Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Backforce One Plus Gaming Chair review
ASUS GeForce RTX 3080 Noctua OC review
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review

New Downloads
Corsair Utility Engine Download (iCUE) Download v4.24.193
Intel HD graphics Driver Download Version: 30.0.101.1994
GeForce 512.95 WHQL driver download
AMD Radeon Software Adrenalin 22.5.2 driver download
AIDA64 Download Version 6.70
FurMark Download v1.30
Display Driver Uninstaller Download version 18.0.5.1
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24


New Forum Topics
[3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) AMD reaffirms that the 5.5+ GHz of the Ryzen 7000 in the presentations was achieved without overclocking A 500Hz refresh rate NVIDIA G-Sync compatible gaming LCD is in the works NVIDIA DLSS Extends Support for 12 More Games including Hitman 3 and F1 22 Has anyone ever had an issue where the PCIE Root ports are installed as PCI-PCI Bridges instead? The AMD Ryzen All In One Thread /Overclocking/Memory Speeds & Timings/Tweaking/Cooling Part 2 NVIDIA GeForce 512.95 WHQL driver download & Discussion RTX 3080 fans go crazy 3080 Ti Owner's thread AMD Announces Ryzen 7000 - passing 5.5 GHz 15% Single Thread perf Increase - RDNA2




Guru3D.com » News » RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown

by Hilbert Hagedoorn on: 05/14/2019 08:38 PM | source: volkskrant.nl | 169 comment(s)
RIDL vulnerability hits Intel  - new Side Channel Attack potentially is worse than Spectre and Meltdown

Dutch researchers discover a major leak in Intel processors that is present in 75% of all computers with an Intel processor. A new threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Researchers at the VU University Amsterdam have discovered a leak in Intel processors that are found in practically every modern computer. This makes it possible to retrieve sensitive data from the memory - such as passwords and bank details.An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations.  Researchers have named a Microarchitectural Data Sampling (MDS) attack and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

According to Herbert Bos, professor of Systems and Network Security at the VU and co-discoverer of the leak, the find shows that contemporary processors have become so complex that chip makers are unable to control security. Last year two major leaks in processors were discovered: called Spectre and Meltdown. Both leaks were closed, but that happened provisionally. Since the vulnerability is in the hardware, it is difficult to fix. In fact, this is only possible with a detour via software updates.

 

 

What is described as Zombieload, RIDL and Fallout can used to attacks victims. Computers with Intel processors are vulnerable. It is estimated that roughly three-quarters of all desktops and laptops are stored in consumers' homes and offices. In the case of the new vulnerability, called RIDL by the researchers, it is a problem with chips specifically from Intel often used in computers and servers. Phones and tablets are virtually unaffected by this, neither are laptops and desktop based on an AMD processor.

  • Website dedicated to all MDS attacks 
  • Bitdefender technical paper
  • Intel on MDS attacks
  • Intel security updates
  • Windows, Mac, Linux, Red Hat, and Google products security updates

A quick fix, "If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors," says VUSec's Pietro Frigo. That would be procs below 8th, 9th Gen Intel CPUs. However, in several research papers published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. The researchers reported the vulnerability to Intel in September 2018. 

Update: As we just learned, Intel actually is not recommending disabling hyperthreading. See the following from Intel’s “mitigation” section on the MDS page:

Once these updates are applied, it may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS.







« ASUSTOR Launches Nimbustor 2 and 4 consumer NAS Servers (w/ 2.5 Gigabit Ethernet) · RIDL vulnerability hits Intel - new Side Channel Attack potentially is worse than Spectre and Meltdown · HP introduces OMEN X 2S gaming laptop which has an extra 6in second screen »

34 pages 1 2 3 4 > »


anticupidon



Posts: 6751
Joined: 2008-03-06

#5669145 Posted on: 05/14/2019 08:48 PM
What.the.actual.Fxxx Intel??

Will sell my Intel as soon as someone will offer some money, will not bargain, just have it sold.
Out, out out with it.

Evildead666
Senior Member



Posts: 1309
Joined: 2003-09-14

#5669151 Posted on: 05/14/2019 09:02 PM
Thats a pretty big problem there.

tsunami231
Senior Member



Posts: 12797
Joined: 2003-05-24

#5669152 Posted on: 05/14/2019 09:07 PM
well, it has been to long since the last vulnerablity has be outted. Intel is in the news yet again. more performance hits incoming.

Evildead666
Senior Member



Posts: 1309
Joined: 2003-09-14

#5669153 Posted on: 05/14/2019 09:10 PM
So, all those people with i7's are just to make them i5's, without the HT ?
I'm not sure if this is a temporary measure,or as well as the microcode updates.
edit : as well as, apparently.

anticupidon
Senior Member



Posts: 6751
Joined: 2008-03-06

#5669154 Posted on: 05/14/2019 09:12 PM
Well, for gamers Hyper threading was never a selling point, but for data centers, content creators and people who render/fold/archive data is a big hit in performance.
The more I think, the more an OpenSource CPU seems more and more needed.

34 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022