Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 74 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Arkaign

Arkaign

Lifer
Oct 27, 2006
20,736
1,377
126
yeshua said:
I've no idea what meta-data means in terms of the CPU cache/RAM but here's an example from a related field of tech. On HDDs/SSDs/flash drives/etc. you have files which contain actual data. Then you have their records in the file allocation table, which tells the OS where to find these files on the underlying storage. This entire table is basically meta-data. File names could also be considered meta-data. All things considered such meta-data cannot be used directly to infer the contents of the files but it may hint at what's being stored.

Considering that not a single major company has made an announcement about this vulnerability it's safe to assume it's either very hard or near impossible to exploit, or already fixed. The Linux kernel usually gets such fixes as soon as they are announced and this time it's been nothing. The most recent Linux kernel 5.5.8 has absolutely nothing.
Click to expand...

Yeah from everything I've seen of these side channel attacks, they're very time consuming, require elite expertise, and even if everything goes perfectly, the odds of actually pulling anything much of relevance is a crap shoot. It's like Vic-20 300 baud modem performance type hacking. Given the plethora of other tricks and exploits of other kinds which basically give you admin/root on most systems should you find the correct vector (be it a third party service, a human exploit, whatever), I think these things are mostly in the 'thats interesting' phase.

I think it's sort of funny in a roundabout way that Intel was paying this research group to find bugs in its own CPUs, and they ended up also finding a similarly 'so what' bug in the AMD stuff. Well, I guess there was that other variant of Meltdown (S?) that affected Ryzen. But still, I'd used 'affected' in the loosest possible terms.

Still think I'll be recommending Ryzen 3000 series for home/WS, and Threadripper/EPYC for more serious big iron customers, even if they found a hundred of these stupid near useless exploit things. Other than used deals, it's damn hard to justify current Intel pricing for 115x products.
 
  • Like
Reactions: lightmanek
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
nicalandia said:
anyone keeping the count?
Click to expand...
According to a Tom's article back in December (although more have been discovered since then), it was 236 discovered in 2019.
https://www.tomshardware.com/news/intel-security-report-2019-quality-assurance
Intel said that 91% of the reported bugs in 2019 were due to its investment in product assurance. It also noted that none of the 236 vulnerabilities uncovered in 2019 were known to be used in attacks at the time of public disclosure.
Click to expand...
 
  • Wow
Reactions: lightmanek and DarthKyrie
N

nicalandia

Diamond Member
Jan 10, 2019
3,330
5,281
136
From:
https://twitter.com/x/status/1237429150392233984
" Crucially, unlike prior attacks, #LVI cannot be transparently mitigated on current CPUs and requires expensive compiler mitigations that insert an LFENCE after potentially *every* memory load and blacklist the x86 RET instruction-- we measure overheads of factor 2 up to 19(!) "

Even an Awesome Youtube Video..


www.youtube.com

LVI (Load Value Injection) Demo Video

This video presents two demos of LVI (Load Value Injection) proof of concept attacks. In the first, the attacker redirects the victim code execution like in ...
www.youtube.com www.youtube.com
 
Last edited:
  • Haha
Reactions: lightmanek
H

Hitman928

Diamond Member
Apr 15, 2012
5,244
7,793
136
nicalandia said:
Yet another Intel Vulnerability:

www.securityweek.com

Load Value Injection: Intel CPUs Vulnerable to Reverse Meltdown Attack

Intel CPUs are vulnerable to a new type of attack named Load Value Injection (LVI) and described as a reverse Meltdown-type attack, but Intel says users should not be too concerned.
www.securityweek.com www.securityweek.com

anyone keeping the count?
Click to expand...

Can't be carried out remotely which is good but is still an attack vector for share computing environments (e.g. cloud based computing). Seems to effect all current intel CPUs and possibly Arm and PPC CPUs that were vulnerable to meltdown but this isn't confirmed. The real mitigation for this also looks brutal from a performance perspective, I wonder if intel will come out with a less penalizing fix. If not, the performance penalty to likelihood of successful attack seems too high for anyone, except maybe the government, to patch.
 
  • Like
Reactions: lightmanek
DisEnchantment

DisEnchantment

Golden Member
Mar 3, 2017
1,601
5,780
136
Hitman928 said:
Can't be carried out remotely which is good but is still an attack vector for share computing environments (e.g. cloud based computing). Seems to effect all current intel CPUs and possibly Arm and PPC CPUs that were vulnerable to meltdown but this isn't confirmed. The real mitigation for this also looks brutal from a performance perspective, I wonder if intel will come out with a less penalizing fix. If not, the performance penalty to likelihood of successful attack seems too high for anyone, except maybe the government, to patch.
Click to expand...

This is why cloud computing is more than just buy some instances from AWS and call it a day.

Usually you would have public facing services in public infra and then PII is handled on prem.

This way you achieve multiple things

PII is not hosted in public cloud and is under your control
PII can be be geo located in the area being served thereby complying with data protection laws.
Compromising the public services does not compromise the PII.
Only specific services need scaling.

This is the so called Hybrid cloud Architecture.

Vulnerabilities like these bad though they may seem are largely mitigated because all your sensitive info is under your control.

Interesting things that people working with on prem Infra are high throughput caching databases and the like.
 
  • Like
Reactions: lightmanek
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,620
10,829
136
The worst part is that unless you go 4P or 8P, you're basically stuck on Cascade Lake for awhile. Later steppings aren't as bad, but still. No real platform upgrade available in 1P/2P configurations until quite a bit later in the year (whenever IceLake-SP finally shows up), and no new core to move to either until that platform shows up.
 
