[arXiv] New Intel security flaw just published aka FALLOUT - Overclock.net - An Overclocking Community
Forum Jump: 

[arXiv] New Intel security flaw just published aka FALLOUT

Reply
 
Thread Tools
post #1 of 48 (permalink) Old 05-31-2019, 11:46 AM - Thread Starter
Stuck in the past
 
mtrai's Avatar
 
Join Date: Feb 2009
Posts: 1,143
Rep: 35 (Unique: 21)
[arXiv] New Intel security flaw just published aka FALLOUT

https://arxiv.org/abs/1905.12701

Quote:
Fallout: Reading Kernel Writes From User Space

Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Frank Piessens, Berk Sunar, Yuval Yarom

(Submitted on 29 May 2019)

Recently, out-of-order execution, an important performance optimization in modern high-end processors, has been revealed to pose a significant security threat, allowing information leaks across security domains. In particular, the Meltdown attack leaks information from the operating system kernel to user space, completely eroding the security of the system. To address this and similar attacks, without incurring the performance costs of software countermeasures, Intel includes hardware-based defenses in its recent Coffee Lake R processors.
In this work, we show that the recent hardware defenses are not sufficient. Specifically, we present Fallout, a new transient execution attack that leaks information from a previously unexplored microarchitectural component called the store buffer. We show how unprivileged user processes can exploit Fallout to reconstruct privileged information recently written by the kernel. We further show how Fallout can be used to bypass kernel address space randomization. Finally, we identify and explore microcode assists as a hitherto ignored cause of transient execution.
Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.

post-flame-small.gif5 GHz Overclock Club post-flame-small.gif


Sabertooth 990 FX R 2.0 FX 8120 BL ED. B2 Rev Can over clocked to 5.0( Normally run at 4.4 Ghz )
2 x 8 Gb Corsair Vengence 1600 Ram EVGA Supernova 1050 GS Gold PSU Logitech G502 Proteus Gaming Mouse
Powercolor PCS+ R9 290X x2 CM Storm Trooper Case
SteelSeries Apex Gaming Keyboard SteelSeries Stealth Merc Keyboard (1 broke key)
Several Sata HDs CM Seidron 120 AIO Closed Liquid Cooler
Disabled so not a ton of money.
mtrai is offline  
Sponsored Links
Advertisement
 
post #2 of 48 (permalink) Old 05-31-2019, 11:48 AM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 675
Rep: 17 (Unique: 15)
We can't keep up with this, I lost count already ;-).
Hwgeek is offline  
post #3 of 48 (permalink) Old 05-31-2019, 01:20 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 10,193
Rep: 836 (Unique: 465)
for those that want a PDF of the paper:

1905.12701.pdf

a teaser:
Quote:
1.1 Our Contribution
Unfortunately, in this paper, we answer these questions in thenegative. We presentFallout, a new attack on the hardware-based memory isolation mechanisms in Intel CPUs. UsingFallout, user-space programs can read data that has recentlybeen written by the kernel, as well as derandomize KernelAddress Space Layout Randomization (KASLR). Similarly toprevious transient execution attacks, Fallout does not requireany privileges except for the ability to run code, and does notexploit any kernel vulnerabilities.
The Mechanism Behind Fallout.
Fallout exploits an op-timization that we callWrite Transient Forwarding(***),which incorrectly passes values from memory writes to subse-quent memory reads. In a nutshell, when the program writesa value to memory, the processor needs to first translate thevirtual address of the destination to a physical address andthen acquire exclusive access to the location. Rather thanstalling the store instruction and subsequent computation, theprocessor records the value and the address in thestore buffer,and continues executing the program. The store buffer then re-solves the address, acquires the access to the memory locationand stores the data.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
If you need help:
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
*this post has been sponsored by Pabst Blue Ribbon.*
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
Sponsored Links
Advertisement
 
post #4 of 48 (permalink) Old 05-31-2019, 01:21 PM
New to Overclock.net
 
Join Date: Dec 2011
Location: 7200 ft above sea level
Posts: 2,803
https://mdsattacks.com/
This isn't new news, Fallout was one of the exploits revealed the same time as Zombieload, 5/14/19.


Edit - oh I see the new news is that Intel's hardware defense for Meltdown makes Fallout easier to exploit.

Quote:I'm gonna throw in my 2 cents. Not because I'm an expert but because I have a keyboard.



