A Massive Intel Hardware Bug May Be on the Horizon

[thesmokingman]

These are highly complex systems. Even in highly hardened validated software we expect 0-days to come along every now and then. This obviously was not as simple of an exploit as you suggest, or it wouldn't have taken over 20 years for someone to find it.

Don't get me wrong, I am highly skeptical of Intel and their practices, but in this particular instant it doesn't reek of intent to me.

Intent to do what exactly? Clearly waiting for ring3 to clear security clearance is slower than just speculatively allowing it to bypass security checks and directly access kernel mode is fastest. What is the intent there?

 

[BinarySynapse]

Intent to do what exactly? Clearly waiting for ring3 to clear security clearance is slower than just speculatively allowing it to bypass security checks and directly access kernel mode is fastest. What is the intent there?

The security checks still happen. And the speculated execution path that violates access gets discarded. It's just that the data cache isn't always restored to a pre-speculation state, and the right combination of instructions in both processes creates a perfect storm situation that allows data to be seen where it shouldn't. 1,500 bytes per second in a memory system capable of 25GB/s or more means it's taking a lot of work to get the CPU to spill it's guts.

And from the sounds of it, every CPU is going to take a different strategy due to differences in the branch predictors.

 

[cybereality]

It looks like all of AMD's AM4 mini-itx boards are complete garbage..

I'm using the ASRock Fatal1ty AB350 in my latest machine. Seems pretty good so far (full disclosure: did have some freezing, but I suspect it was software related).
https://www.asrock.com/MB/AMD/Fatal1ty AB350 Gaming-ITXac/index.asp

 

[OrangeKhrush]

Let us summarize:

1. There are a huge security problem split into three known variants. Those variants are collected into two codenames: Spectre and Meltdown.
2. Spectre is confirmed to affect CPUs from AMD, ARM, and Intel.
3. Meltdown is confirmed to affect CPUs from Intel. The situation with AMD and ARM CPUs "is unclear".

But your boy Ryan Shrout posted google verbatim.

Near zero, that is like yeah there may be some chance but Intel on the other hand is 100% at risk in all three variants, bet those investors just love cyber criminals stealing billions annually and now they know why.

So sum it up like this, if Intel are found guilty of knowingly short cutting security to boost performance then well they are liable for all loss suffered, the ramifications are unknown but investor confidence, consumer confidence will take a massive hit.

 

[cybereality]

However. fear not. if you're the technically savvy non-lazy type then this will never affect you.

Says the hacker trying to steal your bitcoins.

 

[Uvaman2]

The security checks still happen. And the speculated execution path that violates access gets discarded. It's just that the data cache isn't always restored to a pre-speculation state, and the right combination of instructions in both processes creates a perfect storm situation that allows data to be seen where it shouldn't. 1,500 bytes per second in a memory system capable of 25GB/s or more means it's taking a lot of work to get the CPU to spill it's guts.

And from the sounds of it, every CPU is going to take a different strategy due to differences in the branch predictors.

So sounds more complicated than what you average hacker can do? So maybe the fear is more about state actors? You know Russians in North Korea or Koreans in Russia or something like that.

 

[OrangeKhrush]

BENSALEM, Pa.--(BUSINESS WIRE)--Law Offices of Howard G. Smith announces an investigation on behalf of Intel Corporation (“Intel” or the “Company”) (NASDAQ: INTC) investors concerning the Company and its officers’ possible violations of federal securities laws.

INTC INVESTOR ALERT: Law Offices of Howard G. Smith Commences Investigation on Behalf of Intel Corporation Investors

Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock

To much lol, couldn't happen to a nicer corporate. I think Intels ability to pay themselves out of court is fast fading.

 

[thesmokingman]

So sounds more complicated than what you average hacker can do? So maybe the fear is more about state actors? You know Russians in North Korea or Koreans in Russia or something like that.

It's a contradiction, if it was so hard we wouldn't be here as the sky is falling on Intel.

 

[Uvaman2]

It's a contradiction, if it was so hard we wouldn't be here as the sky is falling on Intel.

Good point.

 

[thesmokingman]

Good point.

lolz

for the lolz

Meltdown/spectre: we had a nuclear reactor accident twenty years ago and just found it uhhhh yeah good luck

 

[cybereality]

Wow, everyone is fucked.

Welcome to 2018.

