• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 74 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Arkaign

Lifer
Oct 27, 2006
20,565
1,042
126
I've no idea what meta-data means in terms of the CPU cache/RAM but here's an example from a related field of tech. On HDDs/SSDs/flash drives/etc. you have files which contain actual data. Then you have their records in the file allocation table, which tells the OS where to find these files on the underlying storage. This entire table is basically meta-data. File names could also be considered meta-data. All things considered such meta-data cannot be used directly to infer the contents of the files but it may hint at what's being stored.

Considering that not a single major company has made an announcement about this vulnerability it's safe to assume it's either very hard or near impossible to exploit, or already fixed. The Linux kernel usually gets such fixes as soon as they are announced and this time it's been nothing. The most recent Linux kernel 5.5.8 has absolutely nothing.
Yeah from everything I've seen of these side channel attacks, they're very time consuming, require elite expertise, and even if everything goes perfectly, the odds of actually pulling anything much of relevance is a crap shoot. It's like Vic-20 300 baud modem performance type hacking. Given the plethora of other tricks and exploits of other kinds which basically give you admin/root on most systems should you find the correct vector (be it a third party service, a human exploit, whatever), I think these things are mostly in the 'thats interesting' phase.

I think it's sort of funny in a roundabout way that Intel was paying this research group to find bugs in its own CPUs, and they ended up also finding a similarly 'so what' bug in the AMD stuff. Well, I guess there was that other variant of Meltdown (S?) that affected Ryzen. But still, I'd used 'affected' in the loosest possible terms.

Still think I'll be recommending Ryzen 3000 series for home/WS, and Threadripper/EPYC for more serious big iron customers, even if they found a hundred of these stupid near useless exploit things. Other than used deals, it's damn hard to justify current Intel pricing for 115x products.
 
  • Like
Reactions: lightmanek

UsandThem

Elite Member
Super Moderator
May 4, 2000
13,515
4,156
146
anyone keeping the count?
According to a Tom's article back in December (although more have been discovered since then), it was 236 discovered in 2019.
https://www.tomshardware.com/news/intel-security-report-2019-quality-assurance
Intel said that 91% of the reported bugs in 2019 were due to its investment in product assurance. It also noted that none of the 236 vulnerabilities uncovered in 2019 were known to be used in attacks at the time of public disclosure.
 

nicalandia

Senior member
Jan 10, 2019
288
303
96
From: " Crucially, unlike prior attacks, #LVI cannot be transparently mitigated on current CPUs and requires expensive compiler mitigations that insert an LFENCE after potentially *every* memory load and blacklist the x86 RET instruction-- we measure overheads of factor 2 up to 19(!) "

Even an Awesome Youtube Video..


 
Last edited:
  • Haha
Reactions: lightmanek

Hitman928

Platinum Member
Apr 15, 2012
2,962
2,555
136
Yet another Intel Vulnerability:


anyone keeping the count?
Can't be carried out remotely which is good but is still an attack vector for share computing environments (e.g. cloud based computing). Seems to effect all current intel CPUs and possibly Arm and PPC CPUs that were vulnerable to meltdown but this isn't confirmed. The real mitigation for this also looks brutal from a performance perspective, I wonder if intel will come out with a less penalizing fix. If not, the performance penalty to likelihood of successful attack seems too high for anyone, except maybe the government, to patch.
 
  • Like
Reactions: lightmanek

DisEnchantment

Senior member
Mar 3, 2017
653
1,452
106
Can't be carried out remotely which is good but is still an attack vector for share computing environments (e.g. cloud based computing). Seems to effect all current intel CPUs and possibly Arm and PPC CPUs that were vulnerable to meltdown but this isn't confirmed. The real mitigation for this also looks brutal from a performance perspective, I wonder if intel will come out with a less penalizing fix. If not, the performance penalty to likelihood of successful attack seems too high for anyone, except maybe the government, to patch.
This is why cloud computing is more than just buy some instances from AWS and call it a day.

Usually you would have public facing services in public infra and then PII is handled on prem.

This way you achieve multiple things

PII is not hosted in public cloud and is under your control
PII can be be geo located in the area being served thereby complying with data protection laws.
Compromising the public services does not compromise the PII.
Only specific services need scaling.

This is the so called Hybrid cloud Architecture.

Vulnerabilities like these bad though they may seem are largely mitigated because all your sensitive info is under your control.

Interesting things that people working with on prem Infra are high throughput caching databases and the like.
 
  • Like
Reactions: lightmanek

DrMrLordX

Lifer
Apr 27, 2000
16,506
5,480
136
The worst part is that unless you go 4P or 8P, you're basically stuck on Cascade Lake for awhile. Later steppings aren't as bad, but still. No real platform upgrade available in 1P/2P configurations until quite a bit later in the year (whenever IceLake-SP finally shows up), and no new core to move to either until that platform shows up.
 