Last edited by bfromcolo; 05-31-2019 at 01:26 PM.
bfromcolo is offline  
post #5 of 48 (permalink) Old 05-31-2019, 02:41 PM
Tech Enthusiast
 
deafboy's Avatar
 
Join Date: Jan 2008
Location: San Diego
Posts: 12,383
Rep: 446 (Unique: 338)
lmao, wow, this is great marketing for AMD

Crazy how much has been happening lately

IN HONOR OF SYRILLIAN, R.I.P.
ASUS ROG Rampage IV Black Owners Club || PNW Overclockers Club
BMW TJ07 Build Log -- The Ultimate Cooling Machine
2 year anniversary In Remembrance of a Great - RIP Syrillian
Mini Gaming
(16 items)
Overkill FreeNAS
(10 items)
CPU
AMD Ryzen R9 3900x
Motherboard
ASUS ROG Strix X570-I
GPU
nVidia Titan XP
RAM
Corsair Vengeance Pro 3600 32GBx2
Hard Drive
Samsung PM981 1TB
Hard Drive
2TB WD Blue M.2
Power Supply
Corsair SF600
Cooling
Noctua U12A
Cooling
Accelero Xtreme III
Cooling
6x Noctua NF-A12x25
Case
Lian Li TU150
Monitor
LG C9
Monitor
ASUS PG279Q
Keyboard
Logitech G613
Keyboard
Logitech K400
Mouse
Logitech G602
CPU
E5-2670v1
CPU
E5-2670v1
Motherboard
Supermicro X9DRL-iF
Hard Drive
12x HGST 4TB CoolSpin
Hard Drive
6x WD Red 8TB
Power Supply
Corsair AX750
Cooling
2x Noctua nh-u9dxi4
Cooling
3x Scythe AP-30
Case
Norco 4224
Operating System
FreeNAS
CPU
Intel Xeon E5-1680 V2
Motherboard
Asus Rampage IV Black Edition
GPU
nVidia Titan XP (2100/5200)
RAM
Corsair Dominator Platinum 32GB
Hard Drive
Intel 750 400GB
Hard Drive
Intel 750 1.2TB
Hard Drive
Samsung PM981 1TB
Power Supply
Corsair AX1200i
Cooling
2x Swiftech D5 w/ EK Dual Pump Top
Cooling
XSPC EX480, EX360 & 2x Phobya 1080
Cooling
EK Supremacy EVO CPU Block
Cooling
EK Advanced 250mL Res
Cooling
Lamptron FC-5V2
Cooling
EK Rampage IV BE Water Block
Cooling
Copper Tubing w/ push fittings
Cooling
EK-FC Titan XP Copper/Acetal
Case
Silverstone TJ07, heavily modified
Operating System
Windows 10 Pro
Monitor
Asus PG297Q
Keyboard
Leopold Otaku
Mouse
Corsair M65
Mouse
Corsair MM600
Audio
Sennheiser HD595 / HD428 / HD280
Audio
Corsair SP2500
▲ hide details ▲


deafboy is offline  
post #6 of 48 (permalink) Old 05-31-2019, 03:05 PM
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
 
TK421's Avatar
 
Join Date: May 2011
Posts: 5,890
Rep: 165 (Unique: 128)
Intel is becoming the CJ meme nowadays with all their security flaws

nͫٴiͤٴcͫٴeͤ੮Һ૯ ცɿ૭ ૭คעٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴ
█▀█ █▄█ ▀█▀ ▀█▀
PC 1
(6 items)
CPU
Ryzen 9 3950X 1900FCLK
Motherboard
Crosshair VIII Hero Wi-Fi
RAM
B-die 2x16 3800MHz F4-3600C16D-32GTZN
Hard Drive
Samsung 960 Pro 512GB
Power Supply
EVGA 750G2
Cooling
NH D15
▲ hide details ▲


TK421 is offline  
post #7 of 48 (permalink) Old 05-31-2019, 03:19 PM
New to Overclock.net
 
Shawnb99's Avatar
 
Join Date: Dec 2011
Location: In Van Down by the River
Posts: 2,008
Rep: 60 (Unique: 41)
And what are the chances I'll ever see this exploit used against me? Has any Intel exploit been used in the wild against a person and not a corporation if one has been used at all?

