Fractal Design Pop Air RGB Black TG review
Palit GeForce GTX 1630 4GB Dual review
FSP Dagger Pro (850W PSU) review
Razer Leviathan V2 gaming soundbar review
Guru3D NVMe Thermal Test - the heatsink vs. performance
EnGenius ECW220S 2x2 Cloud Access Point review
Alphacool Eisbaer Aurora HPE 360 LCS cooler review
Noctua NH-D12L CPU Cooler Review
Silicon Power XPOWER XS70 1TB NVMe SSD Review
Hyte Y60 chassis review
New CacheOut Speculative Execution Vulnerability Hits Intel Processors
Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.
Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.
They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely.
Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.
Gomez Addams
Senior Member
Posts: 212
Joined: 2019-04-15
Senior Member
Posts: 212
Joined: 2019-04-15
#5755220 Posted on: 01/28/2020 11:23 PM
There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.
Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
Unfortunately, disabling Intel Hyper-Threading does not cover the case where the attacker and the victim run on the same CPU thread..
There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.
Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
JamesSneed
Senior Member
Posts: 1466
Joined: 2017-02-14
Senior Member
Posts: 1466
Joined: 2017-02-14
#5755234 Posted on: 01/28/2020 11:39 PM
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
squalles
Senior Member
Posts: 917
Joined: 2003-06-10
Senior Member
Posts: 917
Joined: 2003-06-10
#5755239 Posted on: 01/29/2020 12:00 AM
its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come
its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
TieSKey
Senior Member
Posts: 209
Joined: 2015-09-26
Senior Member
Posts: 209
Joined: 2015-09-26
#5755246 Posted on: 01/29/2020 12:33 AM
:-, post: 5755124, member: 173592"]The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.
I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.
Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.
--------------
So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.
The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.
"Attacking Virtual Machines. Another security domain we explore in this paper is the isolation of different virtual machines running on the same physical core. We show that CacheOut is effective at leaking data from both co-resident machines as well as hypervisors. Experimentally evaluating this, we are able to completely de-randomize the Address Space Layout Randomization (ASLR) used by the hypervisor, as well as recover AES keys from another VM."
:-, post: 5755124, member: 173592"]The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.
I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.
Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.
--------------
So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.
The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.
"Attacking Virtual Machines. Another security domain we explore in this paper is the isolation of different virtual machines running on the same physical core. We show that CacheOut is effective at leaking data from both co-resident machines as well as hypervisors. Experimentally evaluating this, we are able to completely de-randomize the Address Space Layout Randomization (ASLR) used by the hypervisor, as well as recover AES keys from another VM."
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 231
Joined: 2016-03-18
No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come