Gideon

Golden Member
Nov 27, 2007
1,033
1,714
136
0
The worst part is that unless you go 4P or 8P, you're basically stuck on Cascade Lake for awhile. Later steppings aren't as bad, but still. No real platform upgrade available in 1P/2P configurations until quite a bit later in the year (whenever IceLake-SP finally shows up), and no new core to move to either until that platform shows up.
IMO the biggest problem they have is, once Ice Lake does show up, they don't have enough fabs to produce enough of it for everyone. So some companies still need to go Cascade Lake

Or you know, take their head out of their backside and buy Milan
 

UsandThem

Elite Member
Super Moderator
May 4, 2000
13,515
4,156
146
These vulnerabilities seem to be never ending for Intel over the last several years. The latest ones (from the article above) have been dubbed "CrossTalk".
Many defenders took that to mean that allocating trusted and untrusted code to different cores provided meaningful protection against speculative execution attacks, which are also known as transient execution attacks. CrossTalk, as the new exploit has been named, will force researchers and engineers to revisit that assumption.

“As an example,” researchers wrote in an email, “many believed disabling Intel SMT (hyperthreading) was sufficient to stop the majority of known/future attacks. Moreover, all attacks so far could be mitigated by simply running mutually non-trusting code on separate cores. We show that the problem goes even deeper and core-based isolation may not be sufficient."
 
  • Wow
Reactions: DarthKyrie

Hitman928

Platinum Member
Apr 15, 2012
2,962
2,555
136
These vulnerabilities seem to be never ending for Intel over the last several years. The latest ones (from the article above) have been dubbed "CrossTalk".
And SGAxe which is based on the earlier CacheOut but modified to overcome Intel's microcode mitigation.

Intel never fixed the underlying vulnerability in the silicon. Instead, company engineers issued a microcode update that caused CPUs to overwrite buffer contents with garbage every time the processor began a new security-sensitive operation. CacheOut figured out a way to bypass this mitigation.
 

DrMrLordX

Lifer
Apr 27, 2000
16,506
5,480
136
FYI CrossTalk was apparently exposed back in 2018. Intel has been working with security researchers to stamp it out for some time (it took awhile).
 

randomhero

Member
Apr 28, 2020
90
136
66
My god, what a cluster****!
Basically, one cannot trust any online service anymore!!!
When first flaws were discovered, I was aware that that is just tip of the iceberg, but I was not expecting it to be that huge.
 

DrMrLordX

Lifer
Apr 27, 2000
16,506
5,480
136
the server guys will either buy more xeons to make up the deficit or switch to epyc sooner.
Last year the trend was "buy more Xeons boys!!!". It also gave a lot of server room admins the excuse to switch from Skylake-SP to Cascade Lake-SP. Now, though?
 

beginner99

Diamond Member
Jun 2, 2009
4,627
1,014
136
Very unclear yet but there might be more in the bush, this time affecting ice lake:

People have been reporting a high amount of crashes when running JetBrains products on latest Macbook Airs (with 10th gen Intel processors). These crashes are both OS-level application crashes (which should normally never happen with JVM apps) and full system crashes (including one guy crashing his Macbook while running these apps in a VM).

No one actually managed to diagnose the issue yet, the title is just a theory.
The most notable thing is that you can crash the whole system from a VM. So theoretically if it really is a CPU error and Amazon would be offering servers based on ice lake (lol, in 2030 maybe?) one could simply start a VM, run some jetbrains product and crash the whole system your VM is running on. Pretty bad.
 

DrMrLordX

Lifer
Apr 27, 2000
16,506
5,480
136
@beginner99

Considering how long it took Amazon to offer Rome instances, I wouldn't expect IceLake-SP instances anytime soon. If it were that easy to crash Cascade Lake just running some Jetbrains, though . . . phew.
 

Stuka87

Diamond Member
Dec 10, 2010
5,129
876
126
That is crazy. I use intelliJ daily, with code running inside VM's, but I have an 8th gen CPU, and thus far have not had issues.
 

Kenmitch

Diamond Member
Oct 10, 1999
8,165
1,626
126
Looks like AMD got hit with one. Not sure if it's been posted yet.


Luckily, this vulnerability can be mitigated with a simple microcode update, which seemingly doesn't bear a performance impact on the system. AMD has already distributed updated versions of its AGESA microcodes to its motherboard partners and will deliver the remaining versions by the end of this month.
Anybody keeping track of the exploits? I think Intel's still winning this " You don't want to win " contest.
 
  • Like
Reactions: spursindonesia

Hitman928

Platinum Member
Apr 15, 2012
2,962
2,555
136

Stuka87

Diamond Member
Dec 10, 2010
5,129
876
126
Interesting that it only hit the APUs. Seems to be a bug in the microcode though so pretty easy to fix.
The artical didn't have much in the way of details, but it may be related to the shared memory between the CPU and GPU.
 

ASK THE COMMUNITY

TRENDING THREADS