Tuesday, May 14th 2019

Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Ouch doesn't even begin to describe how much that headline hurt. As far as speculative execution goes, it's been well covered by now, but here's a refresher. Speculative execution essentially means that your CPU tries to think ahead of time on what data may or may not be needed, and processes it before it knows it's needed. The objective is to take advantage of concurrency in the CPU design, keeping processing units that would otherwise be left idle to process and deliver results on the off-chance that they are indeed required by the system: and when they are called for, the CPU saves time by not having to process them on the fly and already having them available.

The flaws have been announced by Intel in coordination with Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle. While some of the parties involved have named the four identified flaws with names such as "ZombieLoad", "Fallout", and RIDL, or "Rogue In-Flight Data Load", Intel is using the PEGI-13 "Microarchitectural Data Sampling (MDS)" name.
Update May 15th: Intel has released benchmarks that show the performance impact of the MDS mitigations.
Update May16th: Apparently Intel tried to swipe the issue under the rug with a generous donation to the researchers.

The issue at hand here, defined by Intel's pretty tame MDS, is that like other side-channel attacks, exploits may allow hackers to obtain information that was otherwise deemed secure, had it not been run through the CPU's speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on Intel's CPUs, MDS attacks read the data on the CPU's various buffers - between threads, along the way to the CPU cache, and others. The researchers say that this flaw can be used to siphon data from the CPU at a rate that can approach real-time, and can be used to selectively pull what information is deemed important: whether it's passwords or what websites the user is visiting at the moment of the attack, it's all fair game.


Intel says that significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system vendors and third party app creators. One of the proposed solutions is that every time a processor would switch from one third-party app to another, from a Windows process to a third-party app, or even from less trusted Windows processes to more trusted ones, the buffers have to be cleared or overwritten. This means a whole new cycle of data gathering and writing beings every time you call up a different process - and you bet that carries a performance penalty, which Intel is putting at a "minimal" up to 9%.

Intel detailed the vulnerability in its whitepaper and admitted that disabling HT might be warranted as a protection against MDS attacks - and you can imagine how much the company must have loathed to publish such a thing. Intel's HT has been heavily hit by repeated speculative execution flaws found on Intel processors, with mitigations usually costing some sort of performance on Intel's concurrent processing technology. Intel says its engineers discovered the MDS vulnerabilities last year, and that it has now released fixes for the flaw in both hardware and software. Although obviously, the software fixes will have to be deployed either on microcode updates or will have to be implemented by every operating system, virtualization vendor, and other software makers.

Intel also said that its 8th and 9th generation processors already include the hardware mitigations that defeat the exploitation of MDS, but previous architectures back to Nehalem are vulnerable. But why play it on expectations: you can take a test that has been published by the researchers right here.

The CVE codes for the vulnerabilities stand as such:
  • CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Sources: Wired, MDS Attacks Test
Add your own comment

100 Comments on Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

#26
windwhirl
"Ah sh*t, here we go again" was my thought when I read the title...

Posted on Reply
#27
XiGMAKiD
Raevenlord said:

...significant software changes will be needed to harden systems against this exploit, not only from themselves, but from operating system designers and third party app creators
Buggy updates incoming :fear:
Posted on Reply
#28
Steevo
natr0n said:

You can disable cpu caching and etc.. in bios.
you could also take a hacksaw to the chip because that'll essentially destroy your performance
Posted on Reply
#29
Caring1
I disabled HT ages ago.
I doubt I am a priority target anyway.
Posted on Reply
#30
Totally
mugatopdub21 said:

You sir deserve a medal! Yes yes and more yes! Finally, someone with some common sense to hopefully enlighten the masses. Listen to this person! You'll notice I didn't amend anything - it was written perfectly =)
I thought similarly last time until some uni student demonstrated a remote attack via a compromised system on the same network. So yes you can point out that there is an impassable canyon in between that possibility and reality while ignoring the guy building a bridge to the left.
Posted on Reply
#31
Emu
efikkan said:

While it's still possible to actually do this securely, the pitfalls of SMT will only increase with architectural complexity, and the cost of dealing with this does too, and since the performance gains from SMT are diminishing with increasing IPC, SMT should be abandoned sooner rather than later.
Cinebench would like to disagree with your "performance gains from SMT are dimishing with increasing IPC". My Ryzen 7 2700x scores 3582 in Cinebench Release 20 with SMT enabled and 2074 with SMT disabled. I actually had to run the 8 core / 16 thread benchmark twice because I was only expecting a 30% difference. IPC increases between generations of architectures is usually in the single digit range and increased width in the instruction pipeline benefits SMT performance.
[ATTACH type="full" alt="123000"]123000[/ATTACH]
[ATTACH type="full" alt="123001"]123001[/ATTACH]
Posted on Reply
#32
xkm1948
At this rate i may have to switch to Zen 2 TR sooner than I would like...
Posted on Reply
#33
Vulpesveritas
R-T-B said:

That test in the article is one.



