1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Another speculative execution exploit affects Intel Core CPUs

By DarkLord · 29 replies
May 14, 2019
Post New Reply
  1. We've come to learn more about speculative execution since the first Meltdown and Spectre flaws came to light, the performance-enhancing feature found in modern CPU architectures allow a CPU to process data before it's actually requested by a program or user. The benefit is that the CPU can concurrently process more data instead of sitting idle if resources are available. By trying to predict an outcome, CPUs can execute certain tasks ahead of time, making the system perform significantly faster.

    What nobody anticipated however is that speculative execution would open the door to many hard vulnerabilities that cannot be fixed outright but can be mitigated. According to RIDL (Rogue In-Flight Data Load) and Fallout's informational website (also see, ZombieLoad), these new flaws allow attackers to leak confidential data by exploiting Microarchitectural Data Sampling (MDS) side-channel vulnerabilities in Intel CPUs. Unlike previous Meltdown, Spectre and Foreshadow CPU flaws, the leaks do not occur at the CPU cache level but target arbitrary in-flight data from CPU internal buffers. Qualcomm and AMD processors are not affected by these flaws.

    In terms of practical use, security researchers say an attack could be launched using malicious JavaScript in a web page or from a co-located Virtual Machine in the cloud, allowing them to leak confidential data present on your system such as passwords or crypto keys. These would require a certain level of local (not privileged) access in the first place, but that alone is no excuse to take the flaws lightly.

    Intel is understandably more reserved about reporting the severity of the flaws. In this instance it would appear they already had identified the flaws internally and Intel’s security researchers were working actively in mitigations. "Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked."

    According to Intel, MDS flaws have been addressed in hardware on select 8th and 9th-gen Core processors and 2nd-gen Intel Xeons. Older hardware (7th-gen Core and below) will receive processor microcode updates (which we know take its sweet time to make it to the end user), in addition to updates at the operating system and hypervisor software level.

    Regarding the potential performance impact, Intel claims "when these mitigations are enabled, minimal performance impacts are expected for the majority of PC client application based benchmarks. Performance or resource utilization on some data center workloads may be affected and may vary accordingly." Looking at Intel's internal benchmark data does show that datacenter and storage sensitive workloads have the most potential to be affected.

    There is some conflicting information regarding Hyper-Threading, with some researchers suggesting it should be disabled entirely on older generation Core CPUs. Google's Chrome OS 74 disables Hyper-Threading by default and is expected to deliver additional mitigations in the next version. Intel is not as resolute about the matter, indicating they do not recommend HT to be disabled, but users who "cannot guarantee that trusted software is running on their systems" may consider disabling it. Then again, who can fully guarantee your web browser and every website you visit is completely secure.

    Another bit of conflicting information is about the affected processors, with Intel claiming 9th-gen Core CPUs are on the clear, while the group of Fallout's flaw researchers claim recent "hardware countermeasures introduced by Intel in Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware."

    Major OEMs and software vendors have been aware of the vulnerabilities for a period of time and have issued or are in the process of issuing patches. Microsoft has released software updates to help mitigate these vulnerabilities although the entire universe of PC hardware is not yet covered, upon availability of relevant microcode updates. Amazon's AWS cloud service has already been patched. Apple has released a security patch for macOS Mojave fixing most but not all Mac and MacBooks affected. Google has confirmed that nearly no Android devices are affected (mostly based on ARM SoCs), but Chromebooks have already been patched with mitigations.

    As with previous CPU flaws, installing both operating system, software and firmware/microcode updates are necessary to become fully patched.

    Permalink to story.

     
  2. Danny101

    Danny101 TS Guru Posts: 714   +268

    And the hits just keep on coming.
     
  3. grumblguts

    grumblguts TS Enthusiast Posts: 43   +35

    Yesterday is was Foreshadow,PortSmash,SPOILER,Meltdown,Spectre
    Today its Fallout, RIDL and ZombieLoad
    Just crazy what on earth are they going to do.
     
  4. Evernessince

    Evernessince TS Evangelist Posts: 3,803   +3,187

    All of these could be fixed in the hardware in a single swipe. The only problem is hardware takes time to develop.
     
    Charles Olson likes this.
  5. Lew Zealand

    Lew Zealand TS Guru Posts: 511   +390

    Fix them in software and then fix the next gen in hardware.

    And people will continue to buy Intel CPUs.
     
    TempleOrion and seeprime like this.
  6. xxLCxx

    xxLCxx Banned Posts: 226   +149

    Their "speculative execution" does such a great job (performance vs. power consumption) only BECAUSE IT IGNORES EVERYTHING. This can be compared to Volkswagen's "clean Diesel", which was nothing but a fraud as well. ;-)
     
  7. Dosahka

    Dosahka TS Booster Posts: 121   +44

    These attacks are not really affecting the average user, unless you run into very sophisticated and advanced malware to use these flaws, the sample video is for UNIX system.
    They are saying that MS released updates to mitigate these, so if your Windows has the latest updates, not too much to worry about.
    I believe that these vulnerabilities can be exploited on certain UNIX system, but happy to proved otherwise.
     
  8. xxLCxx

    xxLCxx Banned Posts: 226   +149

    1) These attacks are nearly undetectable.
    2) Each patch slows down your system some more:
    https://www.phoronix.com/scan.php?page=search&q=Spectre
    3) Wrong.
    This is about faulty processors. The problem is independent from the operating system. They picked one to display the issue. This doesn’t – in any way – imply that the others are not vulnerable.
     
