BitDefender Researchers Discover "Terrifying" Security Vulnerability in Intel CPUs

Discussion in 'HardForum Tech News' started by Zarathustra[H], May 14, 2019.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,656
    Joined:
    Oct 29, 2000
    Another day, another Intel hardware security bug. This time it's called Microarchitectural Data Sampling (or MDS for short) and has been proven to work on Intel's Ivy bridge, Haswell, Skylake and Kaby Lake CPU's.

    This vulnerability is particularly concerning because it allows an attacker to access privileged kernel-mode information.

    I'm wondering if my aging Westmere-EP server and my Sandy-E desktop are affected.

    So, how long before all CPU's return to being in-order designs? Out of order designs certainly have some real performance benefits, but it seems like they inevitably lead to vulnerabilities.
     
    ChadD likes this.
  2. jeffj7

    jeffj7 [H]Lite

    Messages:
    91
    Joined:
    Jun 2, 2012
    my old 8320 starting to look good compared to the i5 my brother gave me if i have to disable hyper threading
     
    xjfv likes this.
  3. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,656
    Joined:
    Oct 29, 2000
    It's not just hyper threading though. It's the entire out of order execution pipeline that is the problem. Essentially it's like going to Atom level performance.
     
  4. Skeetre

    Skeetre n00b

    Messages:
    17
    Joined:
    Sep 20, 2018
    Revdarian and ChadD like this.
  5. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,394
    Joined:
    Feb 3, 2014
    Here's hoping Intel has a new architecture coming out soon, I understand that the Gen 8 and 9 chips aren't effected by this one but it is only a matter of time as those use the same underlying design.
     
  6. Auer

    Auer Limp Gawd

    Messages:
    454
    Joined:
    Nov 2, 2018
    Tempted to turn MT off in Bios to see how the old Xeon 1620-0 would make out as a 4/4...
     
  7. Nobu

    Nobu 2[H]4U

    Messages:
    2,778
    Joined:
    Jun 7, 2007
    It shouldn't be an inherent flaw of the process, just need to be smarter about how they do it. Of course, that doesn't mean a more secure method would be easier and more efficient than an optimized in-order process.
     
  8. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Since Ivy Bridge is for the most part a die shrink of Sandy Bridge, any exploits on Ivy Bridge should be applicable to Sandy Bridge.

    According to Intel, it's already hardware mitigated with their 8th and 9th gen processors. It seems at least for this particular exploit they have known about it for a while.
     
  9. StormNobleheart

    StormNobleheart n00b

    Messages:
    14
    Joined:
    Apr 12, 2017
    At this rate, the 6850K I have will become much slower than the 990X that it replaced.
     
    Revdarian, N4CR, Armenius and 2 others like this.
  10. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    Intel isn't doing anything other than Software and Microcode BIOS mitigation. If they ever fix all of these security holes their processors will be slower than Bulldozer... Intel cannot afford to lose performance when they currently have nothing to challenge AMD. They had the time to fix many of these issues in hardware already.

    Regardless, I am running mostly Intel (9600, 8600, 7500..) due to the applications I use on a regular basis. At this point my old Ryzen 1700 is starting to look really damn good... Too bad I donated it to someone...
     
  11. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,230
    Joined:
    Apr 9, 2012
    When the walls come tumbling down
     
    Darth Kyrie and Sufu like this.
  12. RPGWiZaRD

    RPGWiZaRD Gawd

    Messages:
    1,011
    Joined:
    Jan 24, 2009
    Intel's loss is AMD's gain, Ryzen starts looking increasingly more temptive for every new vulnerability with all the patches applied, someone needs to be doing a unpatched vs fully patched benchmark run and comparison to AMD CPUs.
     
  13. PrkChpXprss

    PrkChpXprss Gawd

    Messages:
    836
    Joined:
    Nov 7, 2003
    This just in: not surprised
     
    Darth Kyrie and Master_shake_ like this.
  14. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,656
    Joined:
    Oct 29, 2000

    Hopefully when AMD's 7nm CPU's launch at least one of the remaining review sites will do due diligence and actually retest all historical CPU's on a current fully patched system, instead of just using numbers from their past tests...

