[ZDNet] Intel CPUs impacted by new PortSmash side-channel vulnerability

[Hitman928]

https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

Vulnerability confirmed on Skylake and Kaby Lake CPU series. Researchers suspect AMD processors are also impacted.

Confirmed on Skylake and Kabylake. Intel just released a patch. In the article it mentions that possibly all CPUs with SMT could be vulnerable but it's only been confirmed on intel processors so far.

Does not require root access but must be able to run malicious code on same physical core. Seems to be mostly a problem for VM environments with multiple clients.

 

[moinmoin]

Why do they just suspect that other manufacturers are affected but don't test them? It's stupid that Intel gets the time to patch vulnerabilities (good) while no other potentially affected parties are notified (very bad).

 

[Abwx]

Why do they just suspect that other manufacturers are affected but don't test them? It's stupid that Intel gets the time to patch vulnerabilities (good) while no other potentially affected parties are notified (very bad).

In a one month timeframe it s likely that they did some tests since they know the methodology, i suspect that they got zero indication that AMD CPUs were impacted, if they were you could be sure that they would had aknowledged the thing...

 

[LTC8K6]

Researchers say PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core.

No AMD testing yet:

AMD CPUs likely impacted
"We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.

 

[moinmoin]

In a one month timeframe it s likely that they did some tests since they know the methodology, i suspect that they got zero indication that AMD CPUs were impacted, if they were you could be sure that they would had aknowledged the thing...

Two things: 1) It's not only AMD potentially affected, any tech with SMT including the latest ARMs and Power PC is, and 2) for "they got zero indication" the article sure is alarmist about AMD potentially being affected, with quotes like:

Researchers suspect AMD processors are also impacted

AMD CPUs likely impacted
"We leave as future work exploring the capabilities of PortSmash on other architectures featuring SMT, especially on AMD Ryzen systems," the research team said in a version of their paper shared with ZDNet, but Brumley told us via email that he strongly suspects that AMD CPUs are also impacted.

The researcher interviewed doesn't even seem to consider the possibility that a secure implementation of SMT exists.

"This is the main reason we released the exploit -- to show how reproducible it is," Brumley told us, "and help to kill off the SMT trend in chips."

"Security and SMT are mutually exclusive concepts," he added. "I hope our work encourages users to disable SMT in the BIOS or choose to spend their money on architectures not featuring SMT."

All on the back of Intel's terribad security track record with HT since its introduction in Core Duo. The researchers still didn't check any non-Intel SMT implementations first before being quoted like the above.

 

[VirtualLarry]

Could Intel possibly have known about this issue / exploit, and that's why some of their top 9th-Gen Core CPUs lack SMT?

"SMT considered harmful. News at 11."

 

[dacostafilipe]

Could Intel possibly have known about this issue / exploit, and that's why some of their top 9th-Gen Core CPUs lack SMT?

I don't think so as this is not really an issue for desktop users.

 

[Abwx]

The researcher interviewed doesn't even seem to consider the possibility that a secure implementation of SMT exists.

All on the back of Intel's terribad security track record with HT since its introduction in Core Duo. The researchers still didn't check any non-Intel SMT implementations first before being quoted like the above.

You can be sure that he checked, indeed that s the first thing i would have done at his place, but since he found nothing he said that he didnt test an AMD/ARM system as a mean to say that they were "likely" impacted, that s pure damage control on the behalf of Intel..

 

[LTC8K6]

You can be sure that he checked, indeed that s the first thing i would have done at his place, but since he found nothing he said that he didnt test an AMD/ARM system as a mean to say that they were "likely" impacted, that s pure damage control on the behalf of Intel..

Really? What a poor post.

 

[LTC8K6]

Could Intel possibly have known about this issue / exploit, and that's why some of their top 9th-Gen Core CPUs lack SMT?

"SMT considered harmful. News at 11."

Why would they want their flagship vulnerable?
BTW, the 9900K still seems MIA and shows no sign of appearing before December...

 

[William Gaatjes]

Makes me think of this article and wonder if this portsmash flaw is the reason:
https://azure.microsoft.com/en-us/blog/introducing-the-new-hb-and-hc-azure-vm-sizes-for-hpc/

First, we are introducing HB-series VMs optimized for applications driven by memory bandwidth, such as fluid dynamics, explicit finite element analysis, and weather modeling. HB VMs feature 60 AMD EPYC 7551 processor cores, 4 GB of RAM per CPU core, and no hyperthreading. The AMD EPYC platform provides more than 260 GB/sec of memory bandwidth, which is 33 percent faster than x86 alternatives and 2.5x faster than what most HPC customers have in their datacenters today.

