'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

reasonablePrivacy · Jun 22, 2019

Floyd 57 said: ↑

No one's forcing you to buy intel , the new amd 3000 ryzen cpus are looking pretty damn good and are less affected by the various vulnerabilities as far as I've read (tho don't take my word for it)

The new 3200G with 4c/4t is starting at only $99 - https://www.pcgamer.com/amd-ryzen-3000-release-date-price-specs/
Click to expand...

I think it is right thing to do in this situation. These new processors for desktop PC's are going to be launched soon, but unfortunately one need to wait for 3rd gen Ryzen laptops a lot more.

Floyd 57 · Jun 22, 2019

reasonablePrivacy said: ↑

I think it is right thing to do in this situation. These new processors for desktop PC's are going to be launched soon, but unfortunately one need to wait for 3rd gen Ryzen laptops a lot more.
Click to expand...

Or, instead of paying for the stupid laptops that are uncomfortable, mostly unupgradable, and just inferior in every possible way to a real pc, not to mention the price, asides from the fact they have battery, you can use the so-called desktop carrying cases, there are many variants and they're relatively cheap, here's an example:

https://images-na.ssl-images-amazon.com/images/I/51J3pWyOh3L._SL1001_.jpg
https://images-na.ssl-images-amazon.com/images/I/51RllKjpiZL._SL1001_.jpg
https://images-na.ssl-images-amazon.com/images/I/61gTdOZ-RaL._SL1001_.jpg
https://images-na.ssl-images-amazon.com/images/I/61B2X4DSWiL._SL1001_.jpg

Ofc, that might weight a bit more than a laptop, but that doesn't matter cuz you'll get stronger by carrying it and you'll build big muscles, until eventually you don't even FEEL the weight of the bag

reasonablePrivacy · Jun 22, 2019

Actually I train myself and I am considering myself relatively strong compared to general population. Anyway I need laptop. Period.

BoerenkoolMetWorst · Jun 22, 2019

reasonablePrivacy said: ↑

They should support older generations such as Sandy Bridge until they release fully fixed processors. What they are thinking? Are they thinking it is ok to force security-conscious customers to buy current gen processors, that are known to be vulnerable?
Click to expand...

Actually it is MS that does not support Sandy Bridge, Intel stopped supporting Arrandale (1st gen) this year, but still released microcode updates for Sandy Bridge (2nd gen).

Floyd 57 · Jun 22, 2019

BoerenkoolMetWorst said: ↑

Actually it is MS that does not support Sandy Bridge, Intel stopped supporting Arrandale (1st gen) this year, but still released microcode updates for Sandy Bridge (2nd gen).
Click to expand...

How do you know that?

BoerenkoolMetWorst · Jun 22, 2019

Floyd 57 said: ↑

How do you know that?
Click to expand...

You can check it here:
Code:
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Also, my Linux system with Sandy Bridge CPU did receive the microcode update.

guest · Aug 6, 2019

Manage Speculative Execution Settings Script for Windows
August 6, 2019
https://www.ghacks.net/2019/08/06/manage-speculative-execution-settings-script-for-windows/

Manage Speculative Execution Settings Script is a batch file for Microsoft Windows devices to check and manage the Speculative Execution Protection status on the system.
You can download the latest version of the script from Majorgeeks; just extract it after the download to get started. You can open the batch file in a plain text editor to verify that it is safe. Note that you need to run the batch file with administrative privileges.

You may use the script to enable or disable certain protections. Note that you may need a certain Windows patch level to protect against certain attack variants.
One of the downsides of using the script is that it does not highlight if certain protections are enabled or disabled in the main menu. You need to verify the status first before you make a decision.
Click to expand...

guest · Aug 6, 2019

Microsoft, Linux Vendors Fix New SWAPGS Vulnerability in Intel CPUs
August 6, 2019
https://www.bleepingcomputer.com/ne...s-fix-new-swapgs-vulnerability-in-intel-cpus/

Both Microsoft and Redhat have released advisories about a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.
This would allow malware running without elevated privileges to potentially read data from memory being used by a Windows or Linux kernel.

