BitDefender Researchers Discover "Terrifying" Security Vulnerability in Intel CPUs

Zarathustra[H]

I Complain about Everything
Joined
Oct 29, 2000
Messages
29,666
Another day, another Intel hardware security bug. This time it's called Microarchitectural Data Sampling (or MDS for short) and has been proven to work on Intel's Ivy bridge, Haswell, Skylake and Kaby Lake CPU's.

This vulnerability is particularly concerning because it allows an attacker to access privileged kernel-mode information.

I'm wondering if my aging Westmere-EP server and my Sandy-E desktop are affected.

So, how long before all CPU's return to being in-order designs? Out of order designs certainly have some real performance benefits, but it seems like they inevitably lead to vulnerabilities.
 
  • Like
Reactions: ChadD
like this

jeffj7

Weaksauce
Joined
Jun 2, 2012
Messages
104
my old 8320 starting to look good compared to the i5 my brother gave me if i have to disable hyper threading
 
  • Like
Reactions: xjfv
like this

Lakados

[H]ard|Gawd
Joined
Feb 3, 2014
Messages
2,039
Here's hoping Intel has a new architecture coming out soon, I understand that the Gen 8 and 9 chips aren't effected by this one but it is only a matter of time as those use the same underlying design.
 

Auer

[H]ard|Gawd
Joined
Nov 2, 2018
Messages
1,581
Tempted to turn MT off in Bios to see how the old Xeon 1620-0 would make out as a 4/4...
 

Nobu

2[H]4U
Joined
Jun 7, 2007
Messages
3,840
So, how long before all CPU's return to being in-order designs? Out of order designs certainly have some real performance benefits, but it seems like they inevitably lead to vulnerabilities.
It shouldn't be an inherent flaw of the process, just need to be smarter about how they do it. Of course, that doesn't mean a more secure method would be easier and more efficient than an optimized in-order process.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,249
Since Ivy Bridge is for the most part a die shrink of Sandy Bridge, any exploits on Ivy Bridge should be applicable to Sandy Bridge.

According to Intel, it's already hardware mitigated with their 8th and 9th gen processors. It seems at least for this particular exploit they have known about it for a while.
 
Joined
Jan 14, 2012
Messages
748
Since Ivy Bridge is for the most part a die shrink of Sandy Bridge, any exploits on Ivy Bridge should be applicable to Sandy Bridge.

According to Intel, it's already hardware mitigated with their 8th and 9th gen processors. It seems at least for this particular exploit they have known about it for a while.
Intel isn't doing anything other than Software and Microcode BIOS mitigation. If they ever fix all of these security holes their processors will be slower than Bulldozer... Intel cannot afford to lose performance when they currently have nothing to challenge AMD. They had the time to fix many of these issues in hardware already.

Regardless, I am running mostly Intel (9600, 8600, 7500..) due to the applications I use on a regular basis. At this point my old Ryzen 1700 is starting to look really damn good... Too bad I donated it to someone...
 

Zarathustra[H]

I Complain about Everything
Joined
Oct 29, 2000
Messages
29,666
Intel's loss is AMD's gain, Ryzen starts looking increasingly more temptive for every new vulnerability with all the patches applied, someone needs to be doing a unpatched vs fully patched benchmark run and comparison to AMD CPUs.

Hopefully when AMD's 7nm CPU's launch at least one of the remaining review sites will do due diligence and actually retest all historical CPU's on a current fully patched system, instead of just using numbers from their past tests...

I'd trust the [H] to get it right, but I'm not sure I trust any of these remaining clowns...
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,249
Intel isn't doing anything other than Software and Microcode BIOS mitigation. If they ever fix all of these security holes their processors will be slower than Bulldozer... Intel cannot afford to lose performance when they currently have nothing to challenge AMD. They had the time to fix many of these issues in hardware already.

Regardless, I am running mostly Intel (9600, 8600, 7500..) due to the applications I use on a regular basis. At this point my old Ryzen 1700 is starting to look really damn good... Too bad I donated it to someone...
Are you just blabbing this out of your ass or do you actually have proof to the contrary? We know Intel can and does do shady things but one thing they cannot do is outright lie to their customers. Especially now when they're trying to rebuild their image.
 

