothingness

Platinum Member
Jul 3, 2013
2,249
528
136
nicalandia said:
I call this BS.. Why did they had to reverse engineered AMD's L1D Cache way predictor instead of testing it on the actual hardware?
Click to expand...
I don't get your point: they reverse engineered the way prediction algorithm by running on actual hardware.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom