Asus ROG STRIX XG43UQ monitor review
Netduma R2 router review
TerraMaster F5-422 NAS Review
Radeon RX 6600 (Sapphire Pulse) review
Radeon RX 6600 (Gigabyte Eagle 8G) review
PowerColor Radeon RX 6900 XT Red Devil review
Corsair Sabre RGB Pro Wireless mouse review
Far Cry 6: PC graphics performance benchmark review
Colorful GeForce RTX 3060 Bilibili 12G review
ACER Predator GM7000 2TB NVMe PCIe 4.0 SSD review
New CacheOut Speculative Execution Vulnerability Hits Intel Processors
Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.
Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.
They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely.
Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.
Gomez Addams
Senior Member
Posts: 197
Joined: 2019-04-15
Senior Member
Posts: 197
Joined: 2019-04-15
#5755220 Posted on: 01/28/2020 11:23 PM
There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.
Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
Unfortunately, disabling Intel Hyper-Threading does not cover the case where the attacker and the victim run on the same CPU thread..
There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.
Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
JamesSneed
Senior Member
Posts: 1267
Joined: 2017-02-14
Senior Member
Posts: 1267
Joined: 2017-02-14
#5755234 Posted on: 01/28/2020 11:39 PM
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
squalles
Senior Member
Posts: 863
Joined: 2003-06-10
Senior Member
Posts: 863
Joined: 2003-06-10
#5755239 Posted on: 01/29/2020 12:00 AM
its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come
its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
TieSKey
Senior Member
Posts: 192
Joined: 2015-09-26
Senior Member
Posts: 192
Joined: 2015-09-26
#5755246 Posted on: 01/29/2020 12:33 AM
:-, post: 5755124, member: 173592"]The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.
I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.
Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.
--------------
So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.
The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.
"Attacking Virtual Machines. Another security domain we explore in this paper is the isolation of different virtual machines running on the same physical core. We show that CacheOut is effective at leaking data from both co-resident machines as well as hypervisors. Experimentally evaluating this, we are able to completely de-randomize the Address Space Layout Randomization (ASLR) used by the hypervisor, as well as recover AES keys from another VM."
:-, post: 5755124, member: 173592"]The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.
I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.
Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.
--------------
So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.
The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.
"Attacking Virtual Machines. Another security domain we explore in this paper is the isolation of different virtual machines running on the same physical core. We show that CacheOut is effective at leaking data from both co-resident machines as well as hypervisors. Experimentally evaluating this, we are able to completely de-randomize the Address Space Layout Randomization (ASLR) used by the hypervisor, as well as recover AES keys from another VM."
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 222
Joined: 2016-03-18
No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come