[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability - Overclock.net - An Overclocking Community

Forum Jump: 

[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Reply
 
Thread Tools
post #1 of 55 (permalink) Old 03-05-2019, 06:39 AM - Thread Starter
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,740
Rep: 205 (Unique: 94)
Quote:
This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off. The vulnerability, it appears, cannot be easily fixed or mitigated without significant redesign work at the silicon level.

Moghimi doubts Intel has a viable response. "My personal opinion is that when it comes to the memory subsystem, it's very hard to make any changes and it's not something you can patch easily with a microcode without losing tremendous performance," he said.

"So I don't think we will see a patch for this type of attack in the next five years and that could be a reason why they haven't issued a CVE." ®️
SPOILER

Spoooilers!!!

#EnthusiastLivesMatter

Last edited by Imouto; 03-05-2019 at 06:43 AM.
Imouto is offline  
Sponsored Links
Advertisement
 
post #2 of 55 (permalink) Old 03-05-2019, 06:56 AM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,236
Rep: 84 (Unique: 65)
Quote: Originally Posted by Imouto View Post
SPOILER

Spoooilers!!!
https://arxiv.org/pdf/1903.00446.pdf

Its an archive from University of Cornell. I skimmed the paper and it looks legit. What looks bit sketchy to me is that:

"While most of these attacks require
local access and native code execution, various efforts have
been successful in conducting them remotely "

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *
Offler is offline  
post #3 of 55 (permalink) Old 03-05-2019, 07:11 AM
What should be here ?
 
huzzug's Avatar
 
Join Date: Jun 2012
Posts: 5,183
Rep: 355 (Unique: 255)
So Intel procs having another Meltdown?

#2 their debt is insane, even for a "diverse field" company. They cannot even afford to service the debt maintenance let alone make an actual dent in the debt itself. - Internet Stranger
huzzug is offline  
Sponsored Links
Advertisement
 
post #4 of 55 (permalink) Old 03-05-2019, 07:14 AM
⤷ αC
 
AlphaC's Avatar
 
Join Date: Sep 2012
Posts: 10,067
Rep: 818 (Unique: 550)
Nobody should be surprised, honestly

► Recommended GPU Projects: [email protected] , [email protected] (FP64) (AMD moreso) ► Other notable GPU projects: [email protected] (Nvidia), GPUGrid (Nvidia) ► Project list


AlphaC is offline  
post #5 of 55 (permalink) Old 03-05-2019, 07:47 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 8,846
Rep: 293 (Unique: 214)
How long before laws force Intel to do refunds considering the amount of negligence and errors in their products?

Almost seems like Intel has stopped paying people to keep it quiet so now we get all sorts of exploits old and new making it to the public. Maybe they should relaunch their "if you find an issue with our product we will pay you and you will keep it quiet" program.
JackCY is offline  
post #6 of 55 (permalink) Old 03-05-2019, 08:09 AM
Padawan Overclocker
 
Catscratch's Avatar
 
Join Date: May 2007
Location: istanbul
Posts: 2,712
Rep: 137 (Unique: 110)
Let me cut to the chase.

"The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior."


This cat scratches free.

Windows 10 Pro x64 - I5 2500k 4ghz (offset -0.015v) - Asus P8P67 Evo - 2x4gb Gskill Ripjaws - Sapphire 280x tri-x nonboost - HAF 912+ - Kingston Savage 120gb SSD - Western Digital Blue 2 TB + 1 TB -
Summer 21-06-2011
(13 items)
CPU
i5 2500k 4ghz @ Offset -0.015
Motherboard
Asus P8P67 Evo (bios 3207)
GPU
Sapphire HD6850 1GB (835/1100)
RAM
G.Skill RipjawsX 2x2gb 1866mhz 8-9-8-24-2n @ 1.6v
RAM
G.Skill RipjawsX 2x4gb 1866mhz 9-10-9-28-2n @ 1.6v
Hard Drive
WD5000AAKX-001CA0
Hard Drive
WD5001AALS-00L3B2 (Now External)
Hard Drive
WD20EARS
Optical Drive
ASUS DRW-1814BLT
Power Supply
Enermax Infiniti 650 (28a,28a,30a)
Cooling
Noctua NH-u12p SE2
Case
Cooler Master haf 912 Advanced
Operating System
Windows 7 Ultimate x64 SP1
Monitor
Asus VH242H Wobbly Stand :)
Keyboard
Microsoft Ergo 4000
Mouse
A4tech x7 F3
CPU
Phenom II x6 1090t BE 3.6/4.0 [email protected]
Motherboard
MSI K9A2 Platinum v1
GPU
Sapphire HD6850 1GB 850/[email protected]
RAM
Kingston 2x2gb Hyperx 1066 5-5-5-15
Hard Drive
WD5001AALS & ST3250410AS
Optical Drive
Asus DRW-1814BLT
Power Supply
Enermax Infiniti 650w (28a,28a,30a)
Case
Thermaltake Kandalf SuperTower
Operating System
Windows 7 Ultimate x64 SP1
Monitor
Asus VH242H 23.6" Wobbly Stand :D
Keyboard
Microsoft Ergo 4000
Mouse
A4 tech Swop-3
Mouse
(no name)
▲ hide details ▲
Catscratch is offline  
post #7 of 55 (permalink) Old 03-05-2019, 08:12 AM
Master of Black Snow
 
Ceadderman's Avatar
 
Join Date: Mar 2010
Location: West of the Pecos.
Posts: 19,162
Rep: 699 (Unique: 518)
I believe Intel chose the Beta test manufacture level.

