Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack

naib

naib

[H]ard|Gawd
Joined
Jul 26, 2013
Messages
1,289
https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/


The Zombieload vulnerability disclosed earlier this year in May has a second variant that also works against more recent Intel processors, not just older ones, including Cascade Lake, Intel's latest line of high-end CPUs -- initially thought to have been unaffected.

Intel is releasing microcode (CPU firmware) updates today to address this new Zombieload attack variant, as part of its monthly Patch Tuesday -- known as the Intel Platform Update (IPU) process.




How many are we upto now? what is the total impact of all mitigation activated?
 
380bqt43aty21.jpg
 
Another day, another Intel vulnerability...

I wonder how many vulnerabilities that is for my X58 system now since it doesn't have any of the BIOS fixes.
 
thesmokingman said:
Intel is the market leader here.
Click to expand...
Until Intel releases a totally new architecture, that has plugged the current architectural design holes... This is going to keep happening, over and over again. It's amazing how little coverage Intel is getting concerning this stuff. IIRC they are being sued and it's a class action (or series of them) lawsuit. All these flaws that continue to effect every iteration of their processors leading up to 10 and 7 nm can only help the lawsuits side against them. Makes you wonder how many of these vulnerabilities Intel will carry over with them to their new designs...

Loved the comment by the way, market leaders in security holes indeed!
 
Dam it, why did AMD not have X570 micro-atx when I was buying.
 
Last edited:
naib said:
https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/


The Zombieload vulnerability disclosed earlier this year in May has a second variant that also works against more recent Intel processors, not just older ones, including Cascade Lake, Intel's latest line of high-end CPUs -- initially thought to have been unaffected.

Intel is releasing microcode (CPU firmware) updates today to address this new Zombieload attack variant, as part of its monthly Patch Tuesday -- known as the Intel Platform Update (IPU) process.




How many are we upto now? what is the total impact of all mitigation activated?
Click to expand...

tried using a calculator to determine keep getting out of memory errors
 
Legendary Gamer said:
Until Intel releases a totally new architecture, that has plugged the current architectural design holes ...
Click to expand...

Security holes that were more likely to be a thing with a design that was used to make their product faster.

Legendary Gamer said:
IIRC they are being sued and it's a class action (or series of them) lawsuit. All these flaws ...
Click to expand...

Hopefully any lawsuits allege that Intel designed a product that, as the 'world leader', they should have known would be more susceptible to attempts to bypass security.

I would very much like to get to the bottom of that design decision to see if there was poor judgement just to chase dollars, since to begin with the 'world leader' & speed titles everyone likes to throw around is based on designs paid for by R&D money earned through decisions that were later deemed illegal and anti-competitive.

It would be irony at its best if a similar decision making process was followed, to pursue speed at all costs even security, and these are the results. :)

Just my own wild theory of course, but plausible in these times when corporations are treated as people and allowed to regulate themselves and the shareholder, is the true customer. Enabled entitlement throughout some companies, and that leads to bad decisions.

Legendary Gamer said:
Makes you wonder how many of these vulnerabilities Intel will carry over with them to their new designs ...
Click to expand...

It does make one wonder, and this I have not seen a lot of chatter about, surprisingly. But I also don't go looking for it, so maybe it's out there!

Is Intel the 'world leader' only because of the speed/performance that speculative execution (the root for most of these vulnerabilities) allows their product to achieve??
Are they (spoiler; yes, of course they are we all know it! :banghead:) trying to rework their usage of speculative execution to be more secure, fixing the known (and unknown) vulnerabilities?

Of course, they'll rename the feature if they continue using it to mitigate complaints, but I foreshadow many people will remain willing and passive zombies to those shenanigans and any meltdowns will be labeled as triggered AMD users. :ROFLMAO:

I do not stay up to date on processor news/rumours, am not educated at any level in architecture design, but these are the questions I've wondered the past several years...some may be answered, some may be way out there, but they are just questions based on what I see...

What will happen to Intel CPU performance if they remove features designed around speculative execution entirely? We've seen the hit these security patches can cause, and depending on workload it's massive, but when compared to beating AMD by a few percentage points without the patches any interested party should have questions.

Possibly going to dump several billion dollars into an interest earning account to cover future lawsuits and just profit until then?
Then side-step responsibility and blinded or pro-Intel consumers allow them to get away with it, again?

If Intel decided to spend money to hire the right people to redesign their architecture entirely to maintain their position without 'cheating the system', I feel they have a chance to right the ship.
Though if this decision was only made recently, it'll take several years for the work to pay off.

If instead, they decided on the quickest solution, they just dug themselves a very big hole.
One would hope that as a company looking to make money, they made the right decision.

That's also my theory on 10nm as I don't buy-in to their full explanation of troubles they had shrinking to it, I bet they knew they would be eaten alive if speculative execution attacks continued to be discovered, and intentionally allowed 10nm to torpedo, but for shareholder confidence, fixed a few issues and released in limited quantities anyway and to try to save a little face.

But who knows... :)
 
The way the naming conventions are going with these vulnerabilities... Can we expect "DeadHookerStorage V1,2 &3"? Lol. I especially enjoyed the "Ryzenfall" horseshit that came out after the Ryzen processors were released.

Kind of sad that I am still rocking Intel as my main system...

Sweet mother of god... https://www.tomshardware.com/news/i...ities-in-cascade-lake-chips-and-a-new-jcc-bug

More bugs and ones that Intel has known about for over a year... Expected to be present in processors that have yet to be released... This is starting to get ridiculous.
 
Last edited:
https://www.phoronix.com/scan.php?page=news_item&px=Linux-Disabling-HPET-CoffeeLake

"Intel engineers have attributed the high precision event timer issue on Coffee Lake to being a firmware problem, but due to the problem being prevalent enough, the Linux kernel is force disabling HPET for all Coffee Lake systems (0x3ec4).

This isn't the first time the Linux kernel has resorted to force disabling HPET but previously they did so for Intel Bay Trail systems over accuracy issues with it halting in deep idle states."
 
  • Like
Reactions: dgz
like this
The Gaming Performance Impact From The Intel JCC Erratum Microcode Update


"This morning I provided a lengthy look at the performance impact of Intel's JCC Erratum around the CPU microcode update issued for Skylake through Cascade Lake for mitigating potentially unpredictable behavior when jump instructions cross cache lines. Of the many benchmarks shared this morning in that overview, there wasn't time for any gaming tests prior to publishing. Now with more time passed, here is an initial look at how the Linux gaming performance is impacted by the newly-released Intel CPU microcode for this Jump Conditional Code issue."
 
OrangeKhrush said:
i read that as Zombieland and got excited, then re-read it and was disappointed. Where is Juanrga when you need good damage control
Click to expand...
Lol someone needs to make a shitty Intel vulnerability zombie game!

I'd say Epyc Rome has driven him back to the sea from whence he came, no prediction threads this time...

And this ladies and gentlemen, is how they can claim an 18% IPC gain. Because when you lose 20%+ in some workloads with all the security speed cheats/vulnerabilities... And they mitigate some.. Yeah. It's funny selling lost performance as new again, what a clusterfuck.
 
Last edited:
At least my 4790k is free from zombieload, thanks to Intel breaking TSX instructions their first go-round:(

But Haswell-E has the fix, so there's a lot of Enthusiast/server gear that's going to be impacted!
 
You must log in or register to reply here.
Back
Top