Tuesday, March 5th 2019

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.
Source: White Paper
Add your own comment

114 Comments on Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

#76
hat
Enthusiast
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
Posted on Reply
#77
mtcn77
hat, post: 4009191, member: 32804"
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
China? China! China...
Posted on Reply
#78
moproblems99
hat, post: 4009191, member: 32804"
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
Neither of them are that great unless you are doing a smash and grab or get your discrete alley way entry setup.
Posted on Reply
#79
ArbitraryAffection
trparky, post: 4009095, member: 170376"
And yet people still run as admin on Windows. I at least have the common sense to run with UAC enabled.
I run UAC on the recommended setting. But now I have increased to the maximum setting.
Posted on Reply
#80
lexluthermiester
hat, post: 4009191, member: 32804"
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.
Posted on Reply
#81
R-T-B
lexluthermiester, post: 4009089, member: 134537"
Root is nothing more than Administrator functionality. Works the exact same way in Windows. Calling it "game over" is making a mountain out of an ant-hill.
No, it's SYSTEM-account level functionality. Even Windows doesn't give you that. Administrator is a high privilege account. Root is a god account and it does not privilege check. If the compute can do it, it will be done. Root even ignores fs permissions.

lexluthermiester, post: 4009362, member: 134537"
That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.
delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that. ;)
Posted on Reply
#82
lexluthermiester
R-T-B, post: 4009373, member: 41983"
Even Windows doesn't give you that.
It does, but you have to know how. Windows doesn't make it easy, but it can be done.
R-T-B, post: 4009373, member: 41983"
delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that. ;)
Again, it can be done. Not easily, but can be done.
Posted on Reply
#83
BorgOvermind
They should learn to stop bypassing things with such dirty tricks only to show-off in benchmarks.

This is something like checking parity of a file instead of its SHA to see if it's valid (a little exaggerated example, but that's the logic: let's cheat on any possible calculations).

@R-T-B 'Administrator' of Windows OS is the equivalent of SU in Linux.

So yes, the more exact equivalent of root would be the system account in Windows, of which privileges you can assimilate and use if you want.
Posted on Reply
#84
Super XP
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

SoNic67, post: 4007219, member: 152626"
I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
AMD nor ARM are affected by this.
They looked for the same weakness in ARM and AMD processor cores but didn't find the same behaviour that is present in Intel chips. Spoiler depends on "a novel microarchitectural leakage, which reveals critical information about physical page mappings to userspace processes".
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments."
trparky, post: 4006199, member: 170376"
Oh crap... :shadedshu::banghead:
Good news for AMD, Bad news for Intel :D
Posted on Reply
#85
HTC
Super XP, post: 4010346, member: 8670"
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

AMD nor ARM are affected by this.

Good news for AMD, Bad news for Intel:D
No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
Posted on Reply
#86
hat
Enthusiast
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
Posted on Reply
#87
HTC
hat, post: 4010362, member: 32804"
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
Depends on the "cost" of that speed.

I agree that spec - ex is a "key feature" in current CPU's performance but if indeed it turns out that it's performance enhancement comes with too big security risks, than i'd rather have the companies that are most susceptible to be the target of these kinds of exploits (banks, and the like) to have slower CPUs.

Us individuals are much less prone to be the target of such attacks, but this fact doesn't rule it out: keep that in mind.
Posted on Reply
#88
lexluthermiester
hat, post: 4010362, member: 32804"
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
It would literally drop processor performance by 35% to 40%. Granted, for what most people do it would not be so bad or even noticeable. However for any task that requires performance, the difference would be severe.
Posted on Reply
#89
BorgOvermind
@[USER=51238]HTC[/USER] no, this specific issue will not affect the others ever since they didn't cheat on basic processing.

Other vulnerabilities may appear on all, but not this one.
Posted on Reply
#90
Super XP
HTC, post: 4010357, member: 51238"
No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.
Posted on Reply
#91
lexluthermiester
Super XP, post: 4011673, member: 8670"
AMD doesn't have this issue, nor does ARM. As I stated above.
That has yet to be determined by further research.
Super XP, post: 4011673, member: 8670"
The issue here is Intel cheating, where they finally got caught with there pants down.
Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
Posted on Reply
#92
HTC
Super XP, post: 4011673, member: 8670"
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.
Spoiler apparently not, but Spectre yes.

New spec - ex based exploits are being discovered and, for all we know, other exploits just as dangerous or even more so may have been reported to manufacturers already. Remember: this new Spoiler exploit was referred to Intel in December of 2018, but we only found out about it in March 2019.

lexluthermiester, post: 4011682, member: 134537"
That has yet to be determined by further research.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
I'm 100% sure that was the case. However, and if it turns out someone @ design level stages pointed out the potential issues that could arise from it but was ignored in the persuit of performance, then that's a different matter entirely. I'm not talking about Intel only, since AMD and ARM also use spec - ex.
Posted on Reply
#93
BorgOvermind
@[USER=134537]lexluthermiester[/USER] - what they did is like partially processing a password. It's definitely sloppy.
Posted on Reply
#94
Redwoodz
yeeeeman, post: 4006457, member: 127591"
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...
You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
Posted on Reply
#95
BorgOvermind
Guys, this case is too specific to be working cross-vendor.
Posted on Reply
#96
Super XP
Redwoodz, post: 4011790, member: 148684"
You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
Both AMD and ARM have been checked again and again. Intel CPUs starting from its 1st generation Core design are affected. Based on the research that found this vulnerability.
Posted on Reply
#97
moproblems99
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
Posted on Reply
#98
Super XP
moproblems99, post: 4011931, member: 155919"
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

lexluthermiester, post: 4011682, member: 134537"
That has yet to be determined by further research.
The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.
They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.


Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
Posted on Reply
#99
moproblems99
Super XP, post: 4012201, member: 8670"
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol
As they should have. The only way this was getting fixed was with a new architecture. And it wasn't like they weren't working on one.

Super XP, post: 4012201, member: 8670"
I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
More like they were pursuing performance not benchmarks.
Posted on Reply
#100
Super XP
With regards to New Architecture, that's why they hired Jim Keller. The lead engineer for ZEN.
I would guesstimate Intel will have something new in 2023-2025. Based on how long AMDs ZEN took.
Posted on Reply
Add your own comment