Yet another Intel CPU security vulnerability!

humbug · 7 Mar 2020 at 18:32

b00merang69 said:
Posted here (I did use search and "AMD" as keyword and looked back 2-3 page of results)?

As to the other question(s) why ask me or where they rhetorical?

No it fine, your post only contained the forum link when i started my reply.

Edit: all of them were posted in the last few minutes...

Edit 2: your first link no longer works, it just takes me to the forum main page.

Rroff · 7 Mar 2020 at 18:33

Vince said:
@Rroff is this the beginning of the end for intels management engine. I remember a discussion we had about when the ME becomes a target. Would be interested to hear your thoughts.

The real issue is if a remote execution vulnerability is found in it though this will raise a lot of concerns for supposedly secure enterprise environments, etc.

If a way to exploit it from the internet is found it is game over for Intel systems as like above being largely ROM based and with its position in the system there are limits to mitigations.

Vince · 7 Mar 2020 at 18:40

Rroff said:
The real issue is if a remote execution vulnerability is found in it though this will raise a lot of concerns for supposedly secure enterprise environments, etc.

If a way to exploit it from the internet is found it is game over for Intel systems as like above being largely ROM based and with its position in the system there are limits to mitigations.

So all good still, good news for everybody really. A space to keep watching for sure. At this point the poor ladys and fellas at Intel desperately need a new arch. I wonder if they go completely ground up... I hope they do.

b00merang69 · 7 Mar 2020 at 18:43

@humbug: They must have moved the topic, I fixed it again.

humbug · 7 Mar 2020 at 18:45

Vince said:
So all good still, good news for everybody really. A space to keep watching for sure. At this point the poor ladys and fellas at Intel desperately need a new arch. I wonder if they go completely ground up... I hope they do.

They must and they will, monolithic architectures have reached their scaleability end, perhaps not limits but certainly the end of line, the "Glue" scales well beyond what you can do with monolithic already and much more cost effectively, If Intel don't follow suit they will eventually become irrelevant.

That requires a ground up redesign.

Vince · 7 Mar 2020 at 18:48

humbug said:
They must and they will, monolithic architectures have reached their scaleability end, perhaps not limits but certainly the end of line, the "Glue" scales well beyond what you can do with monolithic already and much more cost effectively, If Intel don't follow suit they will eventually become irrelevant.

That requires a ground up redesign.

Not necessarily, if they had the fabric tech to link the current designs together they would, 100%

Rroff · 7 Mar 2020 at 18:53

Vince said:
Not necessarily, if they had the fabric tech to link the current designs together they would, 100%

Intel has had patents and published papers on it going back to around 2005 or something I expect they were planning on it at 7nm.

humbug · 7 Mar 2020 at 18:53

Vince said:
Not necessarily, if they had the fabric tech to link the current designs together they would, 100%

Those 28 core dies are too big to be cost effective, sure Intel are selling them for Peanuts now but that's only to stop AMD from completely romping away with Intel's market share, they have enough spare cash lying around to given them away for now but eventually they will have to meet AMD on cost terms.

b00merang69 · 7 Mar 2020 at 18:58

I was an AMD fanboy (CPU side) and they won the GHZ race and had some very good CPU's after that but intel learned by the mess of a Prescott P4 and went back to the drawing board with the better P3 tech and built on it with a lower clock that P4's (at end up with those crazy throttling EE's)) but dual cores and Core2Duo was born which was again an amazing CPU.

I think they will do the same again, it happens and happened to AMD with poor CPU's for years until recently and Nvidia with the 5800/5900 series before having to jump to a new process and make a good comeback

Aretak · 7 Mar 2020 at 19:03

b00merang69 said:
AMD processors from 2011 to 2019 vulnerable to two new attacks

It didn't take people long to notice that Intel partially funded this research.

Not the first time they've responded to vulnerabilities of their own coming to light by paying someone to say AMD has them too either.

b00merang69 · 7 Mar 2020 at 19:07

So long as result are factual I do not see any issue with who partly funded it, it could have been a kitty to test all vendors CPU's

humbug · 7 Mar 2020 at 19:07

b00merang69 said:
I was an AMD fanboy (CPU side) and they won the GHZ race and had some very good CPU after that but intel learned by the mess of a a P4 and went back to the drawing board with the better P3 tech and built on it with a lower clock that P4's (at end up with those crazy throttling EE's)) but dual cores and Core2Duo was born which was again an amazing CPU.

