Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review
Radeon Series RX 6700 XT preview & analysis
Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review

New Downloads
GeForce 461.81 hotfix driver download
ClockTuner for Ryzen (CTR) v2.0 RC4 Download
SiSoft Sandra 20/21 download v31.12
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
AIDA64 Download Version 6.32.5644 beta
FurMark Download v1.25
MSI Afterburner 4.6.3 Final Stable Download
Display Driver Uninstaller Download version 18.0.3.7
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download


New Forum Topics
GeForce Hotfix Driver Version 461.81 Is my Rtx 3090 dying? 11700K Retail Review AMD Radeon Software Adrenalin 2020 Edition 21.2.3 NVIDIA GeForce RTX 3080 Ti to get limited for Cryptocurrency Mining Performance Also Windows 10 Enterprise 2016 LTSB (1607) vs Windows 10 1903 tested in 10 games ClockTuner 2.0 for Ryzen (CTR) Guide and download AMD announces Radeon RX 6700 XT 12GB at 479 USD, launches on March 18th Free to grab: Wargame Red Dragon on Epic Games Store VBIOS modded to 1000W for GeForce RTX 3090 Hall Of Fame (HOF) Edition did not yield much




Guru3D.com » News » RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

by Hilbert Hagedoorn on: 05/14/2019 07:38 PM | source: volkskrant.nl | 169 comment(s)
RIDL vulnerability hits Intel  - new Side Channel Attack potentially is worse than Spectre and Meltdown

Dutch researchers discover a major leak in Intel processors that is present in 75% of all computers with an Intel processor. A new threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Researchers at the VU University Amsterdam have discovered a leak in Intel processors that are found in practically every modern computer. This makes it possible to retrieve sensitive data from the memory - such as passwords and bank details.An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations.  Researchers have named a Microarchitectural Data Sampling (MDS) attack and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

According to Herbert Bos, professor of Systems and Network Security at the VU and co-discoverer of the leak, the find shows that contemporary processors have become so complex that chip makers are unable to control security. Last year two major leaks in processors were discovered: called Spectre and Meltdown. Both leaks were closed, but that happened provisionally. Since the vulnerability is in the hardware, it is difficult to fix. In fact, this is only possible with a detour via software updates.

 

 

What is described as Zombieload, RIDL and Fallout can used to attacks victims. Computers with Intel processors are vulnerable. It is estimated that roughly three-quarters of all desktops and laptops are stored in consumers' homes and offices. In the case of the new vulnerability, called RIDL by the researchers, it is a problem with chips specifically from Intel often used in computers and servers. Phones and tablets are virtually unaffected by this, neither are laptops and desktop based on an AMD processor.

  • Website dedicated to all MDS attacks 
  • Bitdefender technical paper
  • Intel on MDS attacks
  • Intel security updates
  • Windows, Mac, Linux, Red Hat, and Google products security updates

A quick fix, "If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors," says VUSec's Pietro Frigo. That would be procs below 8th, 9th Gen Intel CPUs. However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. The researchers reported the vulnerability to Intel in September 2018. 

Update: As we just learned, Intel actually is not recommending disabling hyperthreading. See the following from Intel’s “mitigation” section on the MDS page:

Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.







« ASUSTOR Launches Nimbustor 2 and 4 consumer NAS Servers (w/ 2.5 Gigabit Ethernet) · RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown · HP introduces OMEN X 2S gaming laptop which has an extra 6in second screen »

34 pages 1 2 3 4 > »


Evildead666
Senior Member



Posts: 1302
Joined: 2003-09-14

#5669157 Posted on: 05/14/2019 08:23 PM
Well, for gamers Hyper threading was never a selling point, but for data centers, content creators and people who render/fold/archive data is a big hit in performance.
The more I think, the more an OpenSource CPU seems more and more needed.
RISC-V is sort of open source i think.
ARM would be a good choice.
AMD do look to make bank if they aren't affected.

fantaskarsef
Senior Member



Posts: 12061
Joined: 2014-07-21

#5669158 Posted on: 05/14/2019 08:23 PM
So... who wants to defend Intel, again? :D
Honestly... at this point I'd be stupid not to at least consider an alternative.

chispy
Senior Member



Posts: 8933
Joined: 2006-10-29

#5669161 Posted on: 05/14/2019 08:30 PM
Oh dear here we go again :p , intel fix your cpus once and for all !

zimzoid
Senior Member



Posts: 1443
Joined: 2004-09-06

#5669162 Posted on: 05/14/2019 08:31 PM
Oh well Intel should be replacing my 4930k for the latest equivalent 6 core 12 thread cpu then at no charge... Lol

Alessio1989
Senior Member



Posts: 1915
Joined: 2015-06-11

#5669164 Posted on: 05/14/2019 08:36 PM
The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system

I like that "arbitrary" XD

Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches.

Getting more funnier XD

We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse.

This is gonna be sooooo funny!

Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.

We can build a tragicomedy show on this. They (at Intel) can win an Oscar!

34 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021