Jump to content

Another Speculative Execution Vulnerability Discovered for Intel CPUs


Guest_Jim_*

Recommended Posts

Though many may be benefiting from speculative execution's performance improvements, at least Intel may be regretting how it is implemented in the company's CPUs. According to The Register another vulnerability has been discovered in Intel processors that goes back to the first generation of Core processors, and this one, called SPOILER, is believed to not have an easy fix or mitigation without redesign at the silicon level. The vulnerability can potentially be exploited by rogue users with access, malware running on the system, and JavaScript within a browser tab and allows the physical memory layout to be discerned. It also can be done within virtual machines and sandboxed environments, independent on the operating system. With the information it gets other attacks can be more easily executed, such as Rowhammer which could be completed in seconds as opposed to weeks without SPOILER.

Stepping back a bit, speculative execution is a feature of modern CPUs to improve performance. Basically the processor will consider what it is currently doing and then guess at what the user wants to do next and start on that work prior to the request. While taking such initiative can be good in real life, this speculative execution can leak information by not waiting for other secured operations to complete. For SPOILER, the vulnerability comes from how the Intel memory subsystem handles disambiguation to prevent invalid data from being used. By filling the CPU's store buffer with addresses of the same offset but different virtual pages and then issuing memory loads with that same offset but different memory page, then repeating this over a number of virtual pages, enough timing information can be gathered to determine when there are failures to resolve dependency issues. The result is cache attacks, like Rowhammer, become easier to execute and mitigations are going to be difficult to develop, according to the researchers who discovered SPOILER.

Intel was informed of these findings on December 1, 2018 and as is common in the industry, the public release of the findings has come 90 days later. The researchers doubt a microcode solution can be created without losing a tremendous amount of performance. The researchers did also test on AMD and Arm processors and did not find they were vulnerable.

Source: The Register



Back to original news post

Share this post


Link to post
Share on other sites

well hell... i'm certainly feeling some disappointment, considering the time and money I've put into this machine. ...and there's no way to know how much damage has already been done by Korean, or Russian, or Google, or whoever hacker groups and exploiters out there on the webs... i can salvage a lot of stuff from this one, but I guess it's time for me to get with the notion that Intel is not the safest, and start working on an AMD build... this is sad news considering the recent past history of exploits and fixes we've experienced... but life goes on...

Share this post


Link to post
Share on other sites

No, Intel does not appear to be the safest but it might not be necessary to start worrying about building a new computer. I mean, depending on your use case, there are still pro-active things you can do to protect yourself.

Share this post


Link to post
Share on other sites

×
×
  • Create New...