Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 79 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
D

deasd

Senior member
Dec 31, 2013
574
956
136
Just went over old Spectre/Meltdown mitigation test summary from last year, it seems context switching result heavily depends on memory latency, IO, and core-interconnect, since 10980XE has the same arch as 10900K but only different in some other factors that mentioned above... the only way that explain why Intel HEDT suffer the most.

In short, this is not a generic algorithm test and more of a stress program switching test between cores, we have to wait for Windows responding to new Spectre.

A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown - Phoronix Forums

Phoronix: A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown With this week marking three years since Spectre and Meltdown were made public in ushering in a wave of CPU security disclosures that followed and mitigations that often resulted in measurable performance...
www.phoronix.com
With the number of cores per CPU growing ever since, there is less and less need to even switch between programs. (There is still the user<->kernel transition on each syscall, depending on one's interpretation of "context switch". However, I seem to remember TSS change/TLB flush was the expensive part, so program switch it is.)
Click to expand...

A Look At The CPU Security Mitigation Costs Three Years After Spectre/Meltdown - Phoronix

www.phoronix.com www.phoronix.com

3.jpg
 
D

deasd

Senior member
Dec 31, 2013
574
956
136
So..... a month later, still no action from Microsoft against Spectre V2 ??? What's going on there,....
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
22,148
11,835
136
deasd said:
So..... a month later, still no action from Microsoft against Spectre V2 ??? What's going on there,....
Click to expand...

Nothing, apparently. I guess they think they can ignore it so long as there are no PoCs or active exploits in the wild.
 
I

igor_kavinski

Lifer
Jul 27, 2020
20,623
14,320
146
Intel can't take the performance hit. They will wait till Raptor Lake possibly to slow down ADL with security patches.
 
B

beginner99

Diamond Member
Jun 2, 2009
5,235
1,612
136
deasd said:
So..... a month later, still no action from Microsoft against Spectre V2 ??? What's going on there,....
Click to expand...

The issue is overblown. Always has been for client (=us) users. It has always been an issue with cloud providers where different people share stuff on the same machine (CPU) and exploting these could give them unwanted access. But let's be clear. Nobody runs security ciritical stuff on shared machines so even then it's doubtful how useful that attack ever was outside of state-actors.
For linux it is fixed and these machines all run linux and not windows. The only place you find windows server is inside corporations and here the whole sharing one machine part is much less critical as only your admins could really exploit and they are your admins so they don^t need security bugs to do nefarious things. (These machines are behind firewalls so only internal users are possible attackers)
 
N

nicalandia

Diamond Member
Jan 10, 2019
3,331
5,282
136
This is getting out of hand really fast

Hertzbleed Attack

Hertzbleed Attack

www.hertzbleed.com www.hertzbleed.com

Am I affected by Hertzbleed?

Likely, yes.

Intel’s security advisory states that all Intel processors are affected. We experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture.


AMD’s security advisory states that several of their desktop, mobile and server processors are affected. We experimentally confirmed that AMD Ryzen processors are affected, including desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.
 
  • Wow
Reactions: igor_kavinski
H

Hitman928

Diamond Member
Apr 15, 2012
6,375
11,352
136
nicalandia said:
This is getting out of hand really fast

Hertzbleed Attack

Hertzbleed Attack

www.hertzbleed.com www.hertzbleed.com

Am I affected by Hertzbleed?

Likely, yes.

Intel’s security advisory states that all Intel processors are affected. We experimentally confirmed that several Intel processors are affected, including desktop and laptop models from the 8th to the 11th generation Core microarchitecture.


AMD’s security advisory states that several of their desktop, mobile and server processors are affected. We experimentally confirmed that AMD Ryzen processors are affected, including desktop and laptop models from the Zen 2 and Zen 3 microarchitectures.
Click to expand...

Two things:

  1. Basically every modern CPU is affected by Hertzbleed.
  2. No one has to worry. This is not a danger to anyone and AMD and Intel (and almost assuredly ARM and any of the ARM licensees) aren't even releasing any kind of fixes for it.
 
  • Like
Reactions: lightmanek
I

igor_kavinski

Lifer
Jul 27, 2020
20,623
14,320
146
Want to hear a conspiracy theory?

"Hey! PC sales are down. People are satisfied with their old CPUs. We need something to increase sales ASAP!".

"I have the perfect idea! We hire a bunch of security guys to find flaws in our older designs and then we tell everyone how seriously insecure they are from potential attacks! Everyone will scramble to buy the newer CPUs that are immune to these vulnerabilities."

"Wow! You are a genius! Get right on it! By the way, how about we design these hard to find vulnerabilities into the newer CPU architectures and disclose them at the end of every generation?"

"Brilliant! I concur!"
 
  • Like
Reactions: lightmanek, DarthKyrie, KompuKare and 1 other person
Markfw

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
26,348
15,478
136
Threadripper 1000 series and Ryzen 5000 series are not on the list !
 
H

Hitman928

Diamond Member
Apr 15, 2012
6,375
11,352
136
Markfw said:
Threadripper 1000 series and Ryzen 5000 series are not on the list !
Click to expand...

They are affected. Maybe their specific boosting behavior will take some small tweaks to make the attack work, but the attack described will work on any modern CPU. With that said, again, no one needs to worry. The real world applicability of this is basically 0.
 
I

igor_kavinski

Lifer
Jul 27, 2020
20,623
14,320
146
Markfw said:
Threadripper 1000 series and Ryzen 5000 series are not on the list !
Click to expand...
Isn't "AMD Ryzen™ Threadripper™ PRO processor" 1000 series?

So Zen 3 is immune? Interesting!

