Crosstalk vulnerability in Intel processors allows information to be extracted from other cores

#5798197

k3vst3r

2020-06-11 09:28

This affect newer chips like 10900k?

#5798209

Fox2232

2020-06-11 09:39

Only important thing is performance loss. What @user1 wrote indicates that for certain instructions, loss is up to 97%.

#5798210

asturur

2020-06-11 09:41

I wanted to ask here exactly, what are those instructions doing? Because in this case would be better to patch compilers to use them as less as possible.

#5798211

Fox2232

2020-06-11 09:43

asturur:

I wanted to ask here exactly, what are those instructions doing? Because in this case would be better to patch compilers to use them as less as possible.

In that case Attacker will likely use his own tooling to maximize potential. When using default tooling will result in 100 times longer data extraction, it is easier to just use pre-patch compiler.

#5798212

Goiur

2020-06-11 09:51

New arq cant come soon enough for intel...

#5798215

Undying

2020-06-11 10:07

https://imagehost.imageupload.net/2020/06/11/159186270721914171.jpg

#5798227

Glottiz

2020-06-11 10:35

k3vst3r:

This affect newer chips like 10900k?

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

#5798230

sbacchetta

2020-06-11 10:41

Intel is lucky that their server customer can't just jump to Epyc solution in the snap of a finger...

#5798231

k3vst3r

2020-06-11 10:48

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

Believe attacker can access crypto keys on Intel chips? meaning padlock symbol for SSH is useless whilst entering credit card information as one example. Hackers stealing your money no big deal?

#5798235

Fox2232

2020-06-11 10:52

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

Nobody will ever tell you story of how his SPI got out. Because they themselves will not know details even in case it was cyber attack.

#5798236

kanenas

2020-06-11 10:58

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

Tell that to 10 biggest data centers providers on the planet tell that to Oracle, Google,etc, atc even Nvidia now is using Epyc lol next 2 years gone by difficult for Intel at least for cpus.

#5798240

asturur

2020-06-11 11:09

Fox2232:

In that case Attacker will likely use his own tooling to maximize potential. When using default tooling will result in 100 times longer data extraction, it is easier to just use pre-patch compiler.

This wasn't a solution for security, but for performance. You patch the CPU, but also for performance related application now you avoid those instructions if possible.

#5798241

asturur

2020-06-11 11:11

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

They mean for the end user when they can be exploited by a malicious software to overcome some anti-malicious software or when the patches gets embedded in windows and you loose performance. The gamer is obviously looking at that, eventual performance loss that he wasn't planning to have. I want to install the window patches as they come, i do not want to invest time in discarding the one that may affect performances.

#5798267

Rich_Guy

2020-06-11 12:31

https://thumbs.gfycat.com/FlakyCircularHamadryad-small.gif

#5798283

JAMVA

2020-06-11 13:39

The Cheese is getting mouldy Intel o_O

#5798288

Fender178

2020-06-11 13:56

Well this is not good for Intel. I am glad that I am switching to AMD for my CPU. Well I guess it is safe to assume that CPUs below Broadwell are effected by this as well.

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

You are 100% wrong the end user would be the most likely effected group of this vulnerability if they don't know what they are doing.

#5798296

schmidtbag

2020-06-11 14:30

Kinda funny when you think about it: Zen2's rdrand was dysfunctional to the point that AMD's fix was basically to disable it. Thanks to security issues, Intel's rdrand is crippled so badly that it might as well be disabled. I think we can effectively declare this instruction as obsolete.

Glottiz:

Who cares. None of these Intel "vulnerabilities" mean anything for end user. I have old intel CPU. Old mobo. No BIOS patches. The only security patches I have is what windows update provided. And guess what? I haven't had any issues, and I don't know anyone else who had.

I don't know how many times it needs to be said: The entire reason these vulnerabilities are scary is because you can't detect them. You're not supposed to know if they're exploited; that's the whole point.

#5798303