My Baby
(23 items)
CPU
Delidded Direct Die I9 9900K
Motherboard
ASUS Maximus XI Apex
GPU
EVGA FTW3 Hydro Copper GeForce RTX 2080 Ti
RAM
G.SKILL TridentZ Series 16GB DDR4 3600 F4-3600C15D-16GTZ
Hard Drive
2x Samsung 970 EVO Plus 1TB
Hard Drive
Asus Hyper M.2 card
Hard Drive
2 x Intel 660P 2TB
Power Supply
Seasonic PRIME Ultra 1000 Titanium
Cooling
Optimus Signature V2
Cooling
2x Swiftech MCP35X2 with MCP35X2 Heat Sink w/ 2x NB-BlackSilent Pro's
Cooling
2x Hardware Labs Black Ice Nemesis 560GTX w/ 8x Arctic P14 PST PWM's
Cooling
2x Hardware Labs Black Ice Nemesis 480GTX w/ 16x Noctua NF-A12x25 PWM
Cooling
Aquacomputer aqualis XT 450 ml with nano coating
Cooling
9x Noctua NF-S12A PWM
Cooling
Hardware Labs Black Ice Nemesis 360GTS w/ 6 Arctic P12 PST PWM's
Case
Case Labs Magnum TH10A with Pedestal
Monitor
Asus PG278Q
Keyboard
Das Keyboard 5Q
Mouse
Swiftpoint Z
Audio
Light Harmonic Oscar XXI
Audio
Geek Pulse Inifnity DAC/AMP
Audio
Cavalii Audio Liquid Carbon HPA
Other
Aquacomputer Aquaero XT
▲ hide details ▲
Shawnb99 is offline  
post #8 of 48 (permalink) Old 05-31-2019, 03:24 PM
sudo apt install sl
 
Join Date: Dec 2009
Posts: 6,790
Rep: 191 (Unique: 131)
Quote: Originally Posted by bfromcolo View Post
https://mdsattacks.com/
This isn't new news, Fallout was one of the exploits revealed the same time as Zombieload, 5/14/19.


Edit - oh I see the new news is that Intel's hardware defense for Meltdown makes Fallout easier to exploit.
That was also published on https://mdsattacks.com on the 14th, I didn't know until @rdr09 pointed it out to me on this thread.

https://www.overclock.net/forum/297-...omparison.html

On the Fallout paper published on mdsattack: https://mdsattacks.com/files/fallout.pdf

Quote:
Fallout affects all processor generations we have
tested. However, we notice a worrying regression,
where the newer Coffee Lake R processors are more
vulnerable to Fallout than older generations.

Silent
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 5.1Ghz w/ 1.36v
Motherboard
Maximus VIII Formula
GPU
Titan RTX @ 2100Mhz/2075Mhz
RAM
TeamGroup Xtreem 32GB 3200Mhz CL15
Hard Drive
HP EX950 2TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector RTX RE Ti - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Solus Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
post #9 of 48 (permalink) Old 05-31-2019, 03:28 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 10,193
Rep: 836 (Unique: 465)
Quote: Originally Posted by Shawnb99 View Post
And what are the chances I'll ever see this exploit used against me? Has any Intel exploit been used in the wild against a person and not a corporation if one has been used at all?
i'm sure its less than getting rear ended while driving a `72 pinto, but . . .

just stay unimportant and insignificant and you'll be fine.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
If you need help:
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
*this post has been sponsored by Pabst Blue Ribbon.*
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #10 of 48 (permalink) Old 05-31-2019, 03:29 PM
New to Overclock.net
 
Shawnb99's Avatar
 
Join Date: Dec 2011
Location: In Van Down by the River
Posts: 2,008
Rep: 60 (Unique: 41)
I'm small but mouthy I'm doomed

My Baby
(23 items)
CPU
Delidded Direct Die I9 9900K
Motherboard
ASUS Maximus XI Apex
GPU
EVGA FTW3 Hydro Copper GeForce RTX 2080 Ti
RAM
G.SKILL TridentZ Series 16GB DDR4 3600 F4-3600C15D-16GTZ
Hard Drive
2x Samsung 970 EVO Plus 1TB
Hard Drive
Asus Hyper M.2 card
Hard Drive
2 x Intel 660P 2TB
Power Supply
Seasonic PRIME Ultra 1000 Titanium
Cooling
Optimus Signature V2
Cooling
2x Swiftech MCP35X2 with MCP35X2 Heat Sink w/ 2x NB-BlackSilent Pro's
Cooling
2x Hardware Labs Black Ice Nemesis 560GTX w/ 8x Arctic P14 PST PWM's
Cooling
2x Hardware Labs Black Ice Nemesis 480GTX w/ 16x Noctua NF-A12x25 PWM
Cooling
Aquacomputer aqualis XT 450 ml with nano coating
Cooling
9x Noctua NF-S12A PWM
Cooling
Hardware Labs Black Ice Nemesis 360GTS w/ 6 Arctic P12 PST PWM's
Case
Case Labs Magnum TH10A with Pedestal
Monitor
Asus PG278Q
Keyboard
Das Keyboard 5Q
Mouse
Swiftpoint Z
Audio
Light Harmonic Oscar XXI
Audio
Geek Pulse Inifnity DAC/AMP
Audio
Cavalii Audio Liquid Carbon HPA
Other
Aquacomputer Aquaero XT
▲ hide details ▲
Shawnb99 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off