'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Darn, I wish they would include plain vanilla Sandy Bridge.
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    According to Intel, the E version of Sandy Bridge is unsupported as of June 2020.(https://software.intel.com/security...execution-attack-mitigation-product-cpu-model)
    It may be that Microsoft just released an older Microcode update for those. In the past they've also released a microcode update for only a select number of CPU's, and waited a long time before adding other CPU's as well.
    Microsofts information is confusing. For example, if you look on this page (https://support.microsoft.com/nl-nl/help/4589212/intel-microcode-updates), you will see RAPL listed among the vulnerabilities. If you look at the list below that, you will see plain Sandy Bridge listed as well with microcode 0x2f. 0x2f was released last year for plain Sandy Bridge with migitations for MDS(Zombieload). After that, Intel ended support for plain Sandy Bridge. So, there cannot be a RAPL fix for plain Sandy Bridge, even though it is listed there.
     
  3. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Hmm, according to this Intel advisory on the subject, Sandy Bridge CPU's are not affected. Perhaps, I have nothing to worry about?!?! :confused:
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    RAPL was introduced first in Sandy Bridge, so my guess is that it is affected. However, Intel only lists 6th gen and up as affected. SGX was introduced into 6th gen, so obviously you cannot use this attack to get secrets from SGX on CPU's that don't have SGX. It's not the first time Intel focused only on the SGX part of a CPU vulnerability.
    In this case, the OS update fixes unpriviledged access to RAPL, and microcode update is needed to protect against priviledged access SGX. So if your CPU doesn't have SGX, all you need is an OS update.
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    https://www.bleepingcomputer.com/ne...s-new-windows-10-intel-cpu-microcode-updates/

    Has anyone updated their cpu with these new microcode updates? And if yes, which cpu did you use, and did you notice performance slowdowns?

    Personally, I plan to do some benchmarks before updating, just to make sure everything is intact ( I will compare them to the benchmarks after I update)

    I am on newest 20H2 19042.804 yet I did not get WU for these, but if I download KB4589212 I can install it manually

    I also found this very useful link for all vulnerabilites on all processors and all of their statuses
    https://software.intel.com/security...execution-attack-mitigation-product-cpu-model

    MCU - MicroCode Update

    As well as this slightly outdated link for some of em https://support.microsoft.com/en-us...bilities-35820a8a-ae13-1299-88cc-357f104f5b11

    Note - These microcode updates concern ALL (or most?) intel processors, not just the newest ones quoted above, those are just the newest ones for which updates were released recently
     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Are there any active attacks going on because of these chip problems on people at home or would it be on the server end.
     
  7. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    512
    Location:
    Bulgaria
    From what I read a few days ago there's a PoC already:

    https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/
     
  8. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    https://www.chromium.org/Home/chromium-security/ssca
     
  9. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Does Google Chrome stop all spectre and meltdown attacks. Does Chrome also stop all the other chip problems that have been discovered since spectre.
     
  10. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Meltdown was more like OS level threat than browser threat.
    Spectre and other Spectre-like vulnerabilities - they do have some mitigations and Site Isolation feature to make it harder for adversary to do that type of attack and reduce the scope of memory that can be read by these kind of attack. You need CPU-level (microcode updates) and OS-level fixes to make Site isolation effective in mitigating (not stopping completely) impact of these kind of attacks.
    TLTR Meltdown - yes. Spectre no - they are just mitigating that.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
  12. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    I tried to install the updated Microcode kb4589212-v2 as Microsoft recommended, but it said the update was already installed. As far as I can tell from the literature, there were no changes for my version of Skylake.

    I haven't noticed any performance slowdowns with or without the mitigations, but my system is a pretty low-end i3 which is going to be fairly slow either way.
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "AMD admits Ryzen 5000 CPU exploit could leave your PC open to hackers

    Zen 3's PSF branch prediction means your system could be left wide open to virtual attacks.

    AMD's Zen 3 CPU architecture may, according to AMD itself, include a feature that could be exploited by hackers in a Spectre-like side channel attack..."

    https://www.pcgamer.com/amd-zen-3-psf-exploit-hack/
     
    Last edited by a moderator: Apr 21, 2021
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Computer scientists discover new vulnerability affecting computers globally

    A team of computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.

    The team reported its discovery to international chip makers in April and will present the new challenge at a worldwide computing architecture conference in June.

    ...Found a whole new way for hackers to exploit something called a "micro-op cache," which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process...

    ...Hackers can steal data when a processor fetches commands from the micro-op cache...

    Because all current Spectre defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat's team's new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors..."

    https://www.sciencedaily.com/releases/2021/04/210430165903.htm
     
    Last edited: Apr 30, 2021
  15. guest

    guest Guest

    A new method to protect WebAssembly against Spectre attacks
    August 11, 2021
    https://techxplore.com/news/2021-08-method-webassembly-spectre.html
     
  16. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  18. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    512
    Location:
    Bulgaria
    Boffins find if you torture AMD Zen+, Zen 2 CPUs enough, they are vulnerable to Meltdown-like attack

    https://www.theregister.com/2021/08/30/amd_meltdown_zen/
     
  19. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
  23. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    Thanks!
    That article puts things in perspective. :)
    I'm running Firefox, so this one won't hurt me (for now), I guess.
    I must admit, I'm vulnerable to Spectre and Meltdown attacks, because I've turned off the mitigations in /etc/default/grub:
    Code:
    GRUB_CMDLINE_LINUX_DEFAULT="quiet splash mitigations=off"
    I don't like the performance hit on my old Haswell processor. :(
     
  24. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Besides, site isolation (=Fission) is now enabled in Firefox as well, not only in Chrome as the article suggests.
     
  25. nicolaasjan

    nicolaasjan Registered Member

    Joined:
    Sep 23, 2018
    Posts:
    881
    Location:
    The Netherlands
    Are different tabs belonging to the same site also isolated from each other?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.