Report from Heise Germany: New Security Holes found in Intel CPUs

[FIVR]

Another day, another new Intel security flaw. I'm sure Intel will get right on to telling us why this doesn't need a hardware fix until 10nm. Probably will blame AMD too, and say AMD won't have new hardware until 2020.


https://www.microsofttranslator.com/bv.aspx?from=&to=en&a=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html

 

[William Gaatjes]

These speculative execution issues makes me wonder if predicated instructions and predicated branches will return. Then it may be easier to keep results separated in individual execution units with their own registers that are shielded from each other and prevent spilling over data through shared resources such as cache. But it will need new code to be secure. Old existing code will not run that well. The price for high security.

 

[LTC8K6]

Another day, another new Intel security flaw. I'm sure Intel will get right on to telling us why this doesn't need a hardware fix until 10nm. Probably will blame AMD too, and say AMD won't have new hardware until 2020.


https://www.microsofttranslator.com/bv.aspx?from=&to=en&a=https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html

How could Intel have a hardware fix prior to 10nm?

 

[LTC8K6]

Wasn't it already known that there would be other variations of these vulnerabilities?

 

[FIVR]

How could Intel have a hardware fix prior to 10nm?

Perhaps by stop selling flawed and dangerous products and by actually re-designing their 14nm architecture (you know, the architecture they will be on well into 2019?) to be secure?

 

[FIVR]

Wasn't it already known that there would be other variations of these vulnerabilities?

Intel said it had a handle on all the vulnerabilities. Intel claims their processors are secure with microcode updates. I hope that was simply incompetence because if it was purposeful they will be facing a lot of lawsuits and they will be very liable for any damages from customers data being hacked or stolen.

 

[LTC8K6]

Perhaps by stop selling flawed and dangerous products and by actually re-designing their 14nm architecture (you know, the architecture they will be on well into 2019?) to be secure?

Re-design 14nm?

Is that a joke on your part?

Wouldn't that take a lot longer?

 

[LTC8K6]

Intel said it had a handle on all the vulnerabilities. Intel claims their processors are secure with microcode updates. I hope that was simply incompetence because if it was purposeful they will be facing a lot of lawsuits and they will be very liable for any damages from customers data being hacked or stolen.

Ah, I see, We have Intel derangement syndrome here.

Never mind.

 

[FIVR]

Re-design 14nm?

Is that a joke on your part?

Wouldn't that take a lot longer?

Is this post a joke?

Do you actually think 14nm process is the source of the vulnerabilities?




Intel could easily re-design their 14nm architecture but that would take work and effort. It's easier to simply hand-wave away the security experts and keep handing out flawed and dangerous products. And of course there are people like you who will excuse anything, that helps too.

 

[FIVR]

Ah, I see, We have Intel derangement syndrome here.

Never mind.

Quality hand-waving. Good work.

 

[Hitman928]

Tough read because of the translation so it's hard to figure out what's what with this announcement. As best as I can tell, these vulnerabilities are essentially based off of the project zero work that brought us Spectre and Meltdown. They took that work and figured out new ways of attacking the same vulnerability. This lead to them listing 8 new Spectre-like vulnerabilities. Whether intel's current fixes work to mitigate these vulnerabilities is unclear to me. They state that at least 1 ARM core is also vulnerable and they are researching if these apply to AMD as well. Lastly, this part stood out to me:

Attacks on other VMs or the host system were although in principle with spectre possible; However, the actual implementation required so much knowledge, that it was extremely difficult. The mentioned spectre NG gap can exploit is however quite simply for attacks across system boundaries; the danger therefore receives a new quality. As a result, providers of cloud services such as Amazon or Cloudflare, and of course their customers are particularly affected.

So they are saying that while Spectre was dangerous, it was also very difficult to actually use, however, one of the 8 new vulnerabilities allows for the same type of exploits but is much easier to implement. Hopefully we get a better English translation of this report so we can better determine how serious this actually is.

