Intel exploit, again

[Jurrunio]

Source - Tom's Hardware

 

Quote

A quick refresher on MDS: we said in May that it's "a speculative execution side-channel attack that may allow malicious actors to locally execute code to extract sensitive data that would otherwise be protected by Intel processors’ architectural mechanisms." The vulnerabilities affected basically every Intel processor--with the notable exception of those based on the company's Whiskey Lake, Atom, and Knights architectures--released between 2011 and 2018.

Intel said at the time that it would take significant changes to various operating systems and other core parts of PC software to fully address the MDS vulnerabilities. In the meantime, it recommended disabling Hyper-Threading, continuing the trend of side-channel attacks worsening Intel's simultaneous multi-threading technology. We found that its mitigations for the MDL vulnerabilities (among others) also had a significant effect on the performance of SSDs used by systems featuring Intel CPUs.

So yes, this is a continuation of MDS attacks

 

Quote

Today it revealed that MDS was an even bigger problem than many people realized by announcing a new TSX Asynchronous Abort (TAA) vulnerability. Intel also disclosed a new Jump Conditional Code (JCC) erratum today and released a patch that does have a performance impact (which we'll cover further below). 

Only the researchers who discovered both security flaws said there's nothing new about TAA--they claimed to have disclosed the vulnerability to Intel over a year ago, but is just now seeing the light of day to the public.

...

VUSec, CISPA, and other security organizations shared more information about MDS, TAA and related vulnerabilities on the "MDS Attacks" website. The groups said they disclosed the MDS flaw and TAA vulnerability to Intel in September 2018. Because they coordinated the public disclosure of those issues with Intel, they didn't say anything until May, but it turns out that even then they couldn't offer full details about the vulnerabilities or Intel's response to them to the public until today.

Today's update to MDS Attacks revealed TAA, alignment faults that give "an attacker yet another way of leaking data" in all but the most recent Intel processors, flawed MDS mitigations, and a new RIDL test suite that can be found on GitHub. The organizations also said in their TL;DR that "an attacker can mount a RIDL attack despite the in-silicon mitigations/microcode patches published in May 2019 being in place." (Which is the kind of TL;DR that makes people actually want to read more.)

Not only does 10nm fail to get out in masses, but they don't even have time to make sure the "fixes" stay valid when they were first distributed to the users

 

Quote

Intel also revealed that TAA affects even more processors than the MDS vulnerabilities it shared in May. In the "Deep Dive: Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort" report it published today, the company said that certain Whiskey Lake, Cascade Lake, and Coffee Lake R processors that support its Intel TSX technology are affected by this vulnerability. That means even the company's latest processors aren't safe from these issues.

What's worse than delaying a product? Delaying a refresh of a refresh of a product. How to get worse than even that? You have to announce that your new lineup carries flaws before they leave the doors of retailers (You can't buy LGA2066 Cascade Lake CPUs yet)

 

Quote

The company said, "malicious application software executed by an authenticated user may be able to infer the values of data accessed on the same physical core" by exploiting TAA. That means they could glean information about:

• Other applications
• Operating System (OS)
• System Management Mode (SMM)
• Intel Software Guard Extensions (Intel SGX) enclaves
• Virtual Machine Manager (VMM) if present
• Other guests running under the same VMM

...

The new TAA vulnerabilities weren't the only security flaw affecting Intel processors revealed today. Phoronix reported on Jump Conditional Code (JCC) erratum affecting CPUs based on the Skylake architecture and its descendants. This is said to be "a bug involving the CPU's Decoded ICache" that meant "unpredictable behavior could happen when jump instructions cross cache lines." Intel released microcode updates to address the flaw, but unsurprisingly, that added security affected performance.

Phoronix said that "Intel's official guidance coming out today states their observed performance effects from this microcode update to be in the range of 0~4%" with some outliers. The outlet's benchmarks showed that the "microcode update does cause a hit of generally up to a couple percent," but with the caveat that in "select real-world workloads the impact is greater."

This will hurt more on HEDT platforms than consumer platforms since people and businesses get into HEDT platform to do these things specifically.

 

Guess who's laughing on the side?

[Murasaki]

I mean what else can I say..

[rcmaehl]

Oh boy! More hardware vulnerabilities!
 

[S w a t s o n]

Nobody ever got fired for buying Intel....

[vanished]

Is this a repost of the 77 issues from the other day or are there more now? (can't believe I actually have to ask that but it's happened before...)

