New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors

Published by

Click here to post a comment for New ‘Zombieload’ variant flaw hits Intel 2013 up-to Cascade Lake processors on our message forum
#5730632
https://forums.guru3d.com/data/avatars/m/189/189980.jpg
Already patches are available in the Linux kernel, patches are applied in production servers. Can't say diddle about Windows, maybe there are updates coming in the mainstream updates. Patch is also available for rolling distros, already patched my I7 Thinkpad running Arch. Will run some Phoronix tests , to see how impacts performance, if at all.
#5730636
data/avatar/default/avatar36.webp
Another interesting read by Red Hat, thanks for sharing. Also the Intel comments over at Phoronix are hilarious.
#5730668
https://forums.guru3d.com/data/avatars/m/232/232130.jpg
K.S.:

[youtube=zaTxBZXE9pQ]
such UI, much skills. mmmmmmmmm 100% 1337 hAx0r.
#5730672
https://forums.guru3d.com/data/avatars/m/266/266726.jpg
anticupidon:

"The Zombieload vulnerability disclosed earlier this year in May has a second variant that also works against more recent Intel processors, not just older ones, including Cascade Lake, Intel's latest line of high-end CPUs -- initially thought to have been unaffected." https://techcrunch.com/2019/11/12/intel-cascade-lake-zombieload/ https://www.theregister.co.uk/2019/11/12/zombieload_cpu_attack/ https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/ Well, Intel made it back to square one. But, wait, there is more: " But bad news never comes alone. The same research team who found Zombieload v1 and v2, also found an issue with Intel's original patches for the four MDS attacks disclosed in May." If you want to learn more, here is a technical document about this type of atack https://zombieloadattack.com/zombieload.pdf And more in-depth stuff from RedHat, because of Linux servers. https://access.redhat.com/solutions/tsx-asynchronousabort What do you guys think about this ?
looks pretty bad, apparently this one works even if smt is disabled that and there is another unrelated bug(JCC) on skylake and newer, that needs a microcode patch, and has a nasty performance hit aswell, upto a 4% performance hit just from that alone,requires applications to be recompiled to mitigate the performance hit... ouch
#5730741
data/avatar/default/avatar19.webp
user1:

Looks like games will likely need to be rebenched on skylake+ intel chips after the microcode update drops on windows. phoronix is showing significant impact on several cpu bound games on linux https://www.phoronix.com/scan.php?page=article&item=intel-jcc-gaming&num=1 @Hilbert Hagedoorn
Why? It's not fun to kick a man when there down. I personally feel sorry for intel I don't want AMD to rain king, I want even competition. Does anyone remembers when AMD's FX62 cost like 1K yea no different to intel extreme CPUs.
#5730743
https://forums.guru3d.com/data/avatars/m/258/258664.jpg
Angushades:

Why? It's not fun to kick a man when there down. I personally feel sorry for intel I don't want AMD to rain king, I want even competition. Does anyone remembers when AMD's FX62 cost like 1K yea no different to intel extreme CPUs.
I think you have the wrong perspective here: Intel's far from down. They have billions of USD still in their war chest to battle AMD's offerings... not via better tech, but via marketing, OEM contracts and many things we probably don't even know. So they are still sitting on their high horse... they're just being sprayed with dirt. They have not invested those $ 3 billion in new fabs, more R&D, or speeding up any advancements... they are just blocking their competition. Which has been on the ground for years, kicking them. So they are doing just exactly what you don't like. Serves them right to taste their own medicine, imho. And, to be fair, ultimately you want competition, we all want to, which can only end up with somebody being on top. The question is, do you want it to be because of better tech or better marketing / business plans?
#5730750
https://forums.guru3d.com/data/avatars/m/267/267787.jpg
Isn't this the new Intel chips with the new hardware security layer build in to prevent these kind of attacks? Intel just can't get a break from all these vulnerabilities.
#5730752
https://forums.guru3d.com/data/avatars/m/189/189980.jpg
Sadly, yes. I didn't post this to bash Intel, this affects everyone. And we should learn something from it.
#5730758
https://forums.guru3d.com/data/avatars/m/266/266726.jpg
Angushades:

Why? It's not fun to kick a man when there down. I personally feel sorry for intel I don't want AMD to rain king, I want even competition. Does anyone remembers when AMD's FX62 cost like 1K yea no different to intel extreme CPUs.
Seems pretty resonable to me to update benchmark data when it is no longer accurately reflecting the product. Normally this type of thing would make little difference, 1-2% isnt a big deal, but this time is significant, one of the tested titles in the phoronic article loses 8%, and is accompanied with worst of all , frame time spikes in several titles. If I was in the market for a "gaming" cpu i would certainly like to know the extent of the issue before making a purchase.
#5730767
https://forums.guru3d.com/data/avatars/m/232/232130.jpg
anticupidon:

And we should learn something from it.
Shintel bad, AyyMD gut.
#5730773
https://forums.guru3d.com/data/avatars/m/246/246564.jpg
anticupidon:

Sadly, yes. I didn't post this to bash Intel, this affects everyone. And we should learn something from it.
Make your next CPU an AMD? That's my only takeaway from this so far.
#5730778
data/avatar/default/avatar20.webp
fantaskarsef:

I think you have the wrong perspective here: Intel's far from down. They have billions of USD still in their war chest to battle AMD's offerings... not via better tech, but via marketing, OEM contracts and many things we probably don't even know. So they are still sitting on their high horse... they're just being sprayed with dirt. They have not invested those $ 3 billion in new fabs, more R&D, or speeding up any advancements... they are just blocking their competition. Which has been on the ground for years, kicking them. So they are doing just exactly what you don't like. Serves them right to taste their own medicine, imho. And, to be fair, ultimately you want competition, we all want to, which can only end up with somebody being on top. The question is, do you want it to be because of better tech or better marketing / business plans?
Good points and yea off course better tech.
#5730789
https://forums.guru3d.com/data/avatars/m/247/247876.jpg
I still don`t care. My home and work rigs (with Intel inside) work just fine for my needs.
#5730813
https://forums.guru3d.com/data/avatars/m/260/260828.jpg
Another month, another hole in Intel Swiss cheese inside
#5730861
https://forums.guru3d.com/data/avatars/m/108/108420.jpg
...allows hackers with physical access to a device...
That's where I stopped reading. 🙄
#5730871
https://forums.guru3d.com/data/avatars/m/227/227994.jpg
Everytime i read news like this i have to chuckle, despite owning a Swiss Cheese myself.
#5730887
https://forums.guru3d.com/data/avatars/m/270/270233.jpg
Oy, another one. Intel probably needs to completely redesign their CPUs to avoid these issues. Makes me glad I switched to the red team.
spine:

That's where I stopped reading. 🙄
You'd be surprised how easily people can gain access to a restricted workplace. The office where I work deals with sensitive client data and needs a keypass to enter but people regularly allow tailgating - that is, employees hold the door open for someone else. I also see a lot of people leave their computer unlocked when they walk away, allowing anyone in the building access to the system (both of these are against the company's security policy, which we take annual courses for). People do them because a) they want to be nice and b) they're lazy.
#5730888
https://forums.guru3d.com/data/avatars/m/165/165018.jpg
I guess it's a good thing most people are willing to ignore security.

Next Page