 

[FIVR]

Tough read because of the translation so it's hard to figure out what's what with this announcement. As best as I can tell, these vulnerabilities are essentially based off of the project zero work that brought us Spectre and Meltdown. They took that work and figured out new ways of attacking the same vulnerability. This lead to them listing 8 new Spectre-like vulnerabilities. Whether intel's current fixes work to mitigate these vulnerabilities is unclear to me. They state that at least 1 ARM core is also vulnerable and they are researching if these apply to AMD as well. Lastly, this part stood out to me:



So they are saying that while Spectre was dangerous, it was also very difficult to actually use, however, one of the 8 new vulnerabilities allows for the same type of exploits but is much easier to implement. Hopefully we get a better English translation of this report so we can better determine how serious this actually is.

According to the article these flaws are related to Meltdown, not Spectre. That's why they already know it probably works on ARM (Meltdown worked on ARM).

Because they are related to meltdown, it is likely these vulnerabilities do not affect AMD, and only affect intel CPUs.

 

[Hitman928]

According to the article these flaws are related to Meltdown, not Spectre. That's why they already know it probably works on ARM (Meltdown worked on ARM).

Because they are related to meltdown, it is likely these vulnerabilities do not affect AMD, and only affect intel CPUs.

Meltdown is also based on Spectre, it's the third variant. Because of the translation it's not clear to me if these exploits attack the exact same vulnerability as Meltdown so I'm waiting on further clarification to clear up how the exploits work and if AMD will be effected.

 

[LTC8K6]

Yes, there are a variety of ways to exploit the vulnerability.
I think this is why both Intel and AMD fairly quickly announced that hardware fixes were in the works.

 

[plopke]

Well hope it is not as bad as they make it sound , going to wait for more sources about spectre NG. But I am getting quiet fed up by BIOS updates 2017/2018.

 

[IEC]

There is an English version of the article:
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html

According to information exclusively available to c't, researchers have already found eight new security holes in Intel processors.

A total of eight new security flaws in Intel CPUs have already been reported to the manufacturer by several teams of researchers. For now, details on the flaws are being kept secret. All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

c't has exclusive information on Spectre-NG, which we have been able to verify in several ways – we double and triple checked all the facts. Nonetheless, we will not publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public. However, we will use our information to report about future releases of patches and provide background information.

...

According to our information, Intel is planning two waves of patches. The first is scheduled to start in May; a second is currently planned for August.

 

[rbk123]

Perhaps by stop selling flawed and dangerous products and by actually re-designing their 14nm architecture (you know, the architecture they will be on well into 2019?) to be secure?

Probably really just a cost exercise for Intel management -
- cost to fix via hardware
- cost to fix via microcode
- cost to fix via OS
- risk of lawsuits
- risk of gov't fines
- risk of income lost for lost sales

They'll select the overall least expensive route based on their current risk tolerance. If they have chosen to wait until 10nm, it means they've crunched the numbers and made a decision. Human nature will always go the least expensive/painful route until forced to do otherwise.

 

[LTC8K6]

Well hope it is not as bad as they make it sound , going to wait for more sources about spectre NG. But I am getting quiet fed up by BIOS updates 2017/2018.

I'm thinking there isn't really much new here. We already knew that other Spectre/Meltdown vulnerabilities were likely to pop up. We already knew that more patches would be necessary. We already knew that Intel was working on these patches, and presumably AMD was as well.

The only new thing is specifically mentioning new versions of Spectre.

I don't think many people expected that the first versions of Spectre/Meltdown would be the only ones.

 

[IEC]

"Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues."

 

[LTC8K6]

Of course, Intel needs to fix the current weaknesses as quickly as possible – and that's what is happening.

 

[wahdangun]

These speculative execution issues makes me wonder if predicated instructions and predicated branches will return. Then it may be easier to keep results separated in individual execution units with their own registers that are shielded from each other and prevent spilling over data through shared resources such as cache. But it will need new code to be secure. Old existing code will not run that well. The price for high security.

All this issue arise because lately os takes security very seriously so with almost no other way to exploit, they turn their efforts into hardware.

 

[Thala]

These speculative execution issues makes me wonder if predicated instructions and predicated branches will return. Then it may be easier to keep results separated in individual execution units with their own registers that are shielded from each other and prevent spilling over data through shared resources such as cache. But it will need new code to be secure. Old existing code will not run that well. The price for high security.

Why do you think that separate execution units help as Meltdown code for instance does do an explicit load? In fact it does do 2 dependent loads , this first to non-accessible virtual memory and both need to be performed in order for Meltdown being effective.