I think they will do the same again, it happens and happened to AMD with poor CPU's for years until recently and Nvidia with the 5800/5900 series before having to jump to a new process and make a good comeback

There is a bit more to it than that, AMD's Athlon series never really made it big, Because Intel illegally starved AMD of sales and with that cash by paying the big players not to use AMD's CPU's, its how Dell actually got so big, massive payoffs from Intel in return for excluding AMD CPU's from their products.

You don't have any money you can't R&D, it led to AMD being on the brink of bankruptcy with crappy CPU's.

Personally i don't rate Intel much as CPU architects, but they do have a vast amount of money and can buy their way out of pretty much any problem.

humbug · 7 Mar 2020 at 19:08

Aretak said:
It didn't take people long to notice that Intel partially funded this research.

Not the first time they've responded to vulnerabilities of their own coming to light by paying someone to say AMD has them too either.

Yeah, perfect timing...... just as i was saying: >

humbug said:
There is a bit more to it than that, AMD's Athlon series never really made it big, Because Intel illegally starved AMD of sales and with that cash by paying the big players not to use AMD's CPU's, its how Dell actually got so big, massive payoffs from Intel in return for excluding AMD CPU's from their products.

You don't have any money you can't R&D, it led to AMD being on the brink of bankruptcy with crappy CPU's.

Personally i don't rate Intel much as CPU architects, but they do have a vast amount of money and can buy their way out of pretty much any problem.

Aretak · 7 Mar 2020 at 19:17

b00merang69 said:
So long as result are factual I do not see any issue with who partly funded it, it could have been a kitty to test all vendors CPU's

Could be, but at the very least it's reason to be suspicious, and given the way Intel and CTS Labs acted with "Ryzenfall", they in no way deserve the benefit of the doubt. The author of this paper has acknowledged that these vulnerabilities are relatively minor though:

Rroff · 7 Mar 2020 at 19:20

Aretak said:
Could be, but at the very least it's reason to be suspicious, and given the way Intel and CTS Labs acted with "Ryzenfall", they in no way deserve the benefit of the doubt. The author of this paper has acknowledged that these vulnerabilities are relatively minor though:

Something I would say here - the first Intel exploits just leaked a few "bit of meta-data" but then people worked out how to use it to get progressively deeper.

IT Troll · 8 Mar 2020 at 09:59

If you read the paper, some of that meta-data was secret encryption keys from AES tables. They also describe a memory attack using JavaScript from within Chrome and Firefox. Hmm, starting to sound very familiar...

The reality in both the Intel and AMD cases is that these are academic proof of concepts demonstrated on specially prepared Linux machines. They are very low concern/impact for the typical home user.

Panos · 8 Mar 2020 at 12:53

IT Troll said:
If you read the paper, some of that meta-data was secret encryption keys from AES tables. They also describe a memory attack using JavaScript from within Chrome and Firefox. Hmm, starting to sound very familiar...

The reality in both the Intel and AMD cases is that these are academic proof of concepts demonstrated on specially prepared Linux machines. They are very low concern/impact for the typical home user.

One thing. This "vulnerability" on the L1 on AMD cpus, is similar to screaming with glee that you picked a lock, when behind there is another lock that's impossible to pick.

And to be more technical they isolated a specific L1 design and simulated an attack against it, ignoring the entire CPU design as a holistic attack would encounter and be nullified.

CAT-THE-FIFTH · 10 Mar 2020 at 19:19

Another day,another Intel exploit:
https://www.theregister.co.uk/2020/03/10/lvi_reverse_meltdown_intel_attack/

jigger · 10 Mar 2020 at 20:08

CAT-THE-FIFTH said:
Another day,another Intel exploit:
https://www.theregister.co.uk/2020/03/10/lvi_reverse_meltdown_intel_attack/

50% plus performance hit and upto 19x!

Ouch.

Tetras · 10 Mar 2020 at 20:15

I'm starting to wonder what useful service these researchers are providing, because if it wasn't for them, would any of this stuff actually be known or useful to anybody? Sure, someone might figure it out on their own, but apart from spies or engineers, who has that kind of expertise? If they're killing my FPS for their willy waving, I'm not amused.