Intel CPU - Design flaw in fiecare procesor din ultimii 10 ani

Se pare ca Intel a incercat o amanare a dezvaluire a vulnerabilitatilor cu inca 6 luni :
Original olandeza : https://www.nrc.nl/n...l-hart-a3960208
Google Translate : https://translate.go...l-hart-a3960208

If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations. While there are minor differences between the systems to consider, the mitigation impact is enough to draw the Core i7 8700K much closer to the Ryzen 7 2700X and the Core i9 7980XE to the Threadripper 2990WX.

More Linux mitigation benchmarks are coming up on Phoronix in the days ahead

So maybe a ~1% hit for some Linux games (if that in some configurations) as a result of the new default MDS mitigations and stopping short of disabling Hyper Threading, but even there most Linux games at least don't use more than a few cores/threads. But as said, will have some low-end Linux gaming hardware tests out in the days ahead. More of the CPU/system benchmarks that are much more interesting in the context of these mitigations will be out shortly where it seems to be commonly 4~5% but more significant in the context switching heavy workloads.

Ironically, the recent hardware countermeasures introduced by Intel in recent Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware.

Ne-am obișnuit ca Intel să o dea în bară cu toate.
[,,,] E bine că nu se mai concentrează pe procesoare de smartphone-uri și modem-uri 5G, ca să facă treaba bună pe partea de PC-uri.

(Submitted on 29 May 2019)
Recently, out-of-order execution, an important performance optimization in modern high-end processors, has been revealed to pose a significant security threat, allowing information leaks across security domains. In particular, the Meltdown attack leaks information from the operating system kernel to user space, completely eroding the security of the system. To address this and similar attacks, without incurring the performance costs of software countermeasures, Intel includes hardware-based defenses in its recent Coffee Lake R processors.

In this work, we show that the recent hardware defenses are not sufficient. Specifically, we present Fallout, a new transient execution attack that leaks information from a previously unexplored microarchitectural component called the store buffer. We show how unprivileged user processes can exploit Fallout to reconstruct privileged information recently written by the kernel. We further show how Fallout can be used to bypass kernel address space randomization. Finally, we identify and explore microcode assists as a hitherto ignored cause of transient execution.

Fallout affects all processor generations we have tested. However, we notice a worrying regression, where the newer Coffee Lake R processors are more vulnerable to Fallout than older generations.

Vezi ca gresit topicul si contul o fi de la lipsa de somn

Ps : astept cu nerabdare r9 3950x !

This additional attack vector builds on existing software fixes shipped in previous kernel updates.

An unprivileged local attacker can use these flaws to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.

This vulnerability only applies to x86-64 systems using either Intel or AMD processors.

Bitdefender researchers, meanwhile, said they tested two AMD chips and found no evidence either was affected.

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.

Is DDIO enabled by default?

Yes, DDIO is enabled transparently by default in all Intel server-grade processors since 2012 (Intel Xeon E5, E7 and SP families).

Does writing side channel-resistant (constant-time) software help?

No, with NetCat, we are remotely side channeling the activity of the hardware (i.e., a network device). As long as the network card creates distinct patterns in the cache, NetCAT will be effective regardless of the software running on the remote server. Nonetheless, Intel’s recommendation to deploy side channel-resistant software may be helpful against future NetCAT-like attacks that target victim software on DDIO-enabled machines.

I use a public cloud provider. Am I at risk?

If DDIO is available/enabled on your platform, you are affected by the vulnerability. If RDMA is also enabled, the vulnerability immediately exposes your server to practical side-channel attacks over the network, as demonstrated by our NetCAT exploit.

I am a public cloud provider. How can I protect my customers?

Disable DDIO to eradicate the vulnerability (or at least RDMA to reduce its impact).

How can I disable DDIO?

You can disable DDIO by adjusting the Integrated I/O (IIO) configuration registers. There are two possibilities, changing it globally (Disable_All_Allocating_Flows bit) or per root PCIe port (NoSnoopOpWrEn and Use_Allocating_Flow_Wr bit). We successfully mitigated NetCAT by setting these bits on our Intel Xeon E5 cluster. For the Intel Xeon SP families, the offsets of these bits are not (yet) publicly documented.

Update: New Variant of ZombieLoad enables attacks on MDS-resistant CPUs

With November 14th, 2019, we present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible. Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient.

We disclosed Variant 2 to Intel on April 23th, 2019, and communicated that the attacks work on Cascade Lake CPUs on May 10th, 2019. On May 12th, 2019, the variant has been put under embargo and, thus, has not been published with the previous version of our ZombieLoad attack on May 14th, 2019.

Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings.