speculative execution Google and Microsoft disclosed a new CPU vulnerability named “Speculative Store Bypass” (variant 4). [update]

[captain_to_fire]

2 minutes ago, Sierra Fox said:

we've made CPUs too complex...

overheating Pentium 4/Pentium D ftw! 

 

[captain_to_fire]

4 hours ago, leadeater said:

@captain_to_fire There's actually two newly announced vulnerabilities btw, "Rogue System Register Read"

 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180013

 

ADV180012 is the one for this thread fyi. Microsoft email about it came in this morning.

Just read that one is variant 3a. And yes Google and Microsoft’s naming schemes with CPU vulnerabilities is confusing 

[porina]

5 hours ago, leadeater said:

Currently more, extremely hard to figure out exactly what you are patched for and what you are not patched for right now and to top if off to what extent because you can be patched but not fully patched i.e. CPU microcode.

I've been using MS' speculation control setting powershell thingy. It's even more confusing in another way. I demonstrated on two Ryzen systems with previous Win10 (fully up to date with Windows Update, with Spectre patch explicitly installed manually if needed). They were showing as patched but without the microcode update. Install the latest Win10 release, they were indicated as having that microcode. I did not update the bios in between. Are MS pushing the software microcode load too now? I heard they were looking at that for Intel systems but didn't follow on their progress as Intel have been faster than AMD are releasing microcode, and my modern systems were already bios updated by that point.

 

On another note, is variant 4 what was previously unofficially called Spectre-NG?

[GoldenLag]

5 hours ago, AnonymousGuy said:

Honestly at this point it reads like a bunch of PHD students trying to find hyper obscure corner case vulnerabilities that will never actually be exploitable in the wild.

What else would PHD students be doing? 

[leadeater]

5 minutes ago, porina said:

On another note, is variant 4 what was previously unofficially called Spectre-NG?

I think so, heavy emphasis on think so. Stupid names grrr.

[leadeater]

4 minutes ago, GoldenLag said:

What else would PHD students be doing? 

Finding a cure for cancer or ebola?

[GoldenLag]

26 minutes ago, leadeater said:

Finding a cure for cancer or ebola?

I think breaking very expencive hardware and software by using unknown means is a lot more enticing.

 

Like cancer and ebola will die out on their own (post-mortum)

Spoiler

Its a terrible joke

 

Edited May 22, 2018 by GoldenLag

[captain_to_fire]

1 minute ago, leadeater said:

I think so, heavy emphasis on think so. Stupid names grrr.

 

4 minutes ago, porina said:

On another note, is variant 4 what was previously unofficially called Spectre-NG?

As  it turns out: https://www.bleepingcomputer.com/news/security/google-and-microsoft-reveal-new-spectre-attack/

 

The bugs —referred to in the past weeks as SpectreNG— are related to the previous Meltdown and Spectre bugs discovered last year and announced at the start of 2018.

Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as "variant 3a" and "variant 4" instead of separate vulnerabilities altogether.

Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1
Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2
Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown
Variant 3a: rogue system register read (CVE-2018-3640)
Variant 4: speculative store bypass (CVE-2018-3639)

Variant 3a is a variation of the Meltdown flaw, while Variant 4 is a new Spectre-like attack. The most important of these two is Variant 4. Both bugs occur for the same reason —speculative execution— a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data.

The difference is that Variant 4 affects a different part of the speculative execution process —the data inside the "store buffer" inside a CPU's cache. Red Hat has published a YouTube video explaining how the bug affects modern CPUs.

[captain_to_fire]

4 minutes ago, GoldenLag said:

What else would PHD students be doing? 

 

5 hours ago, AnonymousGuy said:

Honestly at this point it reads like a bunch of PHD students trying to find hyper obscure corner case vulnerabilities that will never actually be exploitable in the wild.

That's how PhD candidates get funded to finish their expensive dissertations whether funding comes from private companies like NVIDIA (see OP) or through government agencies.

[GoldenLag]

4 hours ago, Sierra Fox said:

we've made CPUs too complex...

Nah we made hardware naming too complex. 

B250

B350

Z490

Z390

X299

X399

 

With each tier not being compatible with eachother

 

Gt 1030

Gt 1030

Gtx 1050

Gtx 1050

Gtx 1050

Gtx 1050ti

Gtx 1060

Gtx 1060

Gtx 1060

 Oh boy its great.

[captain_to_fire]

1 minute ago, GoldenLag said:

Nah we made hardware naming too complex. 

i3 but not tri-core CPU

i5 but not penta-core CPU

i7 but not hepta-core CPU.

 

Is it bad that the mobile i9 doesn't have nine cores but 6c/12t instead? 

[GoldenLag]

4 minutes ago, captain_to_fire said:

i3 but not tri-core CPU

i5 but not penta-core CPU

i7 but not hepta-core CPU.