Lakados

[H]ard|Gawd
Joined
Feb 3, 2014
Messages
2,039
Are you just blabbing this out of your ass or do you actually have proof to the contrary? We know Intel can and does do shady things but one thing they cannot do is outright lie to their customers. Especially now when they're trying to rebuild their image.
Well how they have fixed them to date is with bios patches for the most part so yes the flaws still exist, in the 8'th and 9'th gen they have a mitigation built into the chip which will probably be circumvented eventually as the underlying flaw in how the Intel CPU's do out of order execution still exists. So yes the correct fix is to not only disable hyper threading as that is where they start the attack from but to also disable out of order execution as that is where the actual flaw seems to be, which would essentially turn the most expensive of the i7's into large Atom's.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,249
Well how they have fixed them to date is with bios patches for the most part so yes the flaws still exist, in the 8'th and 9'th gen they have a mitigation built into the chip which will probably be circumvented eventually as the underlying flaw in how the Intel CPU's do out of order execution still exists. So yes the correct fix is to not only disable hyper threading as that is where they start the attack from but to also disable out of order execution as that is where the actual flaw seems to be, which would essentially turn the most expensive of the i7's into large Atom's.
Edit: NVM, misread.

As long as Intel can reasonably mitigate the exploit, things would be fine. Let's see how much of a performance impact the fixes have first.
 

Lakados

[H]ard|Gawd
Joined
Feb 3, 2014
Messages
2,039
If it is an inherent flaw that cannot be reasonably mitigated, then AMD is in the same boat. No reason to single out Intel here. I believe it is far too early to call the death of SMT and out-of-order execution, and this seems to be a flaw mostly focused on SMT vulnerabilities anyways.

As long as it can be mitigated to a level where administrative and/or physical access is required to execute the attack, I would call it reasonably mitigated.
AMD might not be immune but their methods for doing both out of order operations and how they have managed hyper threading are drastically different, so an attack vector may exist in their chips but it certainly isn't going to be the same and given their market saturation there probably isn't a financial incentive to try to discover one where with Intel there is.
 
  • Like
Reactions: Tsumi
like this

clockdogg

Gawd
Joined
Dec 12, 2007
Messages
1,014
So Coffee Lake is fine?
Nope. Not according to this report on Tom's.

"The Spoiler exploit is present specifically within Intel's Core CPUs, which include the original Core 2 Duo CPUs all the way up to Intel's most recent Coffee Lake, Kaby Lake, and Skylake CPUs, as well as future Cascade Lake and Ice Lake products. While Spoiler is similar to Spectre, it is a separate issue, making patches for Spectre ineffective against Spoiler exploits."
 

Burticus

Supreme [H]ardness
Joined
Nov 7, 2005
Messages
4,178
Oh great. Another round of performance crushing firmware updates for all my Xeon UCS blades. Bye bye, all my free weekends...
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,249
Nope. Not according to this report on Tom's.

"The Spoiler exploit is present specifically within Intel's Core CPUs, which include the original Core 2 Duo CPUs all the way up to Intel's most recent Coffee Lake, Kaby Lake, and Skylake CPUs, as well as future Cascade Lake and Ice Lake products. While Spoiler is similar to Spectre, it is a separate issue, making patches for Spectre ineffective against Spoiler exploits."
This is not the Spoiler exploit. This is an entirely different attack dubbed MDS, which Intel had to be aware of for at least 3 years now to have implemented hardware fixes in Coffee Lake and Coffee Lake refresh. Now, whether or not the hardware fixes completely mitigated the exploit, there has been no independent confirmation as of yet. They are only announcing this now because they have bios updates and software updates ready.
 

Absalom

Gawd
Joined
Oct 3, 2007
Messages
725
Out of order execution can be done selectively by a compiler, even on a CPU that doesn't even support OOE in hardware. There's nothing magic about doing OOE - it's literally the re-ordering of instructions so they are efficiently executed in a way that pipeline bubbles are eliminated or minimized. So even if OOE went away from hardware altogether (highly unlikely), it would still be an option via compiler. However, OOE via compiler would be opt-in and fall strictly under software tuning. Thus, lots of software would still lose out on free benefits if the hardware option were not present.

There's always going to be a tradeoff of performance vs security when it comes to these mitigations. They (Intel, AMD, etc.) need to go back to the drawing board and re-architect CPUs with security in mind. They've probably been using the same pro-performance design they came up with 20+ years ago. If it ain't broke, don't fix it mentality.

Not sure about the SMT exploits, but if I were to guess, that needs a re-architect.

Meltdown specifically targeted exploits in the Translation Lookaside Buffer. Those designs will need to be reevaluated.

We may be looking at a decade before we see a fully secure CPU emerge on the market.
 

clockdogg

Gawd
Joined
Dec 12, 2007
Messages
1,014
This is not the Spoiler exploit. This is an entirely different attack dubbed MDS, which Intel had to be aware of for at least 3 years now to have implemented hardware fixes in Coffee Lake and Coffee Lake refresh. Now, whether or not the hardware fixes completely mitigated the exploit, there has been no independent confirmation as of yet. They are only announcing this now because they have bios updates and software updates ready.
Ah...so many exploits, if Intel can't keep up, I can't either...Thanks!
 