Pretty it up give it the works sell it for a large markup and let the suckers at the user end tell us how to smooth things out. Recover from that, put out the same CPU under a different SKU and make $$$$ at the expense of the sheep. If it works for PC gaming then it will work anywhere.

~Ceadder

Black snow
(17 items)
CPU
Ryzen 7 1800x
Motherboard
ASUS Crosshair VII Hero
GPU
XFX RX 480 Black Edition 8GB
RAM
G.SKILL TridentZ Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 3200 (PC4 25600) Intel Z370 Platform Desktop Memory Model F4-3200C14D-16GTZSK
Hard Drive
Western Digital Black
Hard Drive
Samsung 750 EVO
Hard Drive
Samsung 850 EVO
Hard Drive
Samsung 850 EVO
Hard Drive
Adata m.2
Power Supply
EVGA Supernova
Cooling
EKWB Crosshair VI Acetyl Monoblock
Case
Lian Li O11 Dynamic
Operating System
Windows 10 Home 64bit USB
Monitor
Samsung NU6900
Keyboard
Corsair K55
Mouse
Corsair M65
Other
Xbox Wireless Controller: Winter Forces Special Edition - Xbox One/Xbox One S/Windows 10
CPU
AMD Phenom II X6 1100T
Motherboard
Crosshair IV Formula
GPU
XFX RX 480 Black Edition 8GB
RAM
Corsair Dominator
Hard Drive
x2 HITACHI 1TB Deskstars 1TB RAID0
Hard Drive
Samsun 750 EVO
Power Supply
EVGA
Cooling
EK D5 Vario
Cooling
EK x3 250 RGB
Cooling
Yate Loon 120x20 (D12SM-12C) Medium Speed Silent Fans
Cooling
EK Supreme HF Classified
Cooling
Monsoon 1/2"x5/8" PETG White Hardline tubing.
Cooling
Monsoon Economy Hardline fittings
Cooling
EK x3 CSQ Clean Acrylic
Cooling
EK RX 480 Copper/Acetyl
Case
HAF 932
Operating System
Win7 64 bit Ultimate OEM
Monitor
Asus VH222H Black HDMI Widescreen
Keyboard
Logitech the OCZ went buhbye adios. Don't know what I'm going to replace it with.
Mouse
Logitech g9x
Mouse
COOLER MASTER Weapon of Choice: M4 Duramesh Pad
Audio
Logitech X-240 2.1 speakers
Other
Creative X-Fi
Other
Sunbeam Rheosmart 3
▲ hide details ▲


Ceadderman is offline  
post #8 of 55 (permalink) Old 03-05-2019, 08:20 AM
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,577
Rep: 432 (Unique: 298)
Quote: Originally Posted by Catscratch View Post
Let me cut to the chase.

"The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior."

Note that they only tested bulldozer from 2012.
While intel did not significantly changed their design, AMD did in zen.


Defoler is offline  
post #9 of 55 (permalink) Old 03-05-2019, 08:25 AM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 301
Rep: 6 (Unique: 5)
As a consumer, I am not so happy with that (OMG I cannot believe I a saying that -lol), with all the troubles Intel are facing last few years, I am afraid that there is a chance to see "9900K" case with overpriced AMD CPU in few years since Intel are having troubles. :-).
As huge as a company is, the risk to fail gets bigger since the operation cost is massive and depends on their high income(For Intel it was 99% Datacenter/80~90% PC market?).

Last edited by Hwgeek; 03-05-2019 at 08:29 AM.
Hwgeek is offline  
post #10 of 55 (permalink) Old 03-05-2019, 08:38 AM
New to Overclock.net
 
Avonosac's Avatar
 
Join Date: Dec 2012
Location: PA
Posts: 2,930
Rep: 158 (Unique: 114)
Quote: Originally Posted by Offler View Post
https://arxiv.org/pdf/1903.00446.pdf

Its an archive from University of Cornell. I skimmed the paper and it looks legit. What looks bit sketchy to me is that:

"While most of these attacks require
local access and native code execution, various efforts have
been successful in conducting them remotely "
It's called chaining. They get code added and staged through a series of vulnerabilities and use this to execute it. This is how all advanced attacks work, it's basically vulnerability legos.


Avonosac is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off