New PlunderVolt Vulnrebility Hits Intel processors - vCore vs Intel SGX

Published by

Click here to post a comment for New PlunderVolt Vulnrebility Hits Intel processors - vCore vs Intel SGX on our message forum
#5740018
https://forums.guru3d.com/data/avatars/m/258/258664.jpg
https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/ https://www.semiaccurate.com/2019/12/10/intels-benchmarking-antics-questioned/
GuruBjörn:

According to Intel, the following CPU series are vulnerable to Plundervolt attacks: Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors Intel® Xeon® Processor E3 v5 & v6 Intel® Xeon® Processor E-2100 & E-2200 families The vulnerability was reported to Intel in early June, and the company has now developed microcode updates that allow undervolting to be disabled. This is of course only a workaround, a real cleanup would only be possible - once again - by hardware changes.
Finally my current CPU is old enough to not be vulvernable...
#5740025
https://forums.guru3d.com/data/avatars/m/227/227994.jpg
Merry Christmas Intel, and a Happy New Year >: )
#5740029
https://forums.guru3d.com/data/avatars/m/258/258664.jpg
sverek:

Laughs in Sandy Bridge
And I'm in the process of planning my next upgrade... so I can make use of this vulvernability again! (j/k, going red this time)
#5740049
https://forums.guru3d.com/data/avatars/m/272/272525.jpg
This has become such a sad joke at this point we're even considering replacing Intel servers with AMD ones at work. It would actually save us money when we don't have to buy vendor support just to patch the firmware every time a new Intel vulnerability is discovered.
#5740051
https://forums.guru3d.com/data/avatars/m/258/258664.jpg
QBI:

This has become such a sad joke at this point we're even considering replacing Intel servers with AMD ones at work. It would actually save us money when we don't have to buy vendor support just to patch the firmware every time a new Intel vulnerability is discovered.
Makes sense. Although I have to say, until most of the hardware is AMD, when exploiters hit their weaknesses with force, the tables turning again... etc. etc.
#5740100
https://forums.guru3d.com/data/avatars/m/248/248283.jpg
Aw shit here we go again.
#5740103
https://forums.guru3d.com/data/avatars/m/198/198862.jpg
Intell is on the roll. Nothing is going in their favor lately.
#5740109
https://forums.guru3d.com/data/avatars/m/238/238382.jpg
TheDeeGee:

Merry Christmas Intel, and a Happy New Year >: )
*Keeps shooting dead body with tommy gun* I can't remember what that was from but it's what popped in my head when reading your comment..
#5740111
data/avatar/default/avatar18.webp
*sighs* I was going to give my 4790 to me nephew, not I feel guilty in doing so. Looks like a ryzen 2600 will be it.
#5740191
data/avatar/default/avatar40.webp
QBI:

This has become such a sad joke at this point we're even considering replacing Intel servers with AMD ones at work. It would actually save us money when we don't have to buy vendor support just to patch the firmware every time a new Intel vulnerability is discovered.
The joke is that some people think this is a serious security issue in home computer.
#5740195
data/avatar/default/avatar19.webp
fantaskarsef:

Makes sense. Although I have to say, until most of the hardware is AMD, when exploiters hit their weaknesses with force, the tables turning again... etc. etc.
The thing about that is the independent security analyst have generally been testing AMD CPUs as well. Beyond the initial wave that effected even ARM CPUs, AMD has seemingly been in the clear.
#5740204
data/avatar/default/avatar05.webp
Margalus:

The joke is that some people think this is a serious security issue in home computer.
One of previous exploits TPM fail, allowed the extraction of TPM keys via thousands of SSL requests. If someone needed 45,000 clients to support in such an attack, I wonder where they'd come from. Let any one of these exploits end up being wormable and yeah it would still be an issue for home users. Something like stuxnet had a definite specific target, but ended up everywhere else. The exploit that was based on could certainly have transformed in to anything else for any other purpose. I don't consider these things as completely non-issues for home users.
#5740242
data/avatar/default/avatar32.webp
CVE score at least of 7.9, good job Intel! Nice to have an escalation of privileges to take control over AES data... https://plundervolt.com/doc/plundervolt.pdf
Margalus:

The joke is that some people think this is a serious security issue in home computer.
This is serious, it is at least a CVE score of 7.9, on a hardware component (which need BIOS patching) involving at least 5 generations of intel core processors. Spectre wasn't serious, but this is: easy to trigger, easy to replicate, easy to code and once is done the attacker has full access to everything, no software can help this, only a firmware update. What could be worst? A version with remote target or lower privileges required.
#5740244
https://forums.guru3d.com/data/avatars/m/225/225084.jpg
Intel more holes than a 20 year old pub dart board.
#5740246
data/avatar/default/avatar27.webp
when looking at these report.... its looks bad with all these vulnerability report on intel cpu, yet i have to read someone really successful using the exploit in real world, that infecting few dozen user PC when that happen it will obviously get red-flag, not only "yellow-ish-flag" and again people think the OS(windows) itself, or even the user itself complete free from exploit ? if yes, then why till now, there still lots of people getting scammed ? in the end there nothing perfect, everything exploitable it just for user obviously we prefer "safer" product.... but if we realize it again that "safer" one is just like the word said, "safer" aka. more-safe than other, and Not complete/perfect-safe either
#5740247
data/avatar/default/avatar35.webp
slyphnier:

when looking at these report.... its looks bad with all these vulnerability report on intel cpu, yet i have to read someone really successful using the exploit in real world, that infecting few dozen user PC when that happen it will obviously get red-flag, not only "yellow-ish-flag" and again people think the OS(windows) itself, or even the user itself complete free from exploit ? if yes, then why till now, there still lots of people getting scammed ? in the end there nothing perfect, everything exploitable it just for user obviously we prefer "safer" product.... but if we realize it again that "safer" one is just like the word said, "safer" aka. more-safe than other, and Not complete/perfect-safe either
Not all exploits and bugs are the same. A CVE score of at least 7.9 on a hardware component is really serious, especially if the only solution is a firmware update. If you read the paper you can clearly see how easily is manipulate AES with this.
#5740252
https://forums.guru3d.com/data/avatars/m/263/263710.jpg
Any patch coming soon will SURELY affect overclockers!
#5740266
data/avatar/default/avatar15.webp
KissSh0t:

*Keeps shooting dead body with tommy gun* I can't remember what that was from but it's what popped in my head when reading your comment..
Home Alone movie, the kid uses that scene from a movie on tv to freak out the hotel staff. Not sure if the other movie was a real one or not.
#5740275
https://forums.guru3d.com/data/avatars/m/202/202673.jpg
Reddoguk:

Intel more holes than a HOLE
Fixed that for ya...o_O

Next Page