 

[OrangeKhrush]

Juan will spin this into AMD's near Zero risk being worse than Intel's 100% risk. Even then AMD's type 1 fix is software, Intels is hardware change. I guess all those datacenters and cloud servers will will replace with safer hardware.

 

[OrangeKhrush]

https://www.theregister.co.uk/2018/01/04/intels_spin_the_registers_annotations/

 

[extide]

Juan will spin this into AMD's near Zero risk being worse than Intel's 100% risk. Even then AMD's type 1 fix is software, Intels is hardware change. I guess all those datacenters and cloud servers will will replace with safer hardware.

Actually, for intel/spectre 1 the fix is software too (they mentioned this on their conf call, software and microcode) AMD will also require a software + microcode fix here. AMD could possibly be affected by spectre 1 in windows, that was not confirmed or denied by the tests on google's blog post, they only tested linux. They never tested windows on AMD OR Intel hardware.
As far as spectre 2, it hasn't been demonstrated on AMD yet but even AMD isn't claiming that it is not vulnerable. (For attack 3 they say straight out, not vulnerable, whereas attack 2 they say near zero. If it was actually zero, they would say it just like they did on 3) If spectre 2 is vulnerable on AMD it appears to be much more difficult, at the very least.

I assume we will get confirmation on these unknowns over the next few days as people mess around with this stuff.

Definitely really bad for Intel (they were really cagey on the call when asked about 'potential financial losses,' heh, but I wouldn't say AMD is completely in the clear either. Absolutely in a better spot, though.

EDIT: if you read the Spectre whitepaper they actually confirm that spectre 1 is doable on Linux AND Windows on AMD AND Intel.

Experiments were performed on multiple x86 processor architectures, including Intel Ivy Bridge (i7-3630QM), Intel Haswell (i7-4650U), Intel Skylake (unspecified Xeon on Google Cloud), and AMD Ryzen. The Spectre vulnerability was observed on all of these CPUs. Similar results were observed on both 32- and 64-bit modes, and both Linux and Windows

 

[Meeho]

So sounds more complicated than what you average hacker can do? So maybe the fear is more about state actors? You know Russians in North Korea or Koreans in Russia or something like that.

When the above average hackers write the tools, every basic script kiddie will be able to do damage.

Do you have any particular reason to believe that they themselves were aware that their method of speculative execution was vulnerable this entire time?

I don't question that Krasnick didn't know when he sold his stock. He must have, given how long this recent patching frenzy has been going on for, but you suggest they were aware since day one in - what - 1996? It could have been a simple error. We all know our software and hardware are all full of these 0 days waiting to be exploited.

Google reported it to them at least as early as June 2017. and it was supposed to go public next week, so him selling all he could in November looks very bad.

 

[BitMaster]

Intel has successfully taken the torch from Volkswagen for being the biggest cheaters under the sun.

I have a "few" CPU's too, all Intel i7's, from 1st to 8th gen ! Where is my refund ?

 

[Meeho]

Actually, for intel/spectre 1 the fix is software too (they mentioned this on their conf call, software and microcode)

Isn't that on a per program basis, or even per specific program exploit, though? There is no an all-encopassing solution and it probably won't get fixed any time soon or potentially not at all until CPU hardware changes.

 

[Shintai]

Google reported it to them at least as early as June/July 2017. and it was supposed to go public next week, so him selling all he could in November looks very bad.

Would love to see the same actions against other companies then. Let me just mention a few products like FX, Vega, EPYC, SnapDragon etc and the huge selloff by some VPs and CEOs.

The problem lies in these people are paid by a large amount in stocks to cloud their actual wages.

 

[Meeho]

Would love to see the same actions against other companies then. Let me just mention a few products like FX, Vega, EPYC, SnapDragon etc and the huge selloff by some VPs and CEOs.

The problem lies in these people are paid by a large amount in stocks to cloud their actual wages.

I have no problem in making them all "burn" if found guilty. I don't think there are many "we're hiding a nuclear bomb of a fault so I'll cash out before they find out" cases, though.

 

[OrangeKhrush]

Actually, for intel/spectre 1 the fix is software too (they mentioned this on their conf call, software and microcode) AMD will also require a software + microcode fix here. AMD could possibly be affected by spectre 1 in windows, that was not confirmed or denied by the tests on google's blog post, they only tested linux. They never tested windows on AMD OR Intel hardware.
As far as spectre 2, it hasn't been demonstrated on AMD yet but even AMD isn't claiming that it is not vulnerable. (For attack 3 they say straight out, not vulnerable, whereas attack 2 they say near zero. If it was actually zero, they would say it just like they did on 3) If spectre 2 is vulnerable on AMD it appears to be much more difficult, at the very least.