Gideon

Gideon

Golden Member
Nov 27, 2007
1,625
3,650
136
0
DrMrLordX said:
The worst part is that unless you go 4P or 8P, you're basically stuck on Cascade Lake for awhile. Later steppings aren't as bad, but still. No real platform upgrade available in 1P/2P configurations until quite a bit later in the year (whenever IceLake-SP finally shows up), and no new core to move to either until that platform shows up.
Click to expand...
IMO the biggest problem they have is, once Ice Lake does show up, they don't have enough fabs to produce enough of it for everyone. So some companies still need to go Cascade Lake

Or you know, take their head out of their backside and buy Milan
 
  • Like
Reactions: DarthKyrie, .vodka, Trovaricon and 3 others
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
These vulnerabilities seem to be never ending for Intel over the last several years. The latest ones (from the article above) have been dubbed "CrossTalk".
Many defenders took that to mean that allocating trusted and untrusted code to different cores provided meaningful protection against speculative execution attacks, which are also known as transient execution attacks. CrossTalk, as the new exploit has been named, will force researchers and engineers to revisit that assumption.

“As an example,” researchers wrote in an email, “many believed disabling Intel SMT (hyperthreading) was sufficient to stop the majority of known/future attacks. Moreover, all attacks so far could be mitigated by simply running mutually non-trusting code on separate cores. We show that the problem goes even deeper and core-based isolation may not be sufficient."
Click to expand...
 
  • Wow
Reactions: DarthKyrie
H

Hitman928

Diamond Member
Apr 15, 2012
5,244
7,793
136
UsandThem said:
These vulnerabilities seem to be never ending for Intel over the last several years. The latest ones (from the article above) have been dubbed "CrossTalk".
Click to expand...

And SGAxe which is based on the earlier CacheOut but modified to overcome Intel's microcode mitigation.

Intel never fixed the underlying vulnerability in the silicon. Instead, company engineers issued a microcode update that caused CPUs to overwrite buffer contents with garbage every time the processor began a new security-sensitive operation. CacheOut figured out a way to bypass this mitigation.
Click to expand...
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,620
10,829
136
FYI CrossTalk was apparently exposed back in 2018. Intel has been working with security researchers to stamp it out for some time (it took awhile).
 
R

randomhero

Member
Apr 28, 2020
180
247
86
My god, what a cluster****!
Basically, one cannot trust any online service anymore!!!
When first flaws were discovered, I was aware that that is just tip of the iceberg, but I was not expecting it to be that huge.
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,620
10,829
136
gorobei said:
the server guys will either buy more xeons to make up the deficit or switch to epyc sooner.
Click to expand...

Last year the trend was "buy more Xeons boys!!!". It also gave a lot of server room admins the excuse to switch from Skylake-SP to Cascade Lake-SP. Now, though?
 
B

beginner99

Diamond Member
Jun 2, 2009
5,210
1,580
136
Very unclear yet but there might be more in the bush, this time affecting ice lake:

People have been reporting a high amount of crashes when running JetBrains products on latest Macbook Airs (with 10th gen Intel processors). These crashes are both OS-level application crashes (which should normally never happen with JVM apps) and full system crashes (including one guy crashing his Macbook while running these apps in a VM).

No one actually managed to diagnose the issue yet, the title is just a theory.
Click to expand...

The most notable thing is that you can crash the whole system from a VM. So theoretically if it really is a CPU error and Amazon would be offering servers based on ice lake (lol, in 2030 maybe?) one could simply start a VM, run some jetbrains product and crash the whole system your VM is running on. Pretty bad.
 
  • Wow
  • Haha
Reactions: DarthKyrie, moinmoin, Stuka87 and 2 others
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,620
10,829
136
@beginner99

Considering how long it took Amazon to offer Rome instances, I wouldn't expect IceLake-SP instances anytime soon. If it were that easy to crash Cascade Lake just running some Jetbrains, though . . . phew.
 
Stuka87

Stuka87

Diamond Member
Dec 10, 2010
6,240
2,559
136
That is crazy. I use intelliJ daily, with code running inside VM's, but I have an 8th gen CPU, and thus far have not had issues.
 
K

Kenmitch

Diamond Member
Oct 10, 1999
8,505
2,249
136
Looks like AMD got hit with one. Not sure if it's been posted yet.

www.tomshardware.com

AMD APUs Affected by SMM Callout Privilege Escalation Security Vulnerability

AMD is distributing the fix.
www.tomshardware.com www.tomshardware.com

Luckily, this vulnerability can be mitigated with a simple microcode update, which seemingly doesn't bear a performance impact on the system. AMD has already distributed updated versions of its AGESA microcodes to its motherboard partners and will deliver the remaining versions by the end of this month.
Click to expand...

Anybody keeping track of the exploits? I think Intel's still winning this " You don't want to win " contest.
 
  • Like
Reactions: spursindonesia
H

Hitman928

Diamond Member
Apr 15, 2012
5,244
7,793
136
Stuka87

Stuka87

Diamond Member
Dec 10, 2010
6,240
2,559
136
Hitman928 said:
Interesting that it only hit the APUs. Seems to be a bug in the microcode though so pretty easy to fix.
Click to expand...

The artical didn't have much in the way of details, but it may be related to the shared memory between the CPU and GPU.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom