Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
Extreme 4-Way Sli Tuning Forspoken implements Microsoft's DirectStorage API, offers faster load times but lowers frame rate AMD bundles Ryzen 7000 Series processors with Star Wars Jedi: Survivor Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL Corsair 10GB/s MP700 PCIe Gen5 SSD got unveiled, but quickly gets hidden Windows 11 Insider Builds Crypto miners paint GDDR memory chips to hide wear and make them look better RTX 4070 Ti Owner's thread Performance for Free: Unlocking Resizable Bar for unsupported AMD GPUs (Polaris, VEGA, Radeon VII) Download: CPU-Z 2.04 which adds Ryzen 7000X3D support




Guru3D.com » News » New CacheOut Speculative Execution Vulnerability Hits Intel Processors

New CacheOut Speculative Execution Vulnerability Hits Intel Processors

by Hilbert Hagedoorn on: 01/28/2020 04:34 PM | source: | 75 comment(s)
New CacheOut Speculative Execution Vulnerability Hits Intel Processors

Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.

Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.

They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut  can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely. 

 

 

Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.



New CacheOut Speculative Execution Vulnerability Hits Intel Processors




« Review: PowerColor Radeon RX 5600 XT Red Dragon · New CacheOut Speculative Execution Vulnerability Hits Intel Processors · New Battlefield V chapter based on jungle fights in the Pacific Ocean Area »

15 pages « < 12 13 14 15


Cyberdyne
Senior Member



Posts: 3580
Joined: 2010-01-16

#5756028 Posted on: 01/31/2020 03:42 AM
Does it matter?
Imagine a hacker successfully injected malicious code (exploiting this or any other cache memory vulnerability) into some web page. And some user visited this page allowing hacker to monitor the cache memory reads and writes in real time (until user closed a browser). Do you think it will be easy for a hacker to understand what he sees? Is it even possible to view cache memory operations in real time? Hacker should actually store all the info (big amount - so the channel should be fast) to analyse afterwards, hoping that this dump of cache memory operations contains something useful.
Then no, it doesn't matter. None of it does. Do you see the point behind this exploit hysteria?

sverek
Senior Member



Posts: 6070
Joined: 2011-01-02

#5756030 Posted on: 01/31/2020 03:57 AM
Then no, it doesn't matter. None of it does. Do you see the point behind this exploit hysteria?

Yes, Intel can't design CPU with security in mind.
It's not about {insert exploit name here} is nearly impossible to reproduce in real-life situation. It's about Intel not paying attention to it.

"Under a certain condition your car brakes might not work, but it's nothing to worry about, since you drive your car as any normal person"

Fox2232
Senior Member



Posts: 11808
Joined: 2012-07-20

#5756089 Posted on: 01/31/2020 10:04 AM
sure, you have a strong bottleneck, its a worst sensation than a simple fps flutuation caused by gpu

Btw, youre confused about what vsync and freesync does
I am not confused about those technologies. That's unless you can specifically say what you disagree with and then correct it.
Because I am perfectly aware of all underlying timing functionalities of each technology.
And you may be surprised by fact that 100Hz Free/G-sync screen is incapable to display two consecutive frames in shorter interval than 10ms from each other. (Which creates another minor timing issue if you have average 100fps, but frametimes fluctuate. As frame has to wait till it can be shown for 1ms in situation where two consecutive frames came at 9ms interval.)

D1stRU3T0R
Senior Member



Posts: 642
Joined: 2017-08-16

#5756090 Posted on: 01/31/2020 10:05 AM
No, 2700x are completelly destroyed even the 3900x hardly you can see beating the 8700k

https://www.techpowerup.com/review/amd-ryzen-9-3900x/15.html

Are you comparing 2700X to the 3900X?

Different architecture, different tier lol. At least if you would compare 2700X to 3700X...and you are showing gaming benchmark, rly mate?

mbk1969
Senior Member



Posts: 13406
Joined: 2013-01-17

#5756126 Posted on: 01/31/2020 11:52 AM
Then no, it doesn't matter. None of it does. Do you see the point behind this exploit hysteria?


Trivial social media hype.

What I don`t understand is why browser can even execute low level CPU instructions (needed for such attacks) executing java-script? How? Why a script language can even emit low level CPU instructions?

15 pages « < 12 13 14 15


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023