Another speculative execution exploit affects Intel Core CPUs

DarkLord

TS Booster

We've come to learn more about speculative execution since the first Meltdown and Spectre flaws came to light, the performance-enhancing feature found in modern CPU architectures allow a CPU to process data before it's actually requested by a program or user. The benefit is that the CPU can concurrently process more data instead of sitting idle if resources are available. By trying to predict an outcome, CPUs can execute certain tasks ahead of time, making the system perform significantly faster.

What nobody anticipated however is that speculative execution would open the door to many hard vulnerabilities that cannot be fixed outright but can be mitigated. According to RIDL (Rogue In-Flight Data Load) and Fallout's informational website (also see, ZombieLoad), these new flaws allow attackers to leak confidential data by exploiting Microarchitectural Data Sampling (MDS) side-channel vulnerabilities in Intel CPUs. Unlike previous Meltdown, Spectre and Foreshadow CPU flaws, the leaks do not occur at the CPU cache level but target arbitrary in-flight data from CPU internal buffers. Qualcomm and AMD processors are not affected by these flaws.

In terms of practical use, security researchers say an attack could be launched using malicious JavaScript in a web page or from a co-located Virtual Machine in the cloud, allowing them to leak confidential data present on your system such as passwords or crypto keys. These would require a certain level of local (not privileged) access in the first place, but that alone is no excuse to take the flaws lightly.

Intel is understandably more reserved about reporting the severity of the flaws. In this instance it would appear they already had identified the flaws internally and Intel’s security researchers were working actively in mitigations. "Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked."

According to Intel, MDS flaws have been addressed in hardware on select 8th and 9th-gen Core processors and 2nd-gen Intel Xeons. Older hardware (7th-gen Core and below) will receive processor microcode updates (which we know take its sweet time to make it to the end user), in addition to updates at the operating system and hypervisor software level.

Regarding the potential performance impact, Intel claims "when these mitigations are enabled, minimal performance impacts are expected for the majority of PC client application based benchmarks. Performance or resource utilization on some data center workloads may be affected and may vary accordingly." Looking at Intel's internal benchmark data does show that datacenter and storage sensitive workloads have the most potential to be affected.

There is some conflicting information regarding Hyper-Threading, with some researchers suggesting it should be disabled entirely on older generation Core CPUs. Google's Chrome OS 74 disables Hyper-Threading by default and is expected to deliver additional mitigations in the next version. Intel is not as resolute about the matter, indicating they do not recommend HT to be disabled, but users who "cannot guarantee that trusted software is running on their systems" may consider disabling it. Then again, who can fully guarantee your web browser and every website you visit is completely secure.

Another bit of conflicting information is about the affected processors, with Intel claiming 9th-gen Core CPUs are on the clear, while the group of Fallout's flaw researchers claim recent "hardware countermeasures introduced by Intel in Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware."

Major OEMs and software vendors have been aware of the vulnerabilities for a period of time and have issued or are in the process of issuing patches. Microsoft has released software updates to help mitigate these vulnerabilities although the entire universe of PC hardware is not yet covered, upon availability of relevant microcode updates. Amazon's AWS cloud service has already been patched. Apple has released a security patch for macOS Mojave fixing most but not all Mac and MacBooks affected. Google has confirmed that nearly no Android devices are affected (mostly based on ARM SoCs), but Chromebooks have already been patched with mitigations.

As with previous CPU flaws, installing both operating system, software and firmware/microcode updates are necessary to become fully patched.

Permalink to story.

 

xxLCxx

TS Addict
Yesterday is was Foreshadow,PortSmash,SPOILER,Meltdown,Spectre
Today its Fallout, RIDL and ZombieLoad
Just crazy what on earth are they going to do.
All of these could be fixed in the hardware in a single swipe. The only problem is hardware takes time to develop.
Their "speculative execution" does such a great job (performance vs. power consumption) only BECAUSE IT IGNORES EVERYTHING. This can be compared to Volkswagen's "clean Diesel", which was nothing but a fraud as well. ;-)
 

Dosahka

TS Addict
Fix them in software and then fix the next gen in hardware.