Next, we are introducing HC-series VMs optimized for applications driven by dense computation, such as implicit finite element analysis, reservoir simulation, and computational chemistry. HC VMs feature 44 Intel Xeon Platinum 8168 processor cores, 8 GB of RAM per CPU core, and no hyperthreading. The Intel Xeon Platinum platform supports Intel’s rich ecosystem of software tools such as the Intel Math Kernel Library, and features an all-cores clock speed greater than 3 GHz for most workloads.

 

[Rifter]

In a one month timeframe it s likely that they did some tests since they know the methodology, i suspect that they got zero indication that AMD CPUs were impacted, if they were you could be sure that they would had aknowledged the thing...

I agree, there is about a 0% chance they didnt test this on all easily available CPU's in a one month timespan.

 

[William Gaatjes]

It makes me wonder that these kind of attacks can be prevented in a very simple way that will cause some performance loss.
The scheduler of the os switches all the threads. If the threads get a security flag from the os because the thread belongs to a process that has certain priviliges.
Then the scheduler can group threads together that are only allowed to run on the same physical core which has two logical cores.
It is a solution but will slow things down.
It is better to just throw raw resources at it with lots of physical cores and drop the logical cores created by HT and SMT entirely.
The moar cores race AMD started in the x86 world might in the end be just what we need for more security.
In the future we might get 16 physical cores without hyperthreading as standard. More dark silicon because of this.

 

[DrMrLordX]

Pretty stupid to NOT test it on Ryzen at this point.

 

[LTC8K6]

I'm just glad it's not related to Spectre/Meltdown.

 

[LTC8K6]

AMD was only informed recently, meaning it's likely that no one has tested it on AMD chips, or AMD would have known already.

There’s no need to panic yet, however. OpenSSL, the cryptography library used by over 60% of the internet, has already released a patch that prevents access via this direct method. A more generalized patch may be coming soon they say, but the security researchers say something needs to be done on the hardware and BIOS front. They notified Intel of the vulnerability on October 1st.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating the PortSmash side-channel vulnerability report, which we just received, to understand any potential AMD product susceptibility."

“This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers’ data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.”

https://www.techspot.com/news/77240-meet-latest-vulnerability-multi-threaded-cpu-portsmash.html

 

[LTC8K6]

https://www.openssl.org/news/secadv/20181029.txt

Open SSL statement.

 

[Panino Manino]

Pretty stupid to NOT test it on Ryzen at this point.

Why it's always like this?
They discover and test the flaws in Intel chips but not on AMD chips? They just wrap it up with "we suspect"?
This is ridiculous, or they test and see or they say nothing.

 

[JoeRambo]

The way this vulnerability works, pretty much any SMT implementation is vulnerable as long as threads share core execution resources and very precise timing is available to all processes.

 

[Abwx]

Really? What a poor post.

Poor, really..?.

One month that Intel received the detailed info, they surely checked also for AMD systems but here all they had to say :

Update on November 2, 15:20 ET: An Intel spokesperson has provided the following statement in regards to the research team going public with details about the PortSmash flaw:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.


LOL...

 

[beginner99]

Again this issue is IMHO overblown. It's irrelevant for consumers as the attack needs to install malware. In that case you already lost. It's only a problem for cloud / VM providers. But even there an attacker can't attack a specific target only whatever is running on the same physical core. Chances of making profit from that are low. Anything critical will either not run in the cloud or a dedicated server with no other users.

 

[VirtualLarry]

How does this exploit affect CMT processors like the AMD FX series (BullDozer and derivatives?) If those CPUs need to have half of their cores disabled for security purposes, people are going to be pissed.

Then again, given BullDozer / PileDriver's not-so-great utility for cloud computing, this may be a non-issue. Also, perhaps, CMT architectures are not as affected?

 

[Gideon]

According to some FreeBSD security guys, this isn't really that big a deal:
https://twitter.com/cperciva/status/1058424239156412416

I've been getting a few questions about the recent "PortSmash" vulnerability announcement. Short answer: This is not something you need to worry about. If your code is vulnerable to it, you were already vulnerable to other (easier) attacks.

 

[dualsmp]

The last SMT vulnerability TLBleed only affected Intel, so including the throwaway line "AMD processors likely impacted" seems politically driven. Either test AMD processors and prove they are vulnerable or shut up about such speculation.

 

[LTC8K6]

Poor, really..?.

One month that Intel received the detailed info, they surely checked also for AMD systems but here all they had to say :

Update on November 2, 15:20 ET: An Intel spokesperson has provided the following statement in regards to the research team going public with details about the PortSmash flaw:

Intel received notice of the research. This issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or L1 Terminal Fault. We expect that it is not unique to Intel platforms. Research on side-channel analysis methods often focuses on manipulating and measuring the characteristics, such as timing, of shared hardware resources. Software or software libraries can be protected against such issues by employing side channel safe development practices. Protecting our customers' data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.


LOL...

AMD made a statement, if you care to read it. Don't let me stop you.