Tuesday, March 5th 2019

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.
Source: White Paper
Add your own comment

114 Comments on Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

#101
moproblems99
Super XP said:
With regards to New Architecture, that's why they hired Jim Keller. The lead engineer for ZEN.
I would guesstimate Intel will have something new in 2023-2025. Based on how long AMDs ZEN took.
You can accelerate that some because of Intel's deep pockets.
Posted on Reply
#102
lexluthermiester
Super XP said:
I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
That's the problem, who would do that deliberately? Intel is known for taking risks, but not foolish risks.
Posted on Reply
#103
John Naylor
There's a risk of me leaving my house and walking across the road blindfolded. My problem with these 'vulnerabilities' is that they are written like we are talking "crossing the 10 lanes of "the 405" during rush hour. The reality is the risk is more like walking across my 10 foot wide driveway at 3 am to *water* my favorite tree... I'm 550 feet back from a road that has traffic counts that might hit 20 cars (both lanes combined) per hour at 5 pm. Biggest risk here is I'll step on a racoon .. they pretty balzy around here. You can walk right up to them at night, they won't move if their in feasting out of ya garbage can till ya get within 3 feet or so. was easier when I was managing ittle League and always had a 5 gallon spackle "bucke of balls" at the door.
Posted on Reply
#104
moproblems99
John Naylor said:
There's a risk of me leaving my house and walking across the road blindfolded. My problem with these 'vulnerabilities' is that they are written like we are talking "crossing the 10 lanes of "the 405" during rush hour. The reality is the risk is more like walking across my 10 foot wide driveway at 3 am to *water* my favorite tree... I'm 550 feet back from a road that has traffic counts that might hit 20 cars (both lanes combined) per hour at 5 pm. Biggest risk here is I'll step on a racoon .. they pretty balzy around here. You can walk right up to them at night, they won't move if their in feasting out of ya garbage can till ya get within 3 feet or so. was easier when I was managing ittle League and always had a 5 gallon spackle "bucke of balls" at the door.
Still trying to figure out how a bucket of balls would help with watering a tree...
Posted on Reply
#105
Super XP
moproblems99 said:
Still trying to figure out how a bucket of balls would help with watering a tree...
Think he means the bucket of balls is for the juicy big Raccoons.

lexluthermiester said:
That's the problem, who would do that deliberately? Intel is known for taking risks, but not foolish risks.
That's the million dollar question. Of course this is all speculation, but you never know if this was deliberate or they just didn't know about the vulnerability at the time the CPU was designed.
Posted on Reply
#106
moproblems99
Super XP said:
Of course this is all speculation
I thought we covered that speculative execution wasn't a good idea?
Posted on Reply
#107
Super XP
moproblems99 said:
I thought we covered that speculative execution wasn't a good idea?
Doesn't that increase performance quite substantially?
Posted on Reply
#108
trparky
It's not speculative execution that's at fault here, it's the fact that they didn't put in vital permission and validation checks in the speculative execution engine to make sure that it doesn't do something stupid. You can have speculative execution and have it be secure, that is, if speculative execution is done right with security in mind. This is where Intel failed, they didn't think about security much like how Microsoft didn't think of security back in the early 2000s.
Posted on Reply
#109
moproblems99
Super XP said:
Doesn't that increase performance quite substantially?
It was a joke about your speculation on Intel's reasoning. Their reasoning was performance gains - nothing more, nothing less.

To add to that, most companies don't know exploits exist. When they find out, they get run through an RMF to determine what they need to do. In this case, Intel's only option is a new architecture as I don't even think microcode can adjust how specex works. To be honest, this is outside any sort of 'expertise' I may have.

However, new architectures aren't quick fixes so there is not much they could do. They also didn't want to announce it to the world because, well, then everyone knows what to do. Considering it took nearly a decade for this to come to light (at least publicly), I don't hold a grudge on Intel for this.
Posted on Reply
#110
trparky
moproblems99 said:
Their reasoning was performance gains
But at what cost?
moproblems99 said:
most companies don't know exploits exist.
Oh come on, I don't buy that crap in the case of Intel at all. If someone outside of Intel who doesn't know the ins and outs of Intel chips like they (Intel) themselves know it can find their exploits and yet Intel is supposedly staffed by people who are far smarter, there's something wrong. I can only imagine that someone bought these issues up inside Intel but they were told to keep their trap shut.
Posted on Reply
#111
moproblems99
trparky said:
But at what cost?

Oh come on, I don't buy that crap in the case of Intel at all. If someone outside of Intel who doesn't know the ins and outs of Intel chips like they (Intel) themselves know it can find their exploits and yet Intel is supposedly staffed by people who are far smarter, there's something wrong. I can only imagine that someone bought these issues up inside Intel but they were told to keep their trap shut.
It's possible they knew. But what are they going to do? Scrap their 10 year road map? If you think that Intel knows everyone of their vulnerabilities then you are mistaken. Many vulnerabilities exist because people find ways to do things that designers didn't think of. It happens all the time.

And yes, there are people outside of Intel that are smarter than people at Intel. Reverse engineers are some of the smartest people in the software world. You have to have a totally different mindset than a traditional programmer.
Posted on Reply
#112
trparky
moproblems99 said:
But what are they going to do?
I don't know... How about fix their crap?
moproblems99 said:
And yes, there are people outside of Intel that are smarter than people at Intel.
And yet the people inside Intel are supposed to know their stuff inside and out, forwards and backwards.
Posted on Reply
#113
moproblems99
trparky said:
I don't know... How about fix their crap?
Do think they can fart out an architecture overnight?

trparky said:
And yet the people inside Intel are supposed to know their stuff inside and out, forwards and backwards.
Unfortunately, people are still human and make mistakes that other humans will find.
Posted on Reply
#114
mtcn77
lexluthermiester said:
That's the problem, who would do that deliberately? Intel is known for taking risks, but not foolish risks.
Just how much time have Intel lost delaying EUV? We have EUV tester packs which would make 7nm all the more feasible. Mask costs are a lot less and lithography in general more streamlined. The only thing is there is a huge waiting list for these machines with 2.5 years already booked. Guess, Intel is a part of the early adopters?
Posted on Reply
Add your own comment