    I'd trust the [H] to get it right, but I'm not sure I trust any of these remaining clowns...
     
  15. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Are you just blabbing this out of your ass or do you actually have proof to the contrary? We know Intel can and does do shady things but one thing they cannot do is outright lie to their customers. Especially now when they're trying to rebuild their image.
     
    Armenius, GoldenTiger and Lakados like this.
  16. Hagrid

    Hagrid [H]ardness Supreme

    Messages:
    7,952
    Joined:
    Nov 23, 2006
    AMD may be doing well making their stuff better and faster, but at this rate Intel will be slower with all the fixes it needs by it's own hand.

    How many more are they going to find and try to patch? :)
     
  17. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,394
    Joined:
    Feb 3, 2014
    Well how they have fixed them to date is with bios patches for the most part so yes the flaws still exist, in the 8'th and 9'th gen they have a mitigation built into the chip which will probably be circumvented eventually as the underlying flaw in how the Intel CPU's do out of order execution still exists. So yes the correct fix is to not only disable hyper threading as that is where they start the attack from but to also disable out of order execution as that is where the actual flaw seems to be, which would essentially turn the most expensive of the i7's into large Atom's.
     
  18. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Edit: NVM, misread.

    As long as Intel can reasonably mitigate the exploit, things would be fine. Let's see how much of a performance impact the fixes have first.
     
    Lakados likes this.
  19. Auer

    Auer Limp Gawd

    Messages:
    454
    Joined:
    Nov 2, 2018
    So the 9400F is safe :)
     
  20. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,394
    Joined:
    Feb 3, 2014
    AMD might not be immune but their methods for doing both out of order operations and how they have managed hyper threading are drastically different, so an attack vector may exist in their chips but it certainly isn't going to be the same and given their market saturation there probably isn't a financial incentive to try to discover one where with Intel there is.
     
    Tsumi likes this.
  21. viivo

    viivo Gawd

    Messages:
    1,015
    Joined:
    Sep 7, 2005
    So Coffee Lake is fine?
     
  22. clockdogg

    clockdogg Gawd

    Messages:
    842
    Joined:
    Dec 12, 2007
    Nope. Not according to this report on Tom's.

    "The Spoiler exploit is present specifically within Intel's Core CPUs, which include the original Core 2 Duo CPUs all the way up to Intel's most recent Coffee Lake, Kaby Lake, and Skylake CPUs, as well as future Cascade Lake and Ice Lake products. While Spoiler is similar to Spectre, it is a separate issue, making patches for Spectre ineffective against Spoiler exploits."
     
  23. Burticus

    Burticus 2[H]4U

    Messages:
    3,790
    Joined:
    Nov 7, 2005
    Oh great. Another round of performance crushing firmware updates for all my Xeon UCS blades. Bye bye, all my free weekends...
     
  24. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,931
    Joined:
    Oct 13, 2016
    Thanks! Seems this is one of the few that won't exploit my 2600k. Still rocking like a champ!

    tenor.gif
     
  25. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    This is not the Spoiler exploit. This is an entirely different attack dubbed MDS, which Intel had to be aware of for at least 3 years now to have implemented hardware fixes in Coffee Lake and Coffee Lake refresh. Now, whether or not the hardware fixes completely mitigated the exploit, there has been no independent confirmation as of yet. They are only announcing this now because they have bios updates and software updates ready.
     
    Armenius and Auer like this.
  26. Absalom

    Absalom Gawd

    Messages:
    575
    Joined:
    Oct 3, 2007
    Out of order execution can be done selectively by a compiler, even on a CPU that doesn't even support OOE in hardware. There's nothing magic about doing OOE - it's literally the re-ordering of instructions so they are efficiently executed in a way that pipeline bubbles are eliminated or minimized. So even if OOE went away from hardware altogether (highly unlikely), it would still be an option via compiler. However, OOE via compiler would be opt-in and fall strictly under software tuning. Thus, lots of software would still lose out on free benefits if the hardware option were not present.