"To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application," Microsoft explained in their advisory."The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further."
In a statement from Intel, BleepingComputer was told that these vulnerabilities would be more thoroughly disclosed in a new paper being published by Bitdefender called "Security Implications of Speculatively Executing Segmentation Related Instructions on Intel CPUs".

“On August 6th, researchers from BitDefender published a paper entitled “Security Implications of Speculatively Executing Segmentation Related Instructions on Intel CPUs”. As stated in their paper, Intel expects that exploits described by the researchers are addressed through use of existing mitigation techniques. [...]"
Click to expand...

Red Hat releases advisory
Red Hat has also released an advisory regarding this latest Spectre variant titled "CVE-2019-1125: Spectre SWAPGS gadget vulnerability".
Red Hat users can fix this vulnerability by updating the kernel and installing the latest microcode updates.
Click to expand...

guest · Aug 6, 2019

mood said: ↑

Microsoft, Linux Vendors Fix New SWAPGS Vulnerability in Intel CPUs
August 6, 2019
https://www.bleepingcomputer.com/ne...s-fix-new-swapgs-vulnerability-in-intel-cpus/
Click to expand...

Bitdefender's dedicated SWAPGS page
Bitdefender: Bypassing KPTI Using the Speculative Behavior of the SWAPGS Instruction

Speculative execution allows the CPU to execute instructions before knowing whether the results are required.
Mitigations for this class of vulnerabilities are tricky to implement. They generally fall into three categories: hardware fixes, software mitigations or microcode mitigations. All previously exposed side-channel attacks are mitigated by at least one of the three approaches.

In a technical whitepaper published today, Bitdefender researchers describe the SWAPGS Attack. The attack is a novel approach of leaking sensitive information from the kernel since it bypasses all known side-channel attack mitigation techniques.
This is achieved by abusing the fact that SWAPGS instruction can be executed speculatively. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address.
Click to expand...

guest · Oct 2, 2019

Intel proposes new SAPM memory type to protect against Spectre-like attacks
New CPU memory type proposed. No silicon prototype. Just a research paper and a lot of hope
October 1, 2019
https://www.zdnet.com/article/intel...type-to-protect-against-spectre-like-attacks/

Intel published last week a research paper detailing a new type of computer memory that was specifically designed to safeguard against speculative execution side-channel attacks, such as Meltdown, Spectre, L1TF, SGXSpectre, SWAPGSAttack, Zombieload, MDS, and others.
ENTER SAPM
They said they started working on SAPM as an alternative to the current hardware and software-level mitigations.
Intel STORM researchers say SAPM will implement protections at the hardware level and will work with both physical and virtual memory addresses.
SAPM IS FUTURE-PROOF
Researchers say their "proposal provides more flexibility to software" by moving most of the mechanism that prevents speculative execution attacks at the hardware level.

"Although the performance cost for each memory access to SAPM is relatively big, considering such operations shall only be a very small portion of the total software execution, the overall performance overhead is expected to be low and potentially less than the performance impact of current mitigations," researchers said.
Click to expand...

The SAPM technical details are available here.
Click to expand...

HempOil · Oct 29, 2019

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer
Speculative execution bugs will be with us for a very long time
October 29, 2019
https://www.theregister.co.uk/2019/10/29/running_on_intel_disable_hyper_threading_says_linux_kernel_maintainer/

Open BSD was right, he said. "A year ago they said disable hyper-threading, there's going to be lots of problems here. They chose security over performance at an earlier stage than anyone else. Disable hyper-threading. That's the only way you can solve some of these issues. We are slowing down your workloads. Sorry."
Click to expand...

