[arXiv] New Intel security flaw just published aka FALLOUT - Overclock.net - An Overclocking Community

Forum Jump: 

[arXiv] New Intel security flaw just published aka FALLOUT

Reply
 
Thread Tools
post #1 of 48 (permalink) Old 05-31-2019, 11:46 AM - Thread Starter
Stuck in the past
 
mtrai's Avatar
 
Join Date: Feb 2009
Posts: 858
Rep: 14 (Unique: 10)
[arXiv] New Intel security flaw just published aka FALLOUT

https://arxiv.org/abs/1905.12701

Quote:
Fallout: Reading Kernel Writes From User Space

Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Frank Piessens, Berk Sunar, Yuval Yarom

(Submitted on 29 May 2019)

Recently, out-of-order execution, an important performance optimization in modern high-end processors, has been revealed to pose a significant security threat, allowing information leaks across security domains. In particular, the Meltdown attack leaks information from the operating system kernel to user space, completely eroding the security of the system. To address this and similar attacks, without incurring the performance costs of software countermeasures, Intel includes hardware-based defenses in its recent Coffee Lake R processors.
In this work, we show that the recent hardware defenses are not sufficient. Specifically, we present Fallout, a new transient execution attack that leaks information from a previously unexplored microarchitectural component called the store buffer. We show how unprivileged user processes can exploit Fallout to reconstruct privileged information recently written by the kernel. We further show how Fallout can be used to bypass kernel address space randomization. Finally, we identify and explore microcode assists as a hitherto ignored cause of transient execution.
Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.

post-flame-small.gif5 GHz Overclock Club post-flame-small.gif


Sabertooth 990 FX R 2.0 FX 8120 BL ED. B2 Rev Can over clocked to 5.0( Normally run at 4.4 Ghz )
2 x 8 Gb Corsair Vengence 1600 Ram EVGA Supernova 1050 GS Gold PSU Logitech G502 Proteus Gaming Mouse
Powercolor PCS+ R9 290X x2 CM Storm Trooper Case
SteelSeries Apex Gaming Keyboard SteelSeries Stealth Merc Keyboard (1 broke key)
Several Sata HDs CM Seidron 120 AIO Closed Liquid Cooler
Disabled so not a ton of money.
mtrai is offline  
Sponsored Links
Advertisement
 
post #2 of 48 (permalink) Old 05-31-2019, 11:48 AM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 463
Rep: 11 (Unique: 10)
We can't keep up with this, I lost count already ;-).
Hwgeek is offline  
post #3 of 48 (permalink) Old 05-31-2019, 01:20 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,452
Rep: 775 (Unique: 445)
for those that want a PDF of the paper:

1905.12701.pdf

a teaser:
Quote:
1.1 Our Contribution
Unfortunately, in this paper, we answer these questions in thenegative. We presentFallout, a new attack on the hardware-based memory isolation mechanisms in Intel CPUs. UsingFallout, user-space programs can read data that has recentlybeen written by the kernel, as well as derandomize KernelAddress Space Layout Randomization (KASLR). Similarly toprevious transient execution attacks, Fallout does not requireany privileges except for the ability to run code, and does notexploit any kernel vulnerabilities.
The Mechanism Behind Fallout.
Fallout exploits an op-timization that we callWrite Transient Forwarding(***),which incorrectly passes values from memory writes to subse-quent memory reads. In a nutshell, when the program writesa value to memory, the processor needs to first translate thevirtual address of the destination to a physical address andthen acquire exclusive access to the location. Rather thanstalling the store instruction and subsequent computation, theprocessor records the value and the address in thestore buffer,and continues executing the program. The store buffer then re-solves the address, acquires the access to the memory locationand stores the data.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
Sponsored Links
Advertisement
 
post #4 of 48 (permalink) Old 05-31-2019, 01:21 PM
New to Overclock.net
 
Join Date: Dec 2011
Location: 7200 ft above sea level
Posts: 2,696
https://mdsattacks.com/
This isn't new news, Fallout was one of the exploits revealed the same time as Zombieload, 5/14/19.


Edit - oh I see the new news is that Intel's hardware defense for Meltdown makes Fallout easier to exploit.

Quote:I'm gonna throw in my 2 cents. Not because I'm an expert but because I have a keyboard.



Last edited by bfromcolo; 05-31-2019 at 01:26 PM.
bfromcolo is online now  
post #5 of 48 (permalink) Old 05-31-2019, 02:41 PM
Tech Enthusiast
 
deafboy's Avatar
 
Join Date: Jan 2008
Location: San Diego
Posts: 12,031
Rep: 431 (Unique: 329)
lmao, wow, this is great marketing for AMD