 

Is it bad that the mobile i9 doesn't have nine cores but 6c/12t instead? 

Wasnt there a Core 2 duo quad core?

 

Then there is Zen 1-Ryzen 1

Zen 2-Ryzen 3

Zen +-Ryzen 2

 

And the Gtx 480 and the RX 480

Edited May 22, 2018 by GoldenLag

[captain_to_fire]

1 minute ago, GoldenLag said:

Wasnt there a Core 2 duo quad core?

 

Then there is Zen 1-Ryzen 1

Zen 2-Ryzen 3

Zen +-Ryzen 2

 

And the Gtx 480 and the RX 480

There was a Core 2 quad core but it's easier as it's actual name is "Core 2 Quad" aka Q6600. AMD's naming scheme is confusing as well and I wasn't aware there was a GTX 480 until now.

[GoldenLag]

3 minutes ago, captain_to_fire said:

There was a Core 2 quad core but it's easier as it's actual name is "Core 2 Quad" aka Q6600. AMD's naming scheme is confusing as well and I wasn't aware there was a GTX 480 until now.

Lets not forget the Fury-ious series. The Fury X, Fury, Fury Nani....*cough i mean nano. 

 

And the R9 295x 2

[leadeater]

26 minutes ago, VegetableStu said:

spot the AMD chipset

Found them

 

Nice set of chips

 

Spoiler

B350, Z490, X399? Did I get them?

 

[Dylanc1500]

17 minutes ago, leadeater said:

Found them

 

Nice set of chips

 

  Hide contents

B350, Z490, X399? Did I get them?

 

So now they are copying ruffles? I suppose it was only a matter of time before they got bored of trolling intel and moved on.

[captain_to_fire]

20 minutes ago, leadeater said:

Found them

 

Nice set of chips

 

  Reveal hidden contents

B350, Z490, X399? Did I get them?

 

I'm triggered that those aren't Pringles sour cream 

[mark_cameron]

So is this going to impact performance?

[captain_to_fire]

On 5/23/2018 at 3:06 AM, mark_cameron said:

So is this going to impact performance?

The patch will affect performance but since the target of this vulnerability is mostly web browsers, browser vendors pushed an update to perform additional checks if something tries to exploit the said vulnerability and if something does, it will crash the browser instead thus foiling the attack.

Edited May 23, 2018 by captain_to_fire

[SpaceGhostC2C]

20 hours ago, Rune said:

.....why develop the fix if it is going to be set to off by default?

So it can be enabled  

The thing is, since there is a performance vs. security trade-off, you want to give users the ability to choose their position in that trade-off. The default setting depends on what they expect to be more important, or cost-effective, for the majority / less informed users. Server sysadmins can always turn the fix on, since you would expect them to be informed and understand all this. Consumers are likely to be clueless about what the problem or the fix are, and very unlikely to be subject to the type of attack opened up by this vulnerability.

[Valentyn]

On 22/5/2018 at 3:09 AM, captain_to_fire said:

Most cryptojacking attacks (attacks that inject cryptominers without consent) are prevented by most antivirus programs

Only if people actually run them! I have to help too many people with malware and crap that have AV; but never run a scan and didn’t know they had to

[LAwLz]

7 hours ago, captain_to_fire said:

The patch will affect performance but since the target of this vulnerability is mostly web browsers, browser vendors pushed an update to perform additional checks if something tries to exploit the said vulnerability and if something does, it will crash the browser instead thus foiling the attack.

Ehm, source? First time I heard about that, but it sounds like total BS.

[asus killer]

not that this isn't a good service to the industry but i still don't understand the need to release this to the public, they just make a vulnerability that no hacker knows about a real issue. And issues that seems hard to patch.

This should be treated amongst the industry.

 

The only reason i can see is to present a very bad image of present CPU's, it could serve someone interest in releasing CPU's. *Looking at google*

 

[leadeater]

17 minutes ago, LAwLz said:

Ehm, source? First time I heard about that, but it sounds like total BS.

It's a bit of an unknown, it could effect performance but that is still being assessed. Like the previous patches and microcode updates it's most likely going to be workload dependent as well, as to how much if any.

 

From the little information in the advisory I don't see it having any impact at all to gaming, as before.

 

Quote

SSBD inhibits a Speculative Store Bypass from occurring, thus eliminating the security risk completely. Microsoft is working with AMD and Intel to assess the availability and readiness of these features, including microcode where required, and performance impact.

 

[LAwLz]

1 minute ago, leadeater said:

It's a bit of an unknown, it could effect performance but that is still being assessed. Like the previous patches and microcode updates it's most likely going to be workload dependent as well as to how much if any.

 

From the little information in the advisory I don't see it having any impact at all to gaming, as before.

I buy the part about there being a performance impact.

The "sounds like BS" was aimed at the part saying browsers has been designed to crash if someone tries to exploit this vulnerability.