Citation?
The official webpage by the guys who discovered the exploit to begin with, which I linked earlier in the thread. https://mdsattacks.com/
Posted on Reply
#34
LAN_deRf_HA
I've been confused by the "newest gen is ok" vs "newest gen is more vulnerable" comments. Is it that the newer chips are more vulnerable just specifically not to the hyper thread exploit?
Posted on Reply
#35
Vulpesveritas
LAN_deRf_HA said:

I've been confused by the "newest gen is ok" vs "newest gen is more vulnerable" comments. Is it that the newer chips are more vulnerable just specifically not to the hyper thread exploit?
The report from the lab testers say the newest chips are more vulnerable, while Intel is claiming they're not, is what it appears.
Posted on Reply
#36
Mistral
Yes, I'm sure all those people that bought i7s are simply delighted that someone is advising them to disable HT... And the "minimal" performance penalty of up to 9% sounds real nice compared to the huge 5% gaming performance advantage Intel enjoys over AMD.
Posted on Reply
#37
trparky
I am really starting to regret buying my 8700K right about now. These Intel chips are turning out to have more security holes than Internet Explorer.
Posted on Reply
#38
R-T-B
Vulpesveritas said:

The official webpage by the guys who discovered the exploit to begin with, which I linked earlier in the thread. https://mdsattacks.com/
Must've missed it, thanks.

Now that I can reference the page and tool, it seems interesting to me the tools claims 9th gen is "not affected" by meltdown at all. Considering that was the biggest performance impacting fix from the previous batch of vulnerabilities, it's almost looking like 9th gen may have taken 2 steps forwards, only to fall 2 steps backwards.
Posted on Reply
#39
Nihilus
So the once mighty 7700k is basically an 8350k now meaning my $170 at launch 2400g will beat it now in many games.
Posted on Reply
#40
Cybrnook2002
And they keep on selling them anyways......... waiting for the next nda to expire so even the next vulnerability goes public. Something to be said about selling knowingly faulty chips under the clock of waiting for nda to lift.
Posted on Reply
#41
Caring1
Is Intel going to use this as an excuse to delay the launch of Gen 10? :rolleyes:
My bet is on a revision of 9 first.
Posted on Reply
#42
SIGSEGV
Ryzen 5 3500U here i come..
Posted on Reply
#43
Prima.Vera
At least those are public and not kept secret anymore. I doubt those affect the average Joe user using the PC for mundane tasks...
Posted on Reply
#44
trparky
Prima.Vera said:
At least those are public and not kept secret anymore. I doubt those affect the average Joe user using the PC for mundane tasks...
But the question that I have is... How many more skeletons does Intel have in their closets? How many more exploits are there that are just waiting to be found?

In some ways, I don't want to know.:fear:
Posted on Reply
#45
TheLostSwede
AMD seems to at least be partially affected. No patches applied yet on Windows 10.
Edit: Updating Windows today made no difference the list of vulnerabilities...

[ATTACH type="full" alt="123011"]123011[/ATTACH]
Posted on Reply
#46
randomUser
They are releasing these news now, because they want people with gen 7 and below to go and buy gen8/9 because these gens can work with HT enabled and be safe.

So it the upgare of the cpu not for better performance, but for better protection.

$$$
Posted on Reply
#47
adulaamin
randomUser said:

They are releasing these news now, because they want people with gen 7 and below to go and buy gen8/9 because these gens can work with HT enabled and be safe.

So it the upgare of the cpu not for better performance, but for better protection.

$$$
With Ryzen 2 coming, most, I think, would upgrade to AMD rather than Intel's 8th oe 9th gen cpus.
Posted on Reply
#48
craigo
CONSUMERPOWERUP!

OMG! an security flaw has been published. FETCH MY WALLET, REPLACE ALL THE THINGS!
Posted on Reply
#50
londiste
TheLostSwede said:

AMD seems to at least be partially affected. No patches applied yet on Windows 10.
Edit: Updating Windows today made no difference the list of vulnerabilities...


MDS Issues are in the last section - Micro-architectural Data Sampling. Ryzen is not affected according to the tool.
The others are older Spectre-class problems which do affect Ryzen as well.
Posted on Reply
Add your own comment