Crazy how much has been happening lately

IN HONOR OF SYRILLIAN, R.I.P.
ASUS ROG Rampage IV Black Owners Club || PNW Overclockers Club
BMW TJ07 Build Log -- The Ultimate Cooling Machine
2 year anniversary In Remembrance of a Great - RIP Syrillian
Overkill FreeNAS
(11 items)
Play Server
(10 items)
CPU
Intel i7 3930k @4.8-5.2
Motherboard
Asus Rampage IV Black Edition
GPU
nVidia Titan XP
RAM
Corsair Dominator Platinum 32GB
Hard Drive
Intel 750 400GB
Hard Drive
Intel 750 1.2TB
Power Supply
Corsair AX1200i
Cooling
2x Swiftech D5 w/ EK Dual Pump Top
Cooling
XSPC EX480, EX360 & 2x Phobya 1080
Cooling
EK Supremacy EVO CPU Block
Cooling
EK Advanced 250mL Res
Cooling
Lamptron FC-5V2
Cooling
EK Rampage IV BE Water Block
Cooling
Copper Tubing w/ push fittings
Cooling
EK-FC Titan XP Copper/Acetal
Case
Silverstone TJ07, heavily modified
Operating System
Windows 10 Pro
Monitor
Samsung U28D590D 4K
Keyboard
Leopold Otaku
Mouse
Corsair M65
Mouse
Corsair MM600
Audio
Sennheiser HD595 / HD428 / HD280
Audio
Corsair SP2500
Other
Mellanox Connectx-2 10Gb SFP+ NIC
CPU
E5-2670v1
CPU
E5-2670v1
Motherboard
Supermicro X9DRL-iF
Hard Drive
12x HGST 4TB CoolSpin
Hard Drive
6x WD Red 8TB
Hard Drive
SanDisk Ultra II 960TB SSD
Power Supply
Corsair AX750
Cooling
2x Noctua nh-u9dxi4
Cooling
3x Scythe AP-30
Case
Norco 4224
Operating System
FreeNAS
CPU
Intel Xeon L5640
CPU
Intel Xeon L5640
Motherboard
Dell R710 Mobo
RAM
Hynix 144GB DDR3 ECC PC3L-10600R
Hard Drive
Intel X25-M G2 80GB
Power Supply
Redundant 840W PSU
Case
Dell 710 2.5" - Google Search Appliance
Other
Mellanox Connectx-2 10Gb SFP+ NIC
Other
Dell Perc H700 Raid Controller
Other
Dell iDRAC6 Enterprise
▲ hide details ▲


deafboy is offline  
post #6 of 48 (permalink) Old 05-31-2019, 03:05 PM
⎬⎛⎝⎠⎞⎨
 
TK421's Avatar
 
Join Date: May 2011
Posts: 5,202
Rep: 156 (Unique: 121)
Intel is becoming the CJ meme nowadays with all their security flaws

Desktop for gaming
(17 items)
ThinkPad T480
(9 items)
ThinkPad T430 XM
(9 items)
CPU
i7 5820K
Motherboard
X99 Deluxe
GPU
RTX 2080 Ti XC Ultra
RAM
Crucial 4x4GB
Hard Drive
Samsung 950 Pro 512GB
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
WD Black 4TB
Hard Drive
WD Red 10TB
Optical Drive
Dell CH03N BD
Power Supply
EVGA 750 G2
Cooling
Swiftech Drive H360X3
Case
Phanteks Enthoo Luxe
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
BenQ XL2430T
Monitor
ASUS PG279Q
Keyboard
Bloody B850
Mouse
Logitech G102 Prodigy (Mercury)
CPU
i7 8550U
Motherboard
Lenovo Windu-2 20L5
GPU
Intel UHD 620
RAM
F4-3000C16D-16GRS | 2x8GB 2400MHz
Hard Drive
Intel NVME SSD 256GB
Power Supply
Lenovo 65w USB-C
Cooling
Delta 01YR200
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
LP140WF6-SPB7 FHD IPS
CPU
i7 3920XM
Motherboard
Nozomi 4 Type 2344 BZU
GPU
Intel HD4000
RAM
F3-2133C11-8GSRL | 2x8GB 2133MHz
Hard Drive
Samsung 850 Pro 256GB
Power Supply
Lenovo 90W
Operating System
Windows 10 Enterprise LTSC 1809
Monitor
AUO B140HAN01.3
Keyboard
Classic 7-row NMB 45N2211
▲ hide details ▲


TK421 is offline  
post #7 of 48 (permalink) Old 05-31-2019, 03:19 PM
New to Overclock.net
 
Shawnb99's Avatar
 
Join Date: Dec 2011
Location: Crackatoea
Posts: 627
Rep: 17 (Unique: 12)
And what are the chances I'll ever see this exploit used against me? Has any Intel exploit been used in the wild against a person and not a corporation if one has been used at all?