By the way, AMD's advisory is much more succinct and somewhat less scary. I find it better.

A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing guidance to address this potential vulnerability.
Click to expand...

Affected Products:
All Intel® Processors are affected.
Click to expand...

Which one is it, Intel? Some or all???? Make up your darn mind!!!!!!!!!! :mad:
 
  • Like
Reactions: lightmanek
H

Hitman928

Diamond Member
Apr 15, 2012
6,375
11,352
136
igor_kavinski said:
Sure it won't be used by state sponsored blackhats?
Click to expand...

They can go for it if they want. The problem is that to really make this attack work, you need elevated enough privileges that you would just get the keys directly. Theoretically you don't need those privileges, but then you need a system where no one else is logging in and any meaningful OS/background tasks are suppressed for several days and even network traffic may interrupt what you are trying to do. Works well in a lab where you can setup the computer and access exactly how you want it. In the real world, not so much.
 
  • Like
Reactions: lightmanek, KompuKare and igor_kavinski
O

ondma

Diamond Member
Mar 18, 2018
3,083
1,582
136
igor_kavinski said:
Isn't "AMD Ryzen™ Threadripper™ PRO processor" 1000 series?

So Zen 3 is immune? Interesting!

By the way, AMD's advisory is much more succinct and somewhat less scary. I find it better.





Which one is it, Intel? Some or all???? Make up your darn mind!!!!!!!!!! :mad:
Click to expand...
The article specifically says Zen 3 is affected.
Edit: perhaps not mentioned by AMD, but the authors say they "confirmed experimentally" that laptop and desktop models from Zen 2 and Zen 3 are affected. (See second full paragraph under Questions and Answers.)
 
Last edited:
I

igor_kavinski

Lifer
Jul 27, 2020
20,623
14,320
146
ondma said:
but the authors say they "confirmed experimentally" that laptop and desktop models from Zen 2 and Zen 3 are affected. (See second full paragraph under Questions and Answers.)
Click to expand...
You are right. Rats! But a performance impact of 5 to 11% for cryptolibraries doesn't sound that bad. What would this impact on client side? All https communication? The lower performance of patched cryptolibraries may go unnoticed.
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
22,148
11,835
136
Hertzbleed is an odd attack.

finding, among other things, that differences as seemingly minute as a set bit’s position in a word can be distinguished through frequency changes.
Click to expand...

Making matters worse, we show that data-dependent frequency adjustments can be observed without the need for any special privileges and even by a remote attacker. The reason is that CPU frequency differences directly translate to execution time differences (as 1 hertz = 1 cycle per second). The security implications of this finding are significant. For example, they fundamentally undermine constant-time programming, which has been the bedrock defense against timing attacks since their discovery in 1996 [58]. The premise behind constant-time
programming is that by writing a program to only use “safe” instructions, whose latency is invariant to the data values, the program’s execution time will be data-independent. With the frequency channel, however, timing becomes a function of data —even when only safe instructions are used.
Click to expand...
 
Stuka87

Stuka87

Diamond Member
Dec 10, 2010
6,240
2,559
136
This is another of these types of attacks that have no real impact on the average person.

My hats off to the group that discovered this issue though. It had to of taken a lot of work to find.
 
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
5,117
8,156
136
It's just adding to the overall attack surface. While there is no immediate danger I wouldn't downplay it. While exploitability is low this is true for a lot of potential and theoretical security issues. We don't know how any of them at one point can be combined to manipulate hardware in an easier way. That's why manufacturers should always strive to eventually resolve these issues even if the initial security impact assessment seems minor.
 
  • Like
Reactions: Stuka87 and igor_kavinski
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
22,148
11,835
136
moinmoin said:
It's just adding to the overall attack surface. While there is no immediate danger I wouldn't downplay it. While exploitability is low this is true for a lot of potential and theoretical security issues. We don't know how any of them at one point can be combined to manipulate hardware in an easier way. That's why manufacturers should always strive to eventually resolve these issues even if the initial security impact assessment seems minor.
Click to expand...

What I can't understand is how they can accurately guess the contents of cache when a single core could have instructions from multiple different threads in the pipeline all at once. It's not like the attack targets are in-order CPUs.
 
  • Like
Reactions: VirtualLarry and BTRY B 529th FA BN
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
5,117
8,156
136
DrMrLordX said:
What I can't understand is how they can accurately guess the contents of cache when a single core could have instructions from multiple different threads in the pipeline all at once. It's not like the attack targets are in-order CPUs.
Click to expand...
These exploits are part of the group of so called timing attacks. Wikipedia summary:
In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input. Finding secrets through timing information may be significantly easier than using cryptanalysis of known plaintext, ciphertext pairs. Sometimes timing information is combined with cryptanalysis to increase the rate of information leakage.
Click to expand...

But time is only the most basic parameter that can be used to help find secrets. If a system allows monitoring other aspects affected by code execution, like changing frequency, heat, power usage etc. those can also be used to help finding the secret more quickly. This paper is essentially about such an extended application.
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
22,148
11,835
136
moinmoin said:
These exploits are part of the group of so called timing attacks. Wikipedia summary:


But time is only the most basic parameter that can be used to help find secrets. If a system allows monitoring other aspects affected by code execution, like changing frequency, heat, power usage etc. those can also be used to help finding the secret more quickly. This paper is essentially about such an extended application.
Click to expand...

I only skimmed it so there's obviously more to it than meets the eye.
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
22,148
11,835
136
Good thing it doesn't affect anything truly modern. AMD is mostly selling Milan now, but Intel is still moving a lot of Cascade Lake-SP . . .
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom