CacheOut is the Latest Speculative Execution Attack for Intel Processors

[Mega6]

yet again of the never ending

"Another day, another speculative execution vulnerability found inside Intel processors. This time we are getting a new vulnerability called "CacheOut", named after the exploitation's ability to leak data stored inside CPU's cache memory. Dubbed CVE-2020-0549: "L1D Eviction Sampling (L1Des) Leakage" in the CVE identifier system, it is rated with a CVSS score of 6.5. Despite Intel patching a lot of similar exploits present on their CPUs, the CacheOut attack still managed to happen."

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html

 

[Dark12]

I'm glad I have a ryzen house now.

 

[ManofGod]

Of course, a record setting quarters make this irrelevant, right? /s

 

[auntjemima]

Of course, a record setting quarters make this irrelevant, right? /s

Yes.

Your constant "the end of neigh!" arguments clearly aren't based on anything.

 

[ManofGod]

Yes.

Your constant "the end of neigh!" arguments clearly aren't based on anything.

I think you forgot your /s in your comment. Or are you saying, "Quick, look over there ------->"

 

[erek]

Mega6

"Cache me Outside !!!" -Intel

 

[ThatITGuy]

90% of the public pay more attention to the Kardashian (sp?) family and their daily habits than this stuff about things they do not understand. They just want a cheap PC for when they are charging their phones

 

[vegeta535]

90% of the public pay more attention to the Kardashian (sp?) family and their daily habits than this stuff about things they do not understand. They just want a cheap PC for when they are charging their phones

That is the sad truth. The thing that really gets me are people like the Kardashians represent everything you suppose to hate. Rich "beautiful" people. The 1%. Yet they have to know everything about them.

 

[ThatITGuy]

That is the sad truth. The thing that really gets me are people like the Kardashians represent everything you suppose to hate. Rich "beautiful" people. The 1%. Yet they have to know everything about them.

Likely the same reason people spend hours watching people play a game instead of playing it themselves, why they spend hours on their phones "liking" pictures or posts by other people instead of going out and actually living life themselves.

 

[GoodBoy]

"Description: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."

Only affects some Whiskey Lake, Sylake, Kaby Lake, and Coffee Lake. Interestingly, the 10xxx parts are not affected (those are Cascade Lake), nor are older cpu's like Haswell.

Doesn't sound like any perf hit for fix.

 

[Lakados]

I’m not surprised, this architecture is what a decade old at this stage? It has to comprise at least 90% of all the desktop/server CPU’s on the planet that is a lot of eyes from a lot of people, I’ll intent or otherwise trying to pick it apart.

 

[Monkey34]

Here's the page for the info: https://cacheoutattack.com/

Affected processors: https://software.intel.com/security...hts/processors-affected-l1d-eviction-sampling

 

[blandead]

You also have to take into account any performance hit from additional software patches. For instance Chrome could have a different fix, vmware, Microsoft, sql server.

 

[rgMekanic]

ffs someone please trade me a 2920x system for my 6800k+cash

 

[Hagrid]

Is there a world record for the number of vulnerabilities for a CPU and if so are they trying for a world record? Or are they already holding the record and it keeps going up?

 

[Nobu]

Is there a world record for the number of vulnerabilities for a CPU and if so are they trying for a world record? Or are they already holding the record and it keeps going up?

I want to say there were probably close to as many vulnerabilities before as there are now being discovered, just they weren't being reported as openly as they are now.

...I want to say that, but I really have nothing to back that statement. I do know there are databases and bugzillas full of errata and vulnerability reports (for all kinds of hardware), but I don't have any statistics to go on.

 

[Mazzspeed]

I’m not surprised, this architecture is what a decade old at this stage? It has to comprise at least 90% of all the desktop/server CPU’s on the planet that is a lot of eyes from a lot of people, I’ll intent or otherwise trying to pick it apart.

Funnily enough the older Intel architectures aren't affected. My dual Westmere-EP Xeon's aren't and they handle everything I throw at them just fine.

 

[polonyc2]

so I should keep using my i7 980X Gulftown CPU for another decade?

 

[Mazzspeed]

so I should keep using my i7 980X Gulftown CPU for another decade?

I'm not replacing my LGA1366 based machine until I absolutely have to, and right now I absolutely don't have to - It even games adequately.

 

[polonyc2]

I'm not replacing my LGA1366 based machine until I absolutely have to, and right now I absolutely don't have to - It even games adequately.

yup same here...I game at 1440p so most everything is GPU-limited...I've upgraded my GPU multiple times in the time I've had my i7 980X

 

[Red Falcon]

90% of the public pay more attention to the Kardashian (sp?) family and their daily habits than this stuff about things they do not understand. They just want a cheap PC for when they are charging their phones

Hi-tech, low-life - the dark cyberpunk future is here!


Also, the firmware/BIOS/UEFI updates never end, but what's worse, is if we stop receiving them...
This goes back as far as Sandy Bridge; basically, every Intel CPU made in the 2010s is either security-hole Swiss cheese, or performance-drained at this point.

 

[Mazzspeed]

yup same here...I game at 1440p so most everything is GPU-limited...I've upgraded my GPU multiple times in the time I've had my i7 980X

High five my fellow LGA1366 user!