I assume we will get confirmation on these unknowns over the next few days as people mess around with this stuff.

Definitely really bad for Intel (they were really cagey on the call when asked about 'potential financial losses,' heh, but I wouldn't say AMD is completely in the clear either. Absolutely in a better spot, though.

It seems like these investigations have been ongoing some time now with very little to no implications of severe breaches by AMD hardware, notably the Zen uarch seems more secure with inference drawn to out of order access being the reason and AMD doesn't utilise that. I agree that near zero is not zero but it seems to be that many flags may actually be false positives. Further AMD have confirmed they were aware of these x86 intrusions in the building of the Zen uarch and maybe just had planned for it in advance.

in terms of transparency AMD have stuck by their guns, Intel have flaked.

As for patching as long as there is no blanket code that treats AMD like Intel that is great, it will mean that AMD can maintain performance without the hard code penalties implemented on Intel hardware.

 

[Shintai]

I have no problem in making them all "burn" if found guilty. I don't think there are many "we're hiding a nuclear bomb of a fault so I'll cash out before they find out" cases, though.

It didn't change much on the stock side. And the stock is still up 35% or so last 3 months or so.

 

[OrangeKhrush]

It didn't change much on the stock side. And the stock is still up 35% or so last 3 months.

There has been no official release on the effects, if it turns out to be bad, that 35 will be gone inside a few hours.

 

[extide]

Isn't that on a per program basis, or even per specific program exploit, though? There is no an all-encopassing solution and it probably won't get fixed any time soon or potentially not at all until CPU hardware changes.

I'm not entirely sure. It seems like the patches coming out for Spectre will reduce/eliminate some attacks but not all of them? Maybe eliminate Spectre 1 but not 2? I'm not sure.

It seems like these investigations have been ongoing some time now with very little to no implications of severe breaches by AMD hardware, notably the Zen uarch seems more secure with inference drawn to out of order access being the reason and AMD doesn't utilise that. I agree that near zero is not zero but it seems to be that many flags may actually be false positives. Further AMD have confirmed they were aware of these x86 intrusions in the building of the Zen uarch and maybe just had planned for it in advance.

in terms of transparency AMD have stuck by their guns, Intel have flaked.

As for patching as long as there is no blanket code that treats AMD like Intel that is great, it will mean that AMD can maintain performance without the hard code penalties implemented on Intel hardware.

I updated my previous post, if you read the Spectre whitepaper the researchers were actually able to exploit Spectre 1 on AMD Ryzen in Windows and Linux. (Page 6, section 4.1) They did not mention whether or not they needed the BPF JIT enabled in Linux, though.

 

[Shintai]

There has been no official release on the effects, if it turns out to be bad, that 35 will be gone inside a few hours.

There have been plenty of tests. You can even test it yourself on your desktop today. For consumers the impact is ~0% as said before.

 

[Meeho]

It didn't change much on the stock side. And the stock is still up 35% or so last 3 months.

That doesn't makes a difference for him being guilty or not. And stock took a dive after the news broke. Lawsuits are already being announced.

 

[Shintai]

That doesn't makes a difference for him being guilty or not. And stock took a dive after the news broke. Law suits are already being announced.

There is only one isnt there and it may be more a cowboy lawyer. The big problem for them is the stock is up lately by a lot. Its a loser case, just as the hyped products from AMD got their stock up and the VPs/CEO sold off just before release and just before end of year.

He sold 24M$ worth of shares on Nov 29th.

https://www1.salary.com/Brian-M-Krzanich-Salary-Bonus-Stock-Options-for-INTEL-CORP.html

Close to 2/3rds of his wage is based in stocks.

 

[OrangeKhrush]

There have been plenty of tests. You can even test it yourself on your desktop today. For consumers the impact is ~0% as said before.

Is the consumer now the gamer? Gaming offers very little profits most go to console. The effects are to the billion dollar nugget, multi billion dollar nugget to be precise, that is HPC and enterprise markets. Just think that someone out there probably knows more about you than you actually want. The implications go well beyond frames per second here. Lets say terrorist wanted to use you as a buffer to plan attacks, use your information to pass messages, the feds investigate you being the distraction while they clean the messages trail. You end up on a black list to further their gains, we all know how safe Europe is. It is likely these attackers with the sickest intents know your passwords, your email details and likely use you as a catfish.