[AlexOak]

Well, my bro will have a kick out of this one. His i5 6600k is already having trouble running destiny 2 or any other game with discord open.... AMD is looking like a great choice for future builds. 

[pas008]

2 minutes ago, AlexOak said:

Well, my bro will have a kick out of this one. His i5 6600k is already having trouble running destiny 2 or any other game with discord open.... AMD is looking like a great choice for future builds. 

i'm sorry that sounds like user error though

 

@Jurrunio  does it say if intel paid them?

 

[Blatcher2]

52 minutes ago, Jurrunio said:

architectures--released between 2011 and 2018.

YES, my CPU from 2010 is safe

[Nowak]

[Master Disaster]

19 minutes ago, Ryan_Vickers said:

Is this a repost of the 77 issues from the other day or are there more now? (can't believe I actually have to ask that but it's happened before...)

Ikr, it's bordering on comical how many exploits are being found on Intel CPUs.

 

The problem is once one is found and gains media attention everyone starts probing hoping to have their name attached to the next big story. Unfortunately for Intel it seems like they have a bug for every transistor in their chips.

[GoldenLag]

2 minutes ago, Master Disaster said:

Ikr, it's bordering on comical how many exploits are being found on Intel CPUs.

its at the point where if i see it in the tech sub-topic, i think its some old post people found, but no. its another new exploit. 

[MichaelWd]

1 hour ago, Jurrunio said:

The vulnerabilities affected basically every Intel processor--with the notable exception of those based on the company's Whiskey Lake, Atom, and Knights architectures--released between 2011 and 2018.

I guess this means Sandy Bride onwards? Damn...

[Jurrunio]

41 minutes ago, pas008 said:

@Jurrunio  does it say if intel paid them?

It doesn't say so, but they do if they still work like they used to.

[mr moose]

1 hour ago, Ryan_Vickers said:

Is this a repost of the 77 issues from the other day or are there more now? (can't believe I actually have to ask that but it's happened before...)

Can we get the threads merged, there was some discussion and links to relevant benchmarks in the other thread.

 

 

Also it might be time for a sub forum in TN&R just for Intel exploits.

 

 

 

[vanished]

2 hours ago, mr moose said:

Can we get the threads merged, there was some discussion and links to relevant benchmarks in the other thread.

 

 

Also it might be time for a sub forum in TN&R just for Intel exploits.

I can't merge them or that one becomes the OP, thus pulling this out of tech news.  I'll link it here though:

Like I said, still don't know if this is a repost of the same issue or if there's been even more now since yesterday.  If this is different it wouldn't even be right to merge them.  Sounds like it probably is the same set though.

[Jurrunio]

6 minutes ago, Ryan_Vickers said:

Like I said, still don't know if this is a repost of the same issue or if there's been even more now since yesterday.  If this is different it wouldn't even be right to merge them.  Sounds like it probably is the same set though.

@mr moose the sources dont cover the exact same stuff, tho Intel seems to have released both together

Quote

The new TAA vulnerabilities weren't the only security flaw affecting Intel processors revealed today. Phoronix reported on Jump Conditional Code (JCC) erratum ...

Two sources focuses on different parts of the same exploit announcement, which I think is because there's too many of them at the same time

[mr moose]

1 hour ago, Jurrunio said:

@mr moose the sources dont cover the exact same stuff, tho Intel seems to have released both together

Two sources focuses on different parts of the same exploit announcement, which I think is because there's too many of them at the same time

The way I read the original article was that the others were neither here nor there as far as serious or performance impacting and the JCC was the one to watch hence the relative early testing of the mitigations etc.

[CarlBar]

I think one thing that needs to be brought to mind here is that when you get into any system as complex as a modern CPU architecture. simply discovering a general possibility itself is a tough task but it then effectively opens up a whole subfield of interaction possibilities that have to be explored and played with and some will be more complex and some will be simpler.And some will open up further paths of exploration to go down.

 

And thats pretty much what's happened here. It turns out that intel's methods of implementing SMT have significant levels of unexpected interactions possibble in them. Plumbing the depths of that mine of possibbilities is going to take a significant period of time after the initial issue was discovered and even longer to fix. So whilst it's not good for intel that these vulnerabilities keep getting announced, it's also not surprising. In fact it's downright inevitable this would happen. What would be more interesting is hearing how many conceptual attacks where investigated and found to not function. Thats the really telling part IMO.