Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Hitman III: PC graphics perf benchmark review
TeamGroup CX2 1TB SATA3 SSD review
EVGA GeForce RTX 3070 FTW3 Ultra review
Corsair 5000D PC Chassis Review
NZXT Kraken X63 RGB Review
ASUS Radeon RX 6900 XT STRIX OC LC Review
TerraMaster F5-221 NAS Review
MSI Radeon RX 6800 XT Gaming X TRIO Review
Sapphire Radeon RX 6800 NITRO+ review
Corsair HS70 Bluetooth Headset Review

New Downloads
HWiNFO Download v6.42
Prime95 download version 30.4 build 8
CrystalDiskInfo 8.10.0 Download
SiSoft Sandra 20/20 download v30.92
AMD Radeon Adrenalin Edition 21.1.1 driver download
CPU-Z download v1.95
Intel HD graphics Driver Download Version: DCH 27.20.100.9168
GeForce 461.33 hotfix driver download
AIDA64 Download Version 6.32.5620 beta
3DMark Download v2.16.7117 + Time Spy


New Forum Topics
RTSS 6.7.0 beta 1 ASRock Releases 1-liter Jupiter X300 Mini PC Weird 5700 XT problem Cougar launches AURIC, Semi-fanless GOLD power supply wit aRGB ¿how to force windows restart when gpu_use is in idle or...? Meet the Cooler Master MasterCase 700 GALAX GeForce RTX 3090 Hall Of Fame (HOF) PCB photos GeForce Hotfix Driver Version 461.33 SilverStone NJ700 power supply unit with a capacity of 700W is fanless Radeon Software Adrenalin 2020 Edition 21.1.1 Download & Discussion




Guru3D.com » News » New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors

New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors

by Hilbert Hagedoorn on: 11/13/2019 09:08 AM | source: techcrunch | 51 comment(s)
New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors

It seems Intel can not catch a break in regards to processor and platform vulnerabilities as researchers have found a new flaw in Intel processors — this time it’s a new variant of the Zombieload v2 attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake.

The same team that helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into the processor line than previously thought. The ZombieLoad hole can be exploited by malware running on a vulnerable machine, or a rogue logged-in user, to snoop on processor cores and extract sensitive information from memory that should be out of bounds. In practice, this would potentially allow an attacker already on the system to lift passwords, keys, and the like from other running software. TechCrunch on the matter:

Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips. The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.

Zombieload was discovered by the same researchers who found Meltdown and Spectre, a set of flaws that could be used to pick out secrets — like passwords — from the processor. It was believed later chip architectures, like Cascade Lake, were toughened against speculative execution attacks, while Intel rolled out software patches to reduce the attack surface.

Neither of the other vulnerabilities in the same family as Zombieload — notably Fallout and RIDL — work on Cascade Lake, they added. But the researchers said that Intel’s efforts to change the chip design in Cascade Lake are “not sufficient” to protect against these kinds of side-channel attacks. The same researchers warned Intel about the vulnerability in April — as it did with the other flaws they discovered that were patched a month later. Intel took until this month to investigate, the researchers said.

Intel released patches again for its vulnerable chips on Tuesday, acknowledging that its newest chips are vulnerable to the newest Zombieload variant. But the chip making giant recognizes that the mitigations “may not completely prevent the inference of data through a side channel using these techniques.”

The chip maker said there have been “no reports” of real-world exploits of the vulnerabilities.

Intel is releasing microcode (CPU firmware) updates today to address this new Zombieload attack variant, as part of its monthly Patch Tuesday -- known as the Intel Platform Update (IPU) process. A version of the revised Zombieload whitepaper will be made available on the Zombieload website later today.  The same research team who found Zombieload v1 and v2, also found an issue with Intel's original patches for the four MDS attacks disclosed in May which will be disclosed in the same paper.







« Geforce RTX 3000 Ampere: Data center March, Consumers June 2020 · New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors · Microsoft Releases Windows 10 November 2019 Update (1909) »

11 pages 1 2 3 4 > »


anticupidon



Posts: 5522
Joined: 2008-03-06

#5730632 Posted on: 11/12/2019 11:04 PM
Already patches are available in the Linux kernel, patches are applied in production servers. Can't say diddle about Windows, maybe there are updates coming in the mainstream updates.
Patch is also available for rolling distros, already patched my I7 Thinkpad running Arch.
Will run some Phoronix tests , to see how impacts performance, if at all.

RzrTrek
Senior Member



Posts: 2525
Joined: 2012-04-16

#5730636 Posted on: 11/12/2019 11:22 PM
Another interesting read by Red Hat, thanks for sharing. Also the Intel comments over at Phoronix are hilarious.

Deleted member 213629
Unregistered



#5730664 Posted on: 11/13/2019 02:53 AM
Tell me about it...

one member, "I have a better fix.
I will disable my Intel CPU altogether."




sverek
Unregistered



Posts: 6097
Joined: 2011-01-02

#5730668 Posted on: 11/13/2019 03:18 AM

such UI, much skills. mmmmmmmmm 100% 1337 hAx0r.

user1
Senior Member



Posts: 1630
Joined: 2016-01-29

#5730672 Posted on: 11/13/2019 03:50 AM
"The Zombieload vulnerability disclosed earlier this year in May has a second variant that also works against more recent Intel processors, not just older ones, including Cascade Lake, Intel's latest line of high-end CPUs -- initially thought to have been unaffected."

https://techcrunch.com/2019/11/12/intel-cascade-lake-zombieload/

https://www.theregister.co.uk/2019/11/12/zombieload-cpu-attack/

https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/

Well, Intel made it back to square one.

But, wait, there is more:

" But bad news never comes alone. The same research team who found Zombieload v1 and v2, also found an issue with Intel's original patches for the four MDS attacks disclosed in May."

If you want to learn more, here is a technical document about this type of atack

https://zombieloadattack.com/zombieload.pdf

And more in-depth stuff from RedHat, because of Linux servers.

https://access.redhat.com/solutions/tsx-asynchronousabort

What do you guys think about this ?
looks pretty bad, apparently this one works even if smt is disabled
that and there is another unrelated bug(JCC) on skylake and newer, that needs a microcode patch, and has a nasty performance hit aswell, upto a 4% performance hit just from that alone,requires applications to be recompiled to mitigate the performance hit...
ouch

11 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021