 

[Shintai]

Is the consumer now the gamer? Gaming offers very little profits most go to console. The effects are to the billion dollar nugget, multi billion dollar nugget to be precise, that is HPC and enterprise markets. Just think that someone out there probably knows more about you than you actually want. The implications go well beyond frames per second here. Lets say terrorist wanted to use you as a buffer to plan attacks, use your information to pass messages, the feds investigate you being the distraction while they clean the messages trail. You end up on a black list to further their gains, we all know how safe Europe is. It is likely these attackers with the sickest intents know your passwords, your email details and likely use you as a catfish.

PC is bigger market than consoles for gaming. And yes gaming is huge. Encoding, rendering, office products etc isnt affected too.

I know you had hoped for bigger drama...but here we are with your post starting to go elsewhere fast in search of it

 

[Brackle]

There have been plenty of tests. You can even test it yourself on your desktop today. For consumers the impact is ~0% as said before.

Funny you post a video by someone who you said was PRO-AMD and can't be trusted.

I guess he is only trust worthy when he fits your agenda.

Keep faking it up!

 

[OrangeKhrush]

PC is bigger market than consoles for gaming. And yes gaming is huge. Encoding, rendering, office products etc isnt affected too.

I know you had hoped for bigger drama...but here we are with your post starting to go elsewhere fast in search of it

Im sorry but who are you other than a resident forum user with very little information that seems to think the big deal google, MS et al have been kicking up on this is just "drama", maybe your hero corporate has jeopardised their product, resulting in losses, it seems also like Intel was aware of this and decided to roll the gamble.

as for rendering and office products, its funny how they have demonstrated how easily they can break encryption using a faux spectre intrusion, maybe your brand loyalty makes you see this as a non issue but those companies that have been hit by intrusions and hacks/ransomware are certainly a lot bigger than pasty salty dane that thinks gaming is a big market.

 

[Meeho]

There have been plenty of tests. You can even test it yourself on your desktop today. For consumers the impact is ~0% as said before.

A 23% reduction in the most important disk I/O on desktop. This is synthetic, but a demonstration of what use cases will be the most impacted.

And there is that pesky security issue others are pointing out.

 

[almalino]

At least Intel shares are not going down that indicates that people still have hope in Intel. I guess if gaming is not impacted I am not gona return my brand new i7-8700k yet. Also 32GB of RAM must be enough to minimize disk IO on my tasks as a developer. At least I hope so

 

[almalino]

Amazon was restarting all EC2 instances last 2 nights. So annoying. Damn you Intel

 

[scharfshutze009]

Man am I glad I got my Threadripper build done! WooHoo!

Good for you I've been building of Intel for years and I'm not about to go all AMD or Switch to AMD just because of one security flaw. I'm sure many others feel the same way too about Intel and if not whatever. Personally, I don't like how AMD markets and describes their products compared to Intel, so no switch for me. Despite if it may have affected Intel CPU, since 1995. I won't be jumping to Oracle Sparc or IBM's S390 either as they cost way to much for me just to buy the processors let alone a computer with one or more of their processors. I don't know how AMD could not be affected though considering it's an x86 processor. Also, as the article I've found stated they are working on a software patch, which is all I can say at this time in response. However, it's a good thing I haven't built any new systems based on Intel if this fact or rumor is true, but I wonder if it effects Intel's new scalable Xeon's based on the socket 3637.

All of this makes me feel as though Itanium's EPIC instruction set should have became mainstream years ago if it would have helped too, but things didn't work out that way because it seemed as though everyone complained that backwards compatibility would be lost and that all programs would have to be rewritten to take advantage of it and for whatever reason the switch to Itanium architecture wasn't practical or the best move as x86_65 or AMD64 won as the successor to x86, which puzzles me in regards to what my college academic adviors and Linux Instructor said being that Intel was junk compared to Sparc because it just patches the x86 instruction set when moving from older things such as 8-bit to 16-bit and 16-bit to 32-bit. Therefore, how was AMD's implementation of 64-bit from 32-bit not just a patch, like what Intel had done in the past from say things like 16-bit to 32-bit regards if that's getting kind of off topic and this is not in regards to this thread or the following like that I've found in regards to this topic and thread here:

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

 

