[Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort - Overclock.net - An Overclocking Community

Forum Jump: 

[Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort

Reply
 
Thread Tools
post #1 of 28 (permalink) Old 11-12-2019, 04:08 PM - Thread Starter
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 2,046
Rep: 226 (Unique: 108)
[Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort

Quote:
Current Intel hardware mitigations do not cover TAA and current Cascade Lake CPUs remain vulnerable. TAA can allow leaking of data across processes, privilege boundaries and Hyper Threading. With Hyper Threading disabled, TAA can still leak data from protected domains.

For mitigating TAA Asynchronous Abort there is no new software workaround out today short of disabling Intel TSX. It is recommended to disable Hyper Threading while Cyberus ultimately recommends running trusted/untrusted applications on separate physical systems.
https://www.phoronix.com/scan.php?pa...-TAA-Announced

* Laughs in "I told you so" *

Hardware mitigations only cover known attacks and do not cover the vector. Unless Intel builds a CPU from the ground up these will keep popping like mushrooms... (MUSHROOM!!!).

#EnthusiastLivesMatter
Imouto is offline  
Sponsored Links
Advertisement
 
post #2 of 28 (permalink) Old 11-12-2019, 04:41 PM
Head Dwarf
 
iamjanco's Avatar
 
Join Date: Aug 2016
Location: In a circus tent
Posts: 2,086
Rep: 103 (Unique: 57)
From the Cyberus article (worth a read for more detail):

Quote:
Affected software:

So far all versions of all operating systems (Microsoft Windows, Linux, MacOS, BSDs, …)
All hypervisors (VMWare, Microsoft HyperV, KVM, Xen, Virtualbox, …)
All container solutions (Docker, LXC, OpenVZ, …)

Affected CPUs:

Intel CPUs with support for Intel TSX (most recent Intel Core and Xeon CPUs).

Playin' the lead roll in a dwerg tossing contest...


iamjanco is offline  
post #3 of 28 (permalink) Old 11-12-2019, 05:17 PM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 20,224
Rep: 581 (Unique: 325)
Quote: Originally Posted by Imouto View Post
https://www.phoronix.com/scan.php?pa...-TAA-Announced

* Laughs in "I told you so" *

Hardware mitigations only cover known attacks and do not cover the vector. Unless Intel builds a CPU from the ground up these will keep popping like mushrooms... (MUSHROOM!!!).
yep, nothings changing until core officially dies. It's grown quite long in the tooth.

i was just explaining this to my old man over dinner, as he laughed at me for not buying in on AMD in 2015. Asked if AMD still has upward momentum. I basically explained that ^^^ will keep happening, which will continue to slow down existing hardware, and tarnish their "good" name. = more money for AMD.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
skupples is offline  
Sponsored Links
Advertisement
 
post #4 of 28 (permalink) Old 11-12-2019, 05:33 PM
Waiting for 7nm EUV
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 11,469
Rep: 898 (Unique: 504)
What kind of cheese is this? It isn't Swiss, I can tell as much, it smells and has way more holes (NSFW language in the video):




tpi2007 is offline  
post #5 of 28 (permalink) Old 11-13-2019, 02:28 AM
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
 
TK421's Avatar
 
Join Date: May 2011
Posts: 5,491
Rep: 160 (Unique: 125)
Does this affect any Z370/Z390 boards?

nͫٴiͤٴcͫٴeͤ੮Һ૯ ცɿ૭ ૭คעٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ ٴٴ
█▀█ █▄█ ▀█▀ ▀█▀


TK421 is offline  
post #6 of 28 (permalink) Old 11-13-2019, 03:09 AM
Head Dwarf
 
iamjanco's Avatar
 
Join Date: Aug 2016
Location: In a circus tent
Posts: 2,086
Rep: 103 (Unique: 57)
Boards? No. The cpus you put in them? Yup. Including the I9 9900 series of cpus.

The full list of affected cpus follows:

4th generation Intel® Core™ Processors
5th generation Intel® Core™ Processors
6th generation Intel® Core™ Processors
7th generation Intel® Core™ Processors
8th generation Intel® Core™ Processors

Source

Furthermore, Intel released 18 security related advisories yesterday (the 12th), as well as a number of mitigating patches (which don't necessarily fix all the holes). Anyway, Linux users have already started seeing the patches, but as of now there's no word yet on when they'll start showing up elsewhere.

ZDnet's got an easy to follow article on the topic, if you're interested in it:

Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack

Sidenote: gamers will love this: The Gaming Performance Impact From The Intel JCC Erratum Microcode Update. Though the article is geared toward Linux gamers, expectations are that Windows gamers will also take a hit in framerates.

Playin' the lead roll in a dwerg tossing contest...



Last edited by iamjanco; 11-13-2019 at 03:15 AM.
iamjanco is offline  
post #7 of 28 (permalink) Old 11-13-2019, 03:46 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,848
Rep: 48 (Unique: 36)
Quote:
or making sure that trusted and untrusted code do not share physical cores
-from Cyberus article

That's really the best mitigation since malicious code can and does exploit through easier and more effective means. Even Ryzen. Also the 4770k hasn't had TSX for quite some time.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #8 of 28 (permalink) Old 11-13-2019, 03:52 AM
New to Overclock.net
 
rdr09's Avatar
 
Join Date: Mar 2011
Location: From the US but lives in Africa
Posts: 18,854
Rep: 868 (Unique: 634)
Just disable Hyperthreading. Problem solved.

[email protected] 6 http://valid.canardpc.com/show_oc.php?id=2211392 4.6 @ 4 http://valid.canardpc.com/show_oc.php?id=2216580
5.0 @ 8 http://valid.canardpc.com/show_oc.php?id=2511322
2nd AMD Build
(10 items)
CPU
2700
Motherboard
X470
GPU
290
RAM
3200 CL14
Hard Drive
1000
Power Supply
700
Case
212
Operating System
10/64
Monitor
40 1080
Keyboard
M100
▲ hide details ▲
rdr09 is offline  
post #9 of 28 (permalink) Old 11-13-2019, 04:31 AM
Tetrapyloctomist
 
Aenra's Avatar
 
Join Date: Feb 2017
Posts: 1,480
Rep: 22 (Unique: 20)
The gift that keeps on giving ^^

Pride, honour and purity.
Aenra is offline  
post #10 of 28 (permalink) Old 11-13-2019, 04:55 AM
Waiting for 7nm EUV
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 11,469
Rep: 898 (Unique: 504)
It's the second time (links below) I'm reading that the TSX bug affects Haswell, but it's worth noting that desktop and laptop users are probably not affected.

https://www.techpowerup.com/261097/i...-lake-included
https://www.extremetech.com/computin...security-fixes

Most people with Haswell based PC's will have TSX disabled because Intel found a bug in TSX back in 2014 and issued a microcode update to disable it. Only Xeons E7 based on Haswell-EX have the bug fixed and TSX enabled.

https://www.anandtech.com/show/8376/...eep-broadwelly

As to Broadwell, it's a bit unclear as to exactly what models have TSX enabled and disabled, but Broadwell-Y has the bug and is thus disabled. The i7 5650U and 5600U, i5 5350U and 5300U are supposed to have it working. Xeon-D has it working and so do the desktop i5-5675C and i7-5775C. Broadwell-E (HEDT) apparently doesn't have TSX enabled, there is nothing on it in the ARK pages.

So, when it comes to Haswell and Broadwell, it's a bit of a mess, especially Broadwell.



Last edited by tpi2007; 11-13-2019 at 04:58 AM.
tpi2007 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off