- Jan 28, 2017
I was thinking, it's possible to disable these mitigation, at least on Ubuntu? It's possible to disable and enable at will? Or most of these mitigation once they're activate there's no reverting back?
That's kind of a "Doh!" situation. Cores have their own schedulers, which are obviously shared for SMT on the same core. That's why disabling SMT (or not splitting threads of the same core among different users) has been best practice since when Spectre first appeared.“An attacker running on the same host and CPU core as you could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs.”
SGX has been essentially dead for quite some time already, but still: ouch! I sure hope Intel put more thought into the upcoming SGX2.The bug that enables ÆPIC Leak is what is known as an uninitialized memory read, which occurs when memory space is not freed up after the CPU has finished processing it, causing old data to leak that is no longer needed. Unlike previous CPU bugs with names like Specter, Meltdown, Foreshadow, and RIDL/Fallout/ZombieLoad – which resulted from temporary runs that created side channels revealing private data – ÆPIC Leak is an architectural flaw that resides in the CPU itself.
Hm, as far as I understand it it's not really the VAES instruction that's broken (as all chips implementing VAES seem to be equally affected) but the way Windows 11 previously applied it that could be susceptible to data damage, by what appears to be saving some safeguarding that now has to be applied anyway and consequently leads to longer processing time.I also don't use Windows 11, keep Windows 10 up to date..
Beware: Windows 11-ready CPUs with VAES "susceptible to data damage", full CPU list here
Microsoft has issued a warning for those out there running Windows 11 on supported CPUs. The company has found that modern chips with the new VAES instruction are "susceptible to data damage".www.neowin.net
How old are "older processors"?
The hardware they were testing was an Intel Xeon "Skylake" server with 112 threads and 2TB of RAM.
Retbleed on the Intel side is known to affect Intel Core 6th through 8th Gen client CPUs and associated Xeon processors.
has this hole turned out to be an issue. Seems like it’s been quite a while and consumer equipment doesn’t appear to be impacted. How about data centers?
Meltdown and Spectre are two major security vulnerabilities that affect nearly all modern processors, including those from Intel, AMD, and ARM. These vulnerabilities can potentially allow attackers to access sensitive data such as passwords, encryption keys, and other private information stored in memory on affected systems.
Meltdown and Spectre are both related to the way that modern processors use speculative execution to improve performance. Speculative execution allows processors to predict the outcome of certain operations and execute them in advance, which can improve performance. However, it can also lead to the exposure of sensitive data through side-channel attacks.
The vulnerabilities were first discovered and reported by security researchers in early 2018. Since then, software and firmware patches have been released by various vendors and operating system providers to mitigate the vulnerabilities. However, the patches may have a performance impact on affected systems, and it is important to keep systems up-to-date with the latest security patches to protect against these vulnerabilities.
It is recommended to regularly update operating systems, firmware, and other software to protect against security vulnerabilities such as Meltdown and Spectre. Additionally, it is important to practice good security hygiene, such as using strong passwords and multi-factor authentication, to reduce the risk of data breaches and other security threats.