Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
AMD GPU Design Seems to Leave Space for Future 3D V-Cache Performance for Free: Unlocking Resizable Bar for unsupported AMD GPUs (Polaris, VEGA, Radeon VII) AMD Software: Adrenalin Edition 22.11.2 - Driver download and discussion MSI Interrupt Steering Causing Input Lag Windows 10 Monitor turns black and windows disable my GPU driver Quad-slot NVIDIA GeForce RTX 4090Ti/TITAN 800W graphics card / cooler caught on camera Nvidia Set to Unveil RTX 4060 and 4050 GPUs Ahead of Schedule? Rumor: Further GeForce RTX 4090 Ti specs emerge RTX 4090 Owner's thread AMD A620 motherboards to get very affordable? Two chipsets planned




Guru3D.com » News » New CacheOut Speculative Execution Vulnerability Hits Intel Processors

New CacheOut Speculative Execution Vulnerability Hits Intel Processors

by Hilbert Hagedoorn on: 01/28/2020 04:34 PM | source: | 75 comment(s)
New CacheOut Speculative Execution Vulnerability Hits Intel Processors

Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.

Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.

They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut  can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely. 

 

 

Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.



New CacheOut Speculative Execution Vulnerability Hits Intel Processors




« Review: PowerColor Radeon RX 5600 XT Red Dragon · New CacheOut Speculative Execution Vulnerability Hits Intel Processors · New Battlefield V chapter based on jungle fights in the Pacific Ocean Area »

15 pages 1 2 3 4 > »


-:[CC]:-
Junior Member



Posts: 5
Joined: 2007-04-09

#5755124 Posted on: 01/28/2020 06:55 PM
The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.

I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me :)

Gomez Addams
Senior Member



Posts: 216
Joined: 2019-04-15

#5755130 Posted on: 01/28/2020 06:59 PM
I think all of this stuff about speculative execution vulnerabilities is much ado about nothing. The most important thing to remember is the attacker must install and run the malicious software on the target machine. If that is prohibited then nothing will happen at all.

Here's my conspiracy theory about these things : after the "sky is falling" announcements, what did people do? Most immediately installed updates on their machines. I think those updates were actually installing backdoors so the NSA and other governmental TLA's can monitor your activities. I have not and will not install any "updates" for this because I consider it to be a non-issue. Especially if you don't allow malicious software to run in the first place. Start there and the rest will take care of itself.

warlord
Senior Member



Posts: 2760
Joined: 2012-10-22

#5755135 Posted on: 01/28/2020 07:06 PM
Enthusiasts and blackmarket paid IT wannabes still bragging about Intel cpus for epeen. Intel® needs severe punishment for the last decade of deception, laziness and zero innovation. In AMD we trust!

Fox2232
Senior Member



Posts: 11808
Joined: 2012-07-20

#5755181 Posted on: 01/28/2020 08:47 PM
Unfortunately, disabling Intel Hyper-Threading does not cover the case where the attacker and the victim run on the same CPU thread.

Well, threads are not processes. While browser may have one or more PIDs, there may be dozens to hundreds threads hiding underneath.
But still, this is kind of bad as there are going to be scenarios where even disabling HT won't result in full protection.

squalles
Senior Member



Posts: 948
Joined: 2003-06-10

#5755190 Posted on: 01/28/2020 09:30 PM
im scaried now, any hacker can stolen my save game on witcher 3

15 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023