Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort (https://www.overclock.net/forum/225-hardware-news/1736232-phoronix-new-zombieload-side-channel-attack-variant-tsx-asynchronous-abort.html)

Imouto 11-12-2019 03:08 PM

[Phoronix] New ZombieLoad Side-Channel Attack Variant: TSX Asynchronous Abort
 
Quote:

Current Intel hardware mitigations do not cover TAA and current Cascade Lake CPUs remain vulnerable. TAA can allow leaking of data across processes, privilege boundaries and Hyper Threading. With Hyper Threading disabled, TAA can still leak data from protected domains.

For mitigating TAA Asynchronous Abort there is no new software workaround out today short of disabling Intel TSX. It is recommended to disable Hyper Threading while Cyberus ultimately recommends running trusted/untrusted applications on separate physical systems.
https://www.phoronix.com/scan.php?pa...-TAA-Announced

* Laughs in "I told you so" *

Hardware mitigations only cover known attacks and do not cover the vector. Unless Intel builds a CPU from the ground up these will keep popping like mushrooms... (MUSHROOM!!!).

iamjanco 11-12-2019 03:41 PM

From the Cyberus article (worth a read for more detail):

Quote:

Affected software:

So far all versions of all operating systems (Microsoft Windows, Linux, MacOS, BSDs, …)
All hypervisors (VMWare, Microsoft HyperV, KVM, Xen, Virtualbox, …)
All container solutions (Docker, LXC, OpenVZ, …)

Affected CPUs:

Intel CPUs with support for Intel TSX (most recent Intel Core and Xeon CPUs).

skupples 11-12-2019 04:17 PM

Quote:

Originally Posted by Imouto (Post 28194264)
https://www.phoronix.com/scan.php?pa...-TAA-Announced

* Laughs in "I told you so" *

Hardware mitigations only cover known attacks and do not cover the vector. Unless Intel builds a CPU from the ground up these will keep popping like mushrooms... (MUSHROOM!!!).

yep, nothings changing until core officially dies. It's grown quite long in the tooth.

i was just explaining this to my old man over dinner, as he laughed at me for not buying in on AMD in 2015. Asked if AMD still has upward momentum. I basically explained that ^^^ will keep happening, which will continue to slow down existing hardware, and tarnish their "good" name. = more money for AMD.

tpi2007 11-12-2019 04:33 PM

What kind of cheese is this? It isn't Swiss, I can tell as much, it smells and has way more holes (NSFW language in the video):



TK421 11-13-2019 01:28 AM

Does this affect any Z370/Z390 boards?

iamjanco 11-13-2019 02:09 AM

Boards? No. The cpus you put in them? Yup. Including the I9 9900 series of cpus.

The full list of affected cpus follows:

4th generation Intel® Core™ Processors
5th generation Intel® Core™ Processors
6th generation Intel® Core™ Processors
7th generation Intel® Core™ Processors
8th generation Intel® Core™ Processors

Source

Furthermore, Intel released 18 security related advisories yesterday (the 12th), as well as a number of mitigating patches (which don't necessarily fix all the holes). Anyway, Linux users have already started seeing the patches, but as of now there's no word yet on when they'll start showing up elsewhere.

ZDnet's got an easy to follow article on the topic, if you're interested in it:

Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack

Sidenote: gamers will love this: The Gaming Performance Impact From The Intel JCC Erratum Microcode Update. Though the article is geared toward Linux gamers, expectations are that Windows gamers will also take a hit in framerates.

rluker5 11-13-2019 02:46 AM

Quote:

or making sure that trusted and untrusted code do not share physical cores
-from Cyberus article

That's really the best mitigation since malicious code can and does exploit through easier and more effective means. Even Ryzen. Also the 4770k hasn't had TSX for quite some time.

rdr09 11-13-2019 02:52 AM

Just disable Hyperthreading. Problem solved.

Aenra 11-13-2019 03:31 AM

The gift that keeps on giving ^^

tpi2007 11-13-2019 03:55 AM

It's the second time (links below) I'm reading that the TSX bug affects Haswell, but it's worth noting that desktop and laptop users are probably not affected.

https://www.techpowerup.com/261097/i...-lake-included
https://www.extremetech.com/computin...security-fixes

Most people with Haswell based PC's will have TSX disabled because Intel found a bug in TSX back in 2014 and issued a microcode update to disable it. Only Xeons E7 based on Haswell-EX have the bug fixed and TSX enabled.

https://www.anandtech.com/show/8376/...eep-broadwelly

As to Broadwell, it's a bit unclear as to exactly what models have TSX enabled and disabled, but Broadwell-Y has the bug and is thus disabled. The i7 5650U and 5600U, i5 5350U and 5300U are supposed to have it working. Xeon-D has it working and so do the desktop i5-5675C and i7-5775C. Broadwell-E (HEDT) apparently doesn't have TSX enabled, there is nothing on it in the ARK pages.

So, when it comes to Haswell and Broadwell, it's a bit of a mess, especially Broadwell.


All times are GMT -7. The time now is 11:41 PM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.