Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review
Radeon Series RX 6700 XT preview & analysis
Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review

New Downloads
GeForce 461.81 hotfix driver download
ClockTuner for Ryzen (CTR) v2.0 RC4 Download
SiSoft Sandra 20/21 download v31.12
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
AIDA64 Download Version 6.32.5644 beta
FurMark Download v1.25
MSI Afterburner 4.6.3 Final Stable Download
Display Driver Uninstaller Download version 18.0.3.7
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download


New Forum Topics
Is my Rtx 3090 dying? 11700K Retail Review AMD Radeon Software Adrenalin 2020 Edition 21.2.3 NVIDIA GeForce RTX 3080 Ti to get limited for Cryptocurrency Mining Performance Also Windows 10 Enterprise 2016 LTSB (1607) vs Windows 10 1903 tested in 10 games ClockTuner 2.0 for Ryzen (CTR) Guide and download AMD announces Radeon RX 6700 XT 12GB at 479 USD, launches on March 18th Free to grab: Wargame Red Dragon on Epic Games Store VBIOS modded to 1000W for GeForce RTX 3090 Hall Of Fame (HOF) Edition did not yield much Restarting dlss option giving me 4 fps boost in Control - question




Guru3D.com » News » RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

by Hilbert Hagedoorn on: 05/14/2019 07:38 PM | source: volkskrant.nl | 169 comment(s)
RIDL vulnerability hits Intel  - new Side Channel Attack potentially is worse than Spectre and Meltdown

Dutch researchers discover a major leak in Intel processors that is present in 75% of all computers with an Intel processor. A new threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Researchers at the VU University Amsterdam have discovered a leak in Intel processors that are found in practically every modern computer. This makes it possible to retrieve sensitive data from the memory - such as passwords and bank details.An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations.  Researchers have named a Microarchitectural Data Sampling (MDS) attack and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

According to Herbert Bos, professor of Systems and Network Security at the VU and co-discoverer of the leak, the find shows that contemporary processors have become so complex that chip makers are unable to control security. Last year two major leaks in processors were discovered: called Spectre and Meltdown. Both leaks were closed, but that happened provisionally. Since the vulnerability is in the hardware, it is difficult to fix. In fact, this is only possible with a detour via software updates.

 

 

What is described as Zombieload, RIDL and Fallout can used to attacks victims. Computers with Intel processors are vulnerable. It is estimated that roughly three-quarters of all desktops and laptops are stored in consumers' homes and offices. In the case of the new vulnerability, called RIDL by the researchers, it is a problem with chips specifically from Intel often used in computers and servers. Phones and tablets are virtually unaffected by this, neither are laptops and desktop based on an AMD processor.

  • Website dedicated to all MDS attacks 
  • Bitdefender technical paper
  • Intel on MDS attacks
  • Intel security updates
  • Windows, Mac, Linux, Red Hat, and Google products security updates

A quick fix, "If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors," says VUSec's Pietro Frigo. That would be procs below 8th, 9th Gen Intel CPUs. However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. The researchers reported the vulnerability to Intel in September 2018. 

Update: As we just learned, Intel actually is not recommending disabling hyperthreading. See the following from Intel’s “mitigation” section on the MDS page:

Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.







« ASUSTOR Launches Nimbustor 2 and 4 consumer NAS Servers (w/ 2.5 Gigabit Ethernet) · RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown · HP introduces OMEN X 2S gaming laptop which has an extra 6in second screen »

34 pages « 2 3 4 5 > »


TheDeeGee
Senior Member



Posts: 6974
Joined: 2010-08-28

#5669165 Posted on: 05/14/2019 08:39 PM
On the bright side, disabling HT will make my OCed 4770K 6-8C cooler... >_>

D3M1G0D
Senior Member



Posts: 2068
Joined: 2017-03-10

#5669166 Posted on: 05/14/2019 08:39 PM
RISC-V is sort of open source i think.
ARM would be a good choice.
AMD do look to make bank if they aren't affected.
It says in the article that AMD desktops and laptops aren't affected.

stereoman
Senior Member



Posts: 785
Joined: 2011-12-06

#5669169 Posted on: 05/14/2019 08:41 PM
Not saying these aren't real vulnerabilities but I do think it's a little fishy every time we get a fix it involves some kind of performance hit, next fix will probably involve disabling cores, eventually even switching the computer on will be a security risk, guess I'm going to have to order that faraday cage after all :confused:

Evildead666
Senior Member



Posts: 1302
Joined: 2003-09-14

#5669170 Posted on: 05/14/2019 08:43 PM
It says in the article that AMD desktops and laptops aren't affected.

I read that as virtually unaffected, gave me doubt.

Kaarme
Senior Member



Posts: 2270
Joined: 2013-03-10

#5669171 Posted on: 05/14/2019 08:45 PM
The market won't care at all, though, as usual. Intel still can't produce as much CPUs as they could sell, allowing them to keep the prices up.

They should call their next CPU Sieve Lake.

34 pages « 2 3 4 5 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021