    TempleOrion and jobeard like this.
  9. Puiu

    Puiu TS Evangelist Posts: 3,298   +1,749

    it is not your personal computer that you should fear getting hacked. from servers, to ISP and everything in-between, you are and will continue to interact with them and give your personal information to.
    for example a simple aws server that provides updates to a software you are using can (and has already happened many times in recent history) install malicious code together with legit updates.
     
    TempleOrion and xxLCxx like this.
  10. Bruno M. Villar

    Bruno M. Villar TS Member Posts: 18

    That's what happens when you try to turn George Foreman Grill, into a CPU.
     
    xxLCxx likes this.
  11. grumblguts

    grumblguts TS Enthusiast Posts: 43   +35

    AMD
    their processors are not susceptible to this kind of vulnerability
    They should push this and play on peoples paranoia for sales.

    Fact is I cant fix it on my cpu its sandybridge and my board manufacturer do not support my bios anymore they havent for years.
    One thing editing a slic file on a bios its another adding this microcode.
     
    Charles Olson and TempleOrion like this.
  12. Uncle Al

    Uncle Al TS Evangelist Posts: 5,144   +3,565

    I wonder if this explains the sudden rash of russian oriented MODS on Bethesda's web site for Fallout .....
     
  13. xxLCxx

    xxLCxx Banned Posts: 226   +149

    This has to be "loaded into your CPU" each time the computer reboots. All modern operating systems do this by default. Therefore, YOU DO NOT NEED BIOS-PATCHES for this, unless you want to run some odd/old operating system (OS/2), which doesn't load the patches.
     
  14. wiyosaya

    wiyosaya TS Evangelist Posts: 3,703   +2,070

    Perhaps sIntel is learning the lesson that complacency is a b!tch. Nah, I don't think so.
     
  15. Lew Zealand

    Lew Zealand TS Guru Posts: 511   +390

    BTW If I'm reading right, non-HT CPUs are not susceptible to these attacks. For once being a cheapskate pays off! Somehow my main machines are all 4c4t and 6c6t.
     
  16. xxLCxx

    xxLCxx Banned Posts: 226   +149

    Wrong. Intel's HT makes it nearly impossible to mitigate, though.
     
    TempleOrion likes this.
  17. Lew Zealand

    Lew Zealand TS Guru Posts: 511   +390

    Boo! Well, at least my 4c4ts are Ryzens…
     
  18. yeeeeman

    yeeeeman TS Addict Posts: 154   +119

    I get that this is a potential security threat, but the average person doesn't have important data, which might be of interest to hackers, so I don't understand why we care so much.
    In data center, banks, government usages, I can understand the worry, but there is nothing a software patch can't do.
     
  19. meric

    meric TS Addict Posts: 190   +111

    And there's the intel management engine controversy too
     
    Charles Olson and xxLCxx like this.
  20. wiyosaya

    wiyosaya TS Evangelist Posts: 3,703   +2,070

    I think there is one category that many "average people" are likely to engage in on their computers and that is financial transactions.

    Still, in that it is impossible to target specific data with this exploit, it would not be easy to grab something specific, and that means that there would be a lower probability that a hacker would get anything important - unless they were grabbing everything available to them.
     
    TempleOrion and xxLCxx like this.
  21. Dimitrios

    Dimitrios TS Guru Posts: 385   +261

    There is a new exploit called, SELLINTELSTOCK.
     
  22. regiq

    regiq TS Addict Posts: 222   +103

    VW diesel emissions come to my mind too.
    Did intel take a shortcut to gain competitive advantage designing core iNs?

    BTW it is possible to load microcode in Windows 7 on older motherboards using VMWare driver:
    https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver
    and intel microcode file:
    https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File
    The microcode file needs to be converted to a proper format but unfortunately I can't find the site from which I downloaded the right tool.

    Linux kernel loads microcode automatically.
     
    TempleOrion and xxLCxx like this.
  23. rub900

    rub900 TS Booster Posts: 86   +18

    And of course fans boys rush in to defend Intel. What a joke.
     
    Dimitrios, TempleOrion and xxLCxx like this.
  24. Danny101

    Danny101 TS Guru Posts: 714   +268

    Then there's always the tactic of being a needle in a haystack. They can't attack what they can't see in a sea of hardware. Skew their vision.
     
    Last edited: May 16, 2019
  25. Markoni35

    Markoni35 TS Enthusiast Posts: 73   +35

    This is NOT comparable with VW diesel emissions. Because only Intel has these bugs, AMD doesn't. So it's only Intel's problem.

    On the other hand, tricks that VW used were used at the same time by all other car manufacturers. They were (and still are) all doing it, but only VW was punished. Because it was a foreign corporation that had excellent sales on the American market. Before that, Toyota (a Toyota car) was accused of killing an entire family, because of a bug in electronics. Which proved to be a blatant lie. The car was sabotaged by someone (probably General Motors), it wasn't Toyota's fault. The sabotage happened when Toyota had #1 sales on the American market. You can see the pattern.

    But Intel is different. Nobody falsely accused it. Those bugs only exist in their CPUs. Competition is clean. There's no similarity to VW.
     
    Vito05 and TempleOrion like this.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...