And people will continue to buy Intel CPUs.
These attacks are not really affecting the average user, unless you run into very sophisticated and advanced malware to use these flaws, the sample video is for UNIX system.
They are saying that MS released updates to mitigate these, so if your Windows has the latest updates, not too much to worry about.
I believe that these vulnerabilities can be exploited on certain UNIX system, but happy to proved otherwise.
 

xxLCxx

TS Addict
1) These attacks are not really affecting the average user ...
2) They are saying that MS released updates to mitigate these, so if your Windows has the latest updates, not too much to worry about.
3) I believe that these vulnerabilities can be exploited on certain UNIX system, but happy to proved otherwise.
1) These attacks are nearly undetectable.
2) Each patch slows down your system some more:
https://www.phoronix.com/scan.php?page=search&q=Spectre
3) Wrong.
This is about faulty processors. The problem is independent from the operating system. They picked one to display the issue. This doesn’t – in any way – imply that the others are not vulnerable.
 

Puiu

TS Evangelist
Fix them in software and then fix the next gen in hardware.

And people will continue to buy Intel CPUs.
These attacks are not really affecting the average user, unless you run into very sophisticated and advanced malware to use these flaws, the sample video is for UNIX system.
They are saying that MS released updates to mitigate these, so if your Windows has the latest updates, not too much to worry about.
I believe that these vulnerabilities can be exploited on certain UNIX system, but happy to proved otherwise.
it is not your personal computer that you should fear getting hacked. from servers, to ISP and everything in-between, you are and will continue to interact with them and give your personal information to.
for example a simple aws server that provides updates to a software you are using can (and has already happened many times in recent history) install malicious code together with legit updates.
 

grumblguts

TS Addict
AMD
their processors are not susceptible to this kind of vulnerability
They should push this and play on peoples paranoia for sales.

Fact is I cant fix it on my cpu its sandybridge and my board manufacturer do not support my bios anymore they havent for years.
One thing editing a slic file on a bios its another adding this microcode.
 

Uncle Al

TS Evangelist
I wonder if this explains the sudden rash of russian oriented MODS on Bethesda's web site for Fallout .....
 

xxLCxx

TS Addict
...Fact is I cant fix it on my cpu its sandybridge and my board manufacturer do not support my bios anymore...
This has to be "loaded into your CPU" each time the computer reboots. All modern operating systems do this by default. Therefore, YOU DO NOT NEED BIOS-PATCHES for this, unless you want to run some odd/old operating system (OS/2), which doesn't load the patches.
 
BTW If I'm reading right, non-HT CPUs are not susceptible to these attacks. For once being a cheapskate pays off! Somehow my main machines are all 4c4t and 6c6t.
 

yeeeeman

TS Maniac
I get that this is a potential security threat, but the average person doesn't have important data, which might be of interest to hackers, so I don't understand why we care so much.
In data center, banks, government usages, I can understand the worry, but there is nothing a software patch can't do.
 

wiyosaya

TS Evangelist
I get that this is a potential security threat, but the average person doesn't have important data, which might be of interest to hackers, so I don't understand why we care so much.
In data center, banks, government usages, I can understand the worry, but there is nothing a software patch can't do.
I think there is one category that many "average people" are likely to engage in on their computers and that is financial transactions.

Still, in that it is impossible to target specific data with this exploit, it would not be easy to grab something specific, and that means that there would be a lower probability that a hacker would get anything important - unless they were grabbing everything available to them.
 

regiq

TS Addict
VW diesel emissions come to my mind too.
Did intel take a shortcut to gain competitive advantage designing core iNs?

BTW it is possible to load microcode in Windows 7 on older motherboards using VMWare driver:
https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver
and intel microcode file:
https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File
The microcode file needs to be converted to a proper format but unfortunately I can't find the site from which I downloaded the right tool.

Linux kernel loads microcode automatically.
 

Danny101

TS Guru
Then there's always the tactic of being a needle in a haystack. They can't attack what they can't see in a sea of hardware. Skew their vision.
 
Last edited:

Markoni35

TS Maniac
This is NOT comparable with VW diesel emissions. Because only Intel has these bugs, AMD doesn't. So it's only Intel's problem.

On the other hand, tricks that VW used were used at the same time by all other car manufacturers. They were (and still are) all doing it, but only VW was punished. Because it was a foreign corporation that had excellent sales on the American market. Before that, Toyota (a Toyota car) was accused of killing an entire family, because of a bug in electronics. Which proved to be a blatant lie. The car was sabotaged by someone (probably General Motors), it wasn't Toyota's fault. The sabotage happened when Toyota had #1 sales on the American market. You can see the pattern.

But Intel is different. Nobody falsely accused it. Those bugs only exist in their CPUs. Competition is clean. There's no similarity to VW.