HempOil · Nov 5, 2019

Intel vs AMD Processor Security: Who Makes the Safest CPUs?
Who has the most secure processors, AMD or Intel?
November 4, 2019
https://www.tomshardware.com/features/intel-amd-most-secure-processors

Intel currently has 242 publicly disclosed vulnerabilities, while AMD has only 16 (a 15:1 difference in AMD’s favor)
Click to expand...

guest · Nov 12, 2019

A new ‘Zombieload’ flaw hits Intel’s newest Cascade Lake chips
Time to reset your “days since last major chip vulnerability” counter back to zero
November 12, 2019
https://techcrunch.com/2019/11/12/intel-cascade-lake-zombieload/

Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake.
Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

It was believed later chip architectures, like Cascade Lake, were toughened against speculative execution attacks, while Intel rolled out software patches to reduce the attack surface.
Neither of the other vulnerabilities in the same family as Zombieload — notably Fallout and RIDL — work on Cascade Lake, they added.
But the researchers said that Intel’s efforts to change the chip design in Cascade Lake are “not sufficient” to protect against these kinds of side-channel attacks.

Intel released patches again for its vulnerable chips on Tuesday, acknowledging that its newest chips are vulnerable to the newest Zombieload variant.
But the chip making giant recognizes that the mitigations “may not completely prevent the inference of data through a side channel using these techniques.”
Click to expand...

BoerenkoolMetWorst · Nov 12, 2019

And there is another one..
And not just in Cascade Lake either:
https://software.intel.com/security...achine-check-error-avoidance-page-size-change

guest · Nov 12, 2019

MDS: Microarchitectural Data Sampling
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs
https://mdsattacks.com/

New (Nov 12): TAA and other RIDL issues now public (see also addendum)
Click to expand...

TAA and other RIDL issues
On Nov 12, 2019, we (VUSec) disclose TSX Asynchronous Abort (TAA), a new speculation-based vulnerability in Intel CPUs as well as other MDS-related issues, as described in our new RIDL addendum. In reality, this is no new vulnerability. We disclosed TAA (and other issues) as part of our original RIDL submission to Intel in Sep 2018. Unfortunately, the Intel PSIRT team missed our submitted proof-of-concept exploits (PoCs), and as a result, the original MDS mitigations released in May 2019 only partially addressed RIDL. You can read the full story below.
[...]
Timeline - November 12, 2019
Public disclosure of more RIDL-related issues
Details about issues such as TAA that have been embargoed for more than a year, are now public. The embargoed material has been added to the RIDL paper by means of an addendum.
Click to expand...

HempOil · Nov 13, 2019

Still no MDS firmware patch incorporated into Windows 10, and I just upgraded to v1909. I don't understand why MS hasn't taken Intel's code and pushed it out ~5 months after it was released?!?!

BoerenkoolMetWorst · Dec 15, 2019

HempOil said: ↑

Still no MDS firmware patch incorporated into Windows 10, and I just upgraded to v1909. I don't understand why MS hasn't taken Intel's code and pushed it out ~5 months after it was released?!?!
Click to expand...

Did the upgrade to 1909 retain the MDS Microcode update?
Still no mention for a separate download for 1909, only older versions, this is crazy:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates

HempOil · Dec 16, 2019

BoerenkoolMetWorst said: ↑

Did the upgrade to 1909 retain the MDS Microcode update?
Still no mention for a separate download for 1909, only older versions, this is crazy:
https://support.microsoft.com/en-us/help/4093836/summary-of-intel-microcode-updates
Click to expand...

I should have specified that I'm waiting for the MDS fix for a Sandy Bridge-era CPU. However, I did check whether it was fixed after upgrading to 1909 and it was not. I've pretty much lost any hope that MS is going to release the Intel fix in Windows.

BoerenkoolMetWorst · Dec 17, 2019

HempOil said: ↑

I should have specified that I'm waiting for the MDS fix for a Sandy Bridge-era CPU. However, I did check whether it was fixed after upgrading to 1909 and it was not. I've pretty much lost any hope that MS is going to release the Intel fix in Windows.
Click to expand...

Ah thanks anyway for replying. I can't check it myself as my Windows machine still got a bios update with the MDS microcode, so it will work regardless of MS in 1909.
It is indeed a shame that MS doesn't seem to care about these fixes.