[OrangeKhrush]

At least Intel shares are not going down that indicates that people still have hope in Intel. I guess if gaming is not impacted I am not gona return my brand new i7-8700k yet. Also 32GB of RAM must be enough to minimize disk IO on my tasks as a developer. At least I hope so

shares are down but the impact is pre-emptory now, if there are revelations that are somewhat damning like Intel knew and gambled on this, well then the investor confidence will take a massive knock

 

[Meeho]

Good for you I've been building of Intel for years and I'm not about to go all AMD or Switch to AMD just because of one security flaw. I'm sure many others feel the same way too about Intel and if not whatever. Personally, I don't like how AMD markets and describes their products compared to Intel, so no switch for me. Despite if it may have affected Intel CPU, since 1995. I won't be jumping to Oracle Sparc or IBM's S390 either as they cost way to much for me just to buy the processors let alone a computer with one or more of their processors. I don't know how AMD could not be affected though considering it's an x86 processor. All of this makes me feel as though Itanium's EPIC instruction set should have became mainstream years ago if it would have helped too, but things didn't work out that way because it seemed as though everyone complained that backwards compatibility would be lost and that all programs would have to be rewritten to take advantage of it and for whatever reason the switch to Itanium architecture wasn't practical

This has nothing to do with x86 backwards compatibility. It comes from poorly thought out performance optimizations.

 

[OrangeKhrush]

Good for you I've been building of Intel for years and I'm not about to go all AMD or Switch to AMD just because of one security flaw. I'm sure many others feel the same way too about Intel and if not whatever. Personally, I don't like how AMD markets and describes their products compared to Intel, so no switch for me. Despite if it may have affected Intel CPU, since 1995. I won't be jumping to Oracle Sparc or IBM's S390 either as they cost way to much for me just to buy the processors let alone a computer with one or more of their processors. I don't know how AMD could not be affected though considering it's an x86 processor. All of this makes me feel as though Itanium's EPIC instruction set should have became mainstream years ago if it would have helped too, but things didn't work out that way because it seemed as though everyone complained that backwards compatibility would be lost and that all programs would have to be rewritten to take advantage of it and for whatever reason the switch to Itanium architecture wasn't practical or the best move as x86_65 or AMD64 won as the successor to x86, which puzzles me in regards to what my college academic adviors and Linux Instructor said being that Intel was junk compared to Sparc because it just patches the x86 instruction set when moving from older things such as 8-bit to 16-bit and 16-bit to 32-bit. Therefore, how was AMD's implementation of 64-bit from 32-bit not just a patch, like what Intel had done in the past from say things like 16-bit to 32-bit regards if that's getting kind of off topic and this is not in regards to this thread or the following like that I've found in regards to this topic and thread here:

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

AMD use a different memory and I/O system to intel, AMD were also well aware of these breaches when Ryzen was just paper. This is why little has been made of AMD because the results are not that bad, spectre type 1 is almost impossible to defend against but from the finding AMD mitigates it better, near zero is the number mentioned. As for Meltdown AMD has 0% vulnerability while Intel hit a perfect 100% vulnerability dating to 1996, good job.

Integrity is at stake here and if investors or major intel clients discover how they have been left vulnerable to this seeming lack of care then well whatever your perceived opinion is on marketing is null and void because slides don't cause losses. I will actually say AMD's x86 marketing was pretty much seeing is what you get, better than what Intel did with Kaby and following releases, using little footnotes barely readable stating that the 7700K is 15% faster than a 6600 using sysmark....yay cool. But we digress.

Intel has a lot of enemies that are sharpening daggers at this, but ironically I don't think AMD wants Intel to be weakened, they are making a lot of money of intel now, gotta milk that cash cow, not everyday you get to see AMD licences all over Intel parts and you got to know that such is not free.

 

[Meeho]

It must suck a bit for AMD to know some of its IPC losses were because the competitor was "cheating" by making security shortcuts.

 

[OrangeKhrush]

It must suck a bit for AMD to know some of its IPC losses were because the competitor was "cheating" by making security shortcuts.

The IPC issue is a non starter, clock vs clock its closer than most want to believe and most "IPC" comps are done with one brand running 20-33% clock bumps and passed out like it is an apples vs apples comparison.

 

[juanrga]

Ironically, that's a lot of speculation on the part of Ars.

Intel, AMD, and ARM CPUs being vulnerable to Spectre attacks is not a speculation.