Red Falcon

[H]F Junkie
Joined
May 7, 2007
Messages
10,266
Are you just blabbing this out of your ass or do you actually have proof to the contrary? We know Intel can and does do shady things but one thing they cannot do is outright lie to their customers. Especially now when they're trying to rebuild their image.
Everything I have read online (at least available to the public) is that they are "allegedly" adding in Meltdown and Spectre vulnerability fixes natively into hardware with the latest CPUs and SoCs; no mention on fixes for any of the other numerous exploits, recent or otherwise.
It isn't shady at this point, considering everything that has come to light, it is just disappointing - hopefully they will fix all of this in time, but it is going to require some massive engineering workarounds, and proof to all consumers, before full trust will be restored.
 

Red Falcon

[H]F Junkie
Joined
May 7, 2007
Messages
10,266
Out of order execution can be done selectively by a compiler, even on a CPU that doesn't even support OOE in hardware. There's nothing magic about doing OOE - it's literally the re-ordering of instructions so they are efficiently executed in a way that pipeline bubbles are eliminated or minimized. So even if OOE went away from hardware altogether (highly unlikely), it would still be an option via compiler. However, OOE via compiler would be opt-in and fall strictly under software tuning. Thus, lots of software would still lose out on free benefits if the hardware option were not present.

There's always going to be a tradeoff of performance vs security when it comes to these mitigations. They (Intel, AMD, etc.) need to go back to the drawing board and re-architect CPUs with security in mind. They've probably been using the same pro-performance design they came up with 20+ years ago. If it ain't broke, don't fix it mentality.

Not sure about the SMT exploits, but if I were to guess, that needs a re-architect.

Meltdown specifically targeted exploits in the Translation Lookaside Buffer. Those designs will need to be reevaluated.

We may be looking at a decade before we see a fully secure CPU emerge on the market.
From everything that has been tested online, outside of Spectre (any CPU ISA that uses OOE has this), AMD has not been affected by all of these exploits, SMT and OOE present or otherwise.
The vulnerabilities AMD has had requires root/admin privileges on the system to perform them, and at that point, there are bigger issues...

This isn't a flaw with x86/x86-64, it is a flaw with how Intel has been getting away with security holes that have added performance, but as of late, show how unsecure their CPUs/SoCs really are.
 

Tsumi

[H]F Junkie
Joined
Mar 18, 2010
Messages
13,249
Everything I have read online (at least available to the public) is that they are "allegedly" adding in Meltdown and Spectre vulnerability fixes natively into hardware with the latest CPUs and SoCs; no mention on fixes for any of the other numerous exploits, recent or otherwise.
It isn't shady at this point, considering everything that has come to light, it is just disappointing - hopefully they will fix all of this in time, but it is going to require some massive engineering workarounds, and proof to all consumers, before full trust will be restored.
Straight from Intel, Coffee Lake already has hardware fixes for MDS. There is no "alleged" for this vulnerability.
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,166
Out of order execution can be done selectively by a compiler, even on a CPU that doesn't even support OOE in hardware. There's nothing magic about doing OOE - it's literally the re-ordering of instructions so they are efficiently executed in a way that pipeline bubbles are eliminated or minimized. So even if OOE went away from hardware altogether (highly unlikely), it would still be an option via compiler. However, OOE via compiler would be opt-in and fall strictly under software tuning. Thus, lots of software would still lose out on free benefits if the hardware option were not present.

There's always going to be a tradeoff of performance vs security when it comes to these mitigations. They (Intel, AMD, etc.) need to go back to the drawing board and re-architect CPUs with security in mind. They've probably been using the same pro-performance design they came up with 20+ years ago. If it ain't broke, don't fix it mentality.

Not sure about the SMT exploits, but if I were to guess, that needs a re-architect.

Meltdown specifically targeted exploits in the Translation Lookaside Buffer. Those designs will need to be reevaluated.

We may be looking at a decade before we see a fully secure CPU emerge on the market.
on itarnium OoOE was handled by the compilers and not hardware btw
 

jardows

[H]ard|Gawd
Joined
Jun 10, 2015
Messages
1,807
Nobody ever got fired for buying Intel. Security exploits that can compromise all your sensitive data? No problem, just keep buying Intel!
 

Monkey34

Supreme [H]ardness
Joined
Apr 11, 2003
Messages
5,122
"ZombieLoad affects every Intel processor made since 2011. The bug can even be used on virtual machines in the cloud."
 

dvsman

2[H]4U
Joined
Dec 2, 2009
Messages
3,116
Wow I'm glad I made the jump when I did (5930k -> 1700 -> 2700x) - the bad news just keeps coming for Intel.

While I hope for more Intel price cuts, there always needs to be competition to keep the market innovation coming and prices in check.
 
Top