My Baby
(24 items)
CPU
Delidded I9 9900K
Motherboard
ASUS Maximus XI Formula
GPU
EVGA FTW3 Hydro Copper GeForce RTX 2080 Ti
RAM
G.SKILL TridentZ Series 16GB DDR4 3600 F4-3600C15D-16GTZ
Hard Drive
2x Samsung 970 EVO Plus 1TB in Raid 0
Hard Drive
2x Intel 660P 2TB in Raid 0
Hard Drive
Asus Hyper M.2 Card
Power Supply
Seasonic PRIME Ultra 1000 Titanium
Cooling
Watercool HEATKILLER IV PRO
Cooling
2x Swiftech MCP35X2 with MCP35X2 Heat Sink
Cooling
2x Hardware Labs Black Ice Nemesis 360GTR
Cooling
2x Hardware Labs Black Ice Nemesis 360GTS
Cooling
Aquacomputer aqualis XT 450 ml with nano coating
Cooling
9x Noctua NF-S12A PWM
Cooling
2x Noctua NA-A15 PWM
Cooling
24x EK Vadar F4120ER
Case
Case Labs Magnum M8 with Pedestal
Monitor
Asus PG28Q
Keyboard
Das Keyboard 5Q
Mouse
Swiftpoint Z
Audio
Mr. Speakers Aeon Closed
Audio
Geek Pulse Inifnity DAC/AMP
Audio
Cavalii Audio Liquid Carbon HPA
Other
Aquacomputer Aquaero XT
▲ hide details ▲
Shawnb99 is online now  
post #8 of 48 (permalink) Old 05-31-2019, 03:24 PM
sudo apt install sl
 
WannaBeOCer's Avatar
 
Join Date: Dec 2009
Posts: 4,654
Rep: 158 (Unique: 114)
Quote: Originally Posted by bfromcolo View Post
https://mdsattacks.com/
This isn't new news, Fallout was one of the exploits revealed the same time as Zombieload, 5/14/19.


Edit - oh I see the new news is that Intel's hardware defense for Meltdown makes Fallout easier to exploit.
That was also published on https://mdsattacks.com on the 14th, I didn't know until @rdr09 pointed it out to me on this thread.

https://www.overclock.net/forum/297-...omparison.html

On the Fallout paper published on mdsattack: https://mdsattacks.com/files/fallout.pdf

Quote:
Fallout affects all processor generations we have
tested. However, we notice a worrying regression,
where the newer Coffee Lake R processors are more
vulnerable to Fallout than older generations.

Maximus
(20 items)
CPU
Core i9 9900K... CoffeeTime! @ 4.2Ghz w/ 1v
Motherboard
Maximus VIII Formula
GPU
Radeon VII @ 2100Mhz/1250Mhz w/ 1150mV
RAM
G.Skill 16GB 3866Mhz CL15
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
Samsung 850 Evo 500GB
Power Supply
EVGA SuperNova 1200w P2
Cooling
EK Supremacy Full Copper Clean
Cooling
XSPC D5 Photon v2
Cooling
Black Ice Gen 2 GTX360 x2
Cooling
EK-Vector Radeon VII - Copper + Plexi
Case
Thermaltake Core X5 Tempered Glass Edition
Operating System
Clear Linux
Monitor
Acer XF270HUA
Keyboard
Cherry MX Board 6.0
Mouse
Logitech G600
Mouse
Alugraphics GamerArt
Audio
Definitive Technology Incline
Audio
SMSL M8A
▲ hide details ▲
WannaBeOCer is online now  
post #9 of 48 (permalink) Old 05-31-2019, 03:28 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,452
Rep: 775 (Unique: 445)
Quote: Originally Posted by Shawnb99 View Post
And what are the chances I'll ever see this exploit used against me? Has any Intel exploit been used in the wild against a person and not a corporation if one has been used at all?
i'm sure its less than getting rear ended while driving a `72 pinto, but . . .

just stay unimportant and insignificant and you'll be fine.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #10 of 48 (permalink) Old 05-31-2019, 03:29 PM
New to Overclock.net
 
Shawnb99's Avatar
 
Join Date: Dec 2011
Location: Crackatoea
Posts: 627
Rep: 17 (Unique: 12)
I'm small but mouthy I'm doomed

My Baby
(24 items)
CPU
Delidded I9 9900K
Motherboard
ASUS Maximus XI Formula
GPU
EVGA FTW3 Hydro Copper GeForce RTX 2080 Ti
RAM
G.SKILL TridentZ Series 16GB DDR4 3600 F4-3600C15D-16GTZ
Hard Drive
2x Samsung 970 EVO Plus 1TB in Raid 0
Hard Drive
2x Intel 660P 2TB in Raid 0
Hard Drive
Asus Hyper M.2 Card
Power Supply
Seasonic PRIME Ultra 1000 Titanium
Cooling
Watercool HEATKILLER IV PRO
Cooling
2x Swiftech MCP35X2 with MCP35X2 Heat Sink
Cooling
2x Hardware Labs Black Ice Nemesis 360GTR
Cooling
2x Hardware Labs Black Ice Nemesis 360GTS
Cooling
Aquacomputer aqualis XT 450 ml with nano coating
Cooling
9x Noctua NF-S12A PWM
Cooling
2x Noctua NA-A15 PWM
Cooling
24x EK Vadar F4120ER
Case
Case Labs Magnum M8 with Pedestal
Monitor
Asus PG28Q
Keyboard
Das Keyboard 5Q
Mouse
Swiftpoint Z
Audio
Mr. Speakers Aeon Closed
Audio
Geek Pulse Inifnity DAC/AMP
Audio
Cavalii Audio Liquid Carbon HPA
Other
Aquacomputer Aquaero XT
▲ hide details ▲
Shawnb99 is online now  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off