More Intel leaks.. this one is not good though

[leadeater]

1 minute ago, gabrielcarvfer said:

I've looked for it, and most references start around 2012, including this paper, but in a german site they said it was supported on Sandy Bridge (2011), although it only got few extra instructions that made it "easy to use" with Haswell (2013), so everything predating Haswell will probably get the biggest hit as they're not going to use PCID.

I also had a really hard time finding when PCID was introduced but managed to find similar dates for when.

[SteveGrabowski0]

14 hours ago, Zodiark1593 said:

For the games tested, benches show no difference. For games that utilize a VM for DRM implementation, RIP. (looks at Ubisoft).

Holy shit, I didn't think of that. Could you imagine AC Origins with another 30% drop in performance?

[DrMacintosh]

4 hours ago, Labeled said:

Let's put it this way, you're browsing the web then get infected with some thing Malicious designed to take advantage of this bug

then don't 

[Nocte]

1 hour ago, AresKrieger said:

once intel makes a concrete fix and if not then people can complain with legitmacy

You mean once Intel releases a new architecture?

The problem seems to be hardware based, not software based. They are patching via software to get over a hardware bug.

[Tellos]

@gabrielcarvfer best osurce I;ve seen is intels site indicating PCID was implimentedo n all chips 2010 or later. Now improvements to it may not have been so how well a mitigating factor it is may depend on generation.

[ItsMitch]

28 minutes ago, SteveGrabowski0 said:

Holy shit, I didn't think of that. Could you imagine AC Origins with another 30% drop in performance?

crackwatch is looking into it, don't hold your breath tho

[Fetzie]

35 minutes ago, SteveGrabowski0 said:

Holy shit, I didn't think of that. Could you imagine AC Origins with another 30% drop in performance?

I dunno, AC Origins is so shite you probably wouldn't notice it.

[porina]

https://www.hardwareluxx.de/index.php/news/hardware/prozessoren/45319-intel-kaempft-mit-schwerer-sicherheitsluecke-im-prozessor-design.html

 

Above link has some Windows gaming benchmarks, showing a little drop. They're using an insider preview which is supposed to include the patch.

[sazrocks]

1 hour ago, AresKrieger said:

It's actually a non issue for most consumers in this scenario (at least directly) the issue is more so a scenario like this bank A stores login data on a server, someone gained access to it and then used these exploit to make client passwords legible.

 

If someone gains access to your home PC your likely screwed regardless of this bug except in some extreme circumstances

This can actually be a huge issue for consumers considering one could theoretically access kernel memory from JavaScript running on a freaking webpage.

[leadeater]

First PoC for exploiting it.

 

 

[Tellos]

@gabrielcarvfer

 

https://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode

 

 

[Mira Yurizaki]

Here's some food for thought after reading the KAISER white paper.

 

They claim that KAISER introduces a tiny impact on performance, less than 1%, with benchmarks to prove it. To me that shows that KASLR hardening doesn't introduce much impact in general performance. This makes me wonder if the applications that have the most impact from KASLR hardening have a design issue somewhere because they were taking advantage of an apparent flaw feature. Much like how application developers back in the days of 8086 were abusing the address calculation overflow.

 

And understanding the problem a bit more makes me think that there must be some engineering decision other than "we can't spare the die space for another register." Segmented addressing was a necessary evil after all in the early days of x86.

[sazrocks]

17 minutes ago, leadeater said:

First PoC for exploiting it.

 

 

Well that's bad. Looks like 2 bytes at a time for now.

[emosun]

Is there a list of which cpu's are affected?

I know it said all within last ten years , but is that basically just every 64bit cpu and 32 bit isn't affected or what? is it basically everything netburst or everything after netburst or what?

[ItsMitch]

3 minutes ago, emosun said:

Is there a list of which cpu's are affected?

I know it said all within last ten years , but is that basically just every 64bit cpu and 32 bit isn't affected or what? is it basically everything netburst or everything after netburst or what?

basically every single cpu thats been released really, i might make a list but it'll take a long ass time

[emosun]

1 minute ago, SC2Mitch said:

basically every single cpu thats been released really, i might make a list but it'll take a long ass time

Somehow I doubt it's every cpu ever released. I'm more than willing to bet it doesn't affect anything pentium 2 and lower

[Misanthrope]

Well bad news all around: Linux kernell will be patched for AMD processors too, even though they don't need the patch and will suffer the performance hit as well:

 

https://overclock3d.net/news/cpu_mainboard/both_intel_and_amd_cpus_are_being_reported_as_insecure_on_linux/1

 

I honestly deeply suspect intel chicanery is at hand.

[sazrocks]

5 minutes ago, emosun said:

Somehow I doubt it's every cpu ever released. I'm more than willing to bet it doesn't affect anything pentium 2 and lower

You're pretty much 100% correct. PIII and later are affected as they all use the same prefetch system. I've heard some places that PII might be affected but I'm unsure as to the validity of those claims.

[sazrocks]

2 minutes ago, Misanthrope said:

Well bad news all around: Linux kernell will be patched for AMD processors too, even though they don't need the patch and will suffer the performance hit as well:

 

https://overclock3d.net/news/cpu_mainboard/both_intel_and_amd_cpus_are_being_reported_as_insecure_on_linux/1

 

I honestly deeply suspect intel chicanery is at hand.

That's unfortunate, though AMD users can easily disable the patch using 

pti=off

as a boot argument.

 

Hopefully the patch to check for an AMD arch will get accepted soon.

 

 

 

No word as to whether VIA processors are affected.

[ItsMitch]

 

4 minutes ago, Misanthrope said:

Well bad news all around: Linux kernell will be patched for AMD processors too, even though they don't need the patch and will suffer the performance hit as well:

 

1

So Intel will be fucked the hardest, AMD won't be touched as bad

[Red Hardware]

emm

I'm really interested in benchmarks after the update . Intel will have a big problem if their processors lose some of their performance after the "FIX"

 

[sazrocks]

1 minute ago, SC2Mitch said:

 

So Intel will be fucked the hardest, AMD won't be touched as bad

Any semi-competent linux user will be able to change boot arguments so for them AMD won't be touched at all.

[emosun]

1 minute ago, sazrocks said:

You're pretty much 100% correct. PIII and later are affected as they all use the same prefetch system. I've heard some places that PII might be affected but I'm unsure as to the validity of those claims.

we do have to consider that this exploit will be abused by viruses and malware made to run on essentially the majority of computers in the world , meaning windows 7/8/10

XP is getting to the point where it's so old and usage is so low that it's start becoming safe from sheer age which is already a thing with windows 9x. windows 9x is so old that basically there's almost no viruses that still exist for it lol

[sazrocks]

Just now, Red Hardware said:

emm

I'm really interested in benchmarks after the update . Intel will have a big problem if their processors lose some of their performance after the "FIX"

 

Benchmarks have already been run. On linux performance losses range from 0-30%. It depends on how many syscalls the program makes.

[ItsMitch]

1 minute ago, sazrocks said:

Any semi-competent linux user will be able to change boot arguments so for them AMD won't be touched at all.

Ah, thank you.