BoerenkoolMetWorst · Jan 16, 2020

There's a vulnerability in built in Intel Graphics in 3rd gen iCPU's and up, though not much info on it:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html

reasonablePrivacy · Jan 17, 2020

Red Hat Recommends Disabling The Intel Linux Graphics Driver Over Hardware Flaw

The contents of CVE-2019-14615 are still marked private, but the Red Hat Customer Portal has opened their guidance on this graphics flaw. Red Hat rates this CVE as having moderate impact.
[..]
Granted, Red Hat Enterprise Linux is largely used on servers where graphics aren't utilized but this would also lose out on any OpenCL support and yes generally cause a loss in power savings and not to mention hurt those running RHEL on workstations with Intel graphics.
Click to expand...

reasonablePrivacy · Jan 17, 2020

I use 15.33.*.* series driver for 3rd gen Core hardware (though device manager reports 10.18.*.*). Intel recommends updating to "15.33.x.5122 or higher" but I see only 15.33.49.5100 (released 1/10/2020) and older versions on their download page. What should I do?

BoerenkoolMetWorst · Jan 17, 2020

reasonablePrivacy said: ↑

I use 15.33.*.* series driver for 3rd gen Core hardware (though device manager reports 10.18.*.*). Intel recommends updating to "15.33.x.5122 or higher" but I see only 15.33.49.5100 (released 1/10/2020) and older versions on their download page. What should I do?
Click to expand...

Same here. Though it is curious that 15.33.49.5100 is released so recently, as they haven't released any other update since May 2019.

reasonablePrivacy · Jan 19, 2020

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

guest · Jan 27, 2020

Intel is patching its Zombieload CPU security flaw for the third time
Security researchers say the company needs to change its approach
January 27, 2020
https://www.engadget.com/2020/01/27/intel-third-mds-patch/

For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors. On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws.
This latest update comes after the company released two separate patches in May and November of last year.

Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. To start, one of the vulnerabilities, L1DES, doesn't work on Intel's more recent chips. Moreover, a hacker can't execute the attack using a web browser. Intel also says it's "not aware" of anyone taking advantage of the flaws outside of the lab.
However, like when the company issued its second MDS patch in November, security researchers are criticizing Intel for its piecemeal approach.

"We spent months trying to convince Intel that leaks from L1D evictions were possible and needed to be addressed," the international team of computer scientists that discovered the flaw wrote on their website.
Click to expand...

Intel: IPAS: INTEL-SA-00329

Today we released INTEL-SA-00329, Intel® Processors Data Leakage Advisory concerning two vulnerabilities that were publicly disclosed by researchers. As part of our commitment to transparency, the advisory has been released before our planned mitigations can be made available and we expect to release mitigations through our normal Intel Platform Update (IPU) process in the near future.
Click to expand...

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

reasonablePrivacy Registered Member

Floyd 57 Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

Floyd 57 Registered Member

BoerenkoolMetWorst Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

HempOil Registered Member

HempOil Registered Member

guest Guest

BoerenkoolMetWorst Registered Member

guest Guest

HempOil Registered Member

BoerenkoolMetWorst Registered Member

HempOil Registered Member

BoerenkoolMetWorst Registered Member

BoerenkoolMetWorst Registered Member

reasonablePrivacy Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

reasonablePrivacy Registered Member

guest Guest

Log in or Sign up

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

reasonablePrivacy Registered Member

Floyd 57 Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

Floyd 57 Registered Member

BoerenkoolMetWorst Registered Member

guest Guest

guest Guest

guest Guest

guest Guest

HempOil Registered Member

HempOil Registered Member

guest Guest

BoerenkoolMetWorst Registered Member

guest Guest

HempOil Registered Member

BoerenkoolMetWorst Registered Member

HempOil Registered Member

BoerenkoolMetWorst Registered Member

BoerenkoolMetWorst Registered Member

reasonablePrivacy Registered Member

reasonablePrivacy Registered Member

BoerenkoolMetWorst Registered Member

reasonablePrivacy Registered Member

guest Guest

Useful Searches