    There's always going to be a tradeoff of performance vs security when it comes to these mitigations. They (Intel, AMD, etc.) need to go back to the drawing board and re-architect CPUs with security in mind. They've probably been using the same pro-performance design they came up with 20+ years ago. If it ain't broke, don't fix it mentality.

    Not sure about the SMT exploits, but if I were to guess, that needs a re-architect.

    Meltdown specifically targeted exploits in the Translation Lookaside Buffer. Those designs will need to be reevaluated.

    We may be looking at a decade before we see a fully secure CPU emerge on the market.
     
    Aix. and wolfofone like this.
  27. clockdogg

    clockdogg Gawd

    Messages:
    842
    Joined:
    Dec 12, 2007
    Ah...so many exploits, if Intel can't keep up, I can't either...Thanks!
     
  28. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,836
    Joined:
    May 7, 2007
    Everything I have read online (at least available to the public) is that they are "allegedly" adding in Meltdown and Spectre vulnerability fixes natively into hardware with the latest CPUs and SoCs; no mention on fixes for any of the other numerous exploits, recent or otherwise.
    It isn't shady at this point, considering everything that has come to light, it is just disappointing - hopefully they will fix all of this in time, but it is going to require some massive engineering workarounds, and proof to all consumers, before full trust will be restored.
     
  29. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,836
    Joined:
    May 7, 2007
    From everything that has been tested online, outside of Spectre (any CPU ISA that uses OOE has this), AMD has not been affected by all of these exploits, SMT and OOE present or otherwise.
    The vulnerabilities AMD has had requires root/admin privileges on the system to perform them, and at that point, there are bigger issues...

    This isn't a flaw with x86/x86-64, it is a flaw with how Intel has been getting away with security holes that have added performance, but as of late, show how unsecure their CPUs/SoCs really are.
     
    Darth Kyrie, spine and ccityinstaller like this.
  30. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Straight from Intel, Coffee Lake already has hardware fixes for MDS. There is no "alleged" for this vulnerability.
     
    QKSILVR73 and Armenius like this.
  31. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,836
    Joined:
    May 7, 2007
    Have a link to the article or white paper on that by any chance?
     
  32. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,791
    Joined:
    Sep 13, 2008
    on itarnium OoOE was handled by the compilers and not hardware btw
     
  33. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Perhaps you could RTA?
     
    Armenius and Red Falcon like this.
  34. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,836
    Joined:
    May 7, 2007
    Ah, for some reason I missed the quote in the article, thanks.
     
  35. jardows

    jardows [H]ard|Gawd

    Messages:
    1,478
    Joined:
    Jun 10, 2015
    Nobody ever got fired for buying Intel. Security exploits that can compromise all your sensitive data? No problem, just keep buying Intel!
     
  36. Rockenrooster

    Rockenrooster Limp Gawd

    Messages:
    187
    Joined:
    Apr 11, 2017
    I know right!
    Kudos to AMD they're killing it!
     
  37. Auer

    Auer Limp Gawd

    Messages:
    454
    Joined:
    Nov 2, 2018
    This could be the opportunity needed for AMD to Bulldoze their way to the top.
     
  38. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    7,005
    Joined:
    Dec 18, 2010
    Three words...

    AMD
     
    Darth Kyrie and Hagrid like this.
  39. Monkey34

    Monkey34 [H]ardness Supreme

    Messages:
    5,031
    Joined:
    Apr 11, 2003
    "ZombieLoad affects every Intel processor made since 2011. The bug can even be used on virtual machines in the cloud."
     
    Darth Kyrie likes this.
  40. dvsman

    dvsman 2[H]4U

    Messages:
    2,537
    Joined:
    Dec 2, 2009
    Wow I'm glad I made the jump when I did (5930k -> 1700 -> 2700x) - the bad news just keeps coming for Intel.

    While I hope for more Intel price cuts, there always needs to be competition to keep the market innovation coming and prices in check.