Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Devastating Speculative Execution Intel CPU Bug
New microcode released by Intel:
And another Spectre vulnerability:
Another Spectre vulnerability, although it's impractical:
Another Spectre vulnerability, Intel released a fix earlier this year:
There's concern that this latest vulnerability could be used to get around hardware DRM, but apparently ET hasn't heard that Intel fixed the issue:
Quote:Some of Intel's biggest enterprise customers are cloud computing providers such as AWS, Microsoft, and Google, who have made it their duty to keep their customers informed about the performance impact of microcode updated processors, since it impacts their cost/performance when the scale is big enough. This gag is both unethical, and probably even illegal.
Intel has replaced this agreement:
Quote:Following the reveal of the Foreshadow (L1TF) Intel CPU flaw, as well as the previous TLBleed flaw, Theo de Raadt, founder of OpenBSD, which makes a free, multi-platform, UNIX-like operating system, recommended everyone completely disable Intel’s Hyper-Threading in BIOS before hackers start taking advantage of it.

In a post this week, de Raadt said that the Foreshadow and TLBleed flaws have made it mandatory to disable the Hyper-Threading technology on all Intel-based machines. He claimed mitigating these flaws requires a new CPU microcode and coding workarounds, but these alone are not sufficient to stop attackers; Hyper-Threading also has to be disabled.

Hyper-Threading, which is Intel’s brand name for the simultaneous multithreading technology, is fundamentally broken, according to the OpenBSD founder. The technology enables the CPU to share resources that lack security differentiators.

The side-channels attacks enabled by this vulnerability are not easy to implement, but he believes that eventually attackers will find a way to make them work reliably in order to leak kernel or cross-VM memory in common usage circumstances, such as using JavaScript in the browser.
Whiskey Lake CPUs are the first to have hardware fixes for Meltdown and Spectre:
Quote:In a statement to AnandTech, Intel explained that the key difference between "Whiskey Lake" and "Coffee Lake" is silicon-level hardening against "Meltdown" variants 3 and 5. This isn't just a software-level mitigation part of the microcode, but a hardware fix that reduces the performance impact of the mitigation, compared to a software fix implemented via patched microcode. "Cascade Lake" will pack the most important hardware-level fixes, including "Spectre" variant 2 (aka branch target injection). Software-level fixes reduce performance by 3-10 percent, but a hardware-level fix is expected to impact performance "a lot less."

Forum Jump:

Users browsing this thread: 1 Guest(s)