Thread: PC Hardware Talk Megathread
View Single Post
Old 05-15-2019, 01:38 PM   #923
FlameOn
Franchise Player
 
FlameOn's Avatar
 
Join Date: Oct 2010
Location: Calgary
Exp:
Default
Heads up another huge speculative execution vulnerability with all Intel processors. Intel recommends disabling of Hyper threading to prevent an attack. Microcode patch has been released but this will take time to integrate and the impact on performance will be in the ~3% hit on consumer applications and 9-10% range on datacenter, compounding the 10-15% performance impact from the previous Meltdown microcode patch. AMD processors are not impacted. We'll have to wait for final benchmarks for impacts in performance.

Quote:
Intel Recommends Disabling Hyper Threading
The company admitted in its white paper that the software mitigations will have a significant effect on how HT works. The threads will need a higher level of isolation between each other, and they will not be able to run processes from different security domains anymore. Threads from different security domains will simply become idle (thus turning into wasted processing power).

Intel has also been publicly reluctant to agree with the disabling of HT when others have called for it with the discovery of some previous CPU flaws, but in its paper, the company stated that disabling HT altogether may be warranted as protection against MDS attacks.
Quote:
Security researchers have found a new class of vulnerabilities in Intel chips which, if exploited, can be used to steal sensitive information directly from the processor.,

The bugs are reminiscent of Meltdown and Spectre, which exploited a weakness in speculative execution, an important part of how modern processors work. Speculative execution helps processors predict to a certain degree what an application or operating system might need next and in the near-future, making the app run faster and more efficient. The processor will execute its predictions if they’re needed, or discard them if they’re not.

Both Meltdown and Spectre leaked sensitive data stored briefly in the processor, including secrets — such as passwords, secret keys and account tokens, and private messages.

Now some of the same researchers are back with an entirely new round of data-leaking bugs.

“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.

Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.

ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.

Intel has released microcode to patch vulnerable processors, including Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake and Haswell chips. Intel Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake chips are also affected, as well as all Atom and Knights processors.

But other tech giants, like consumer PC and device manufacturers, are also issuing patches as a first line of defense against possible attacks.

Computer makers Apple and Microsoft and browser makers Google have released patches, with other companies expected to follow.

In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarios.
Apple devices using Intel processors are reportedly faring far far worse
Quote:
The full mitigation, which includes disabling hyper-threading, prevents information leakage across threads and when transitioning between kernel and user space, which is associated with the MDS vulnerabilities for both local and remote (web) attacks.

Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks. Performance tests are conducted using specific Mac computers. Actual results will vary based on model, configuration, usage, and other factors.
https://www.intel.com/content/dam/ww...e_05132019.pdf
https://techcrunch.com/2019/05/14/zo...el-processors/
https://www.tomshardware.com/news/in...ack,39333.html
https://support.apple.com/en-us/HT210108
Last edited by FlameOn; 05-16-2019 at 07:26 AM.
FlameOn is offline   Reply With Quote
The Following 2 Users Say Thank You to FlameOn For This Useful Post: