• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "BranchScope" Side-channel CPU Vulnerability Threatens Modern Processors

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,274 (7.69/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
In the age of cyber-security vulnerabilities being named by their discoverers, much like incoming tropical storms, the latest, which exploits speculative execution of modern processors, is named "BranchScope," discovered by academics from four US universities, Dmitry Evtyushkin, Ryan Riley, Nael Abu-Ghazaleh, and Dmitry Ponomarev. The vulnerability has been successfully tested on Intel "Sandy Bridge," "Haswell," and "Skylake" micro-architectures, and remains to be tested on AMD processors. It bears similarities to "Spectre" variant 2, in that it is an exploit of the branch prediction features of modern CPUs.

BranchScope differs from Spectre variant 2, in that while the latter exploits the branch target buffer, BranchScope goes after the directional branch predictor, a component that decides which speculative operations to execute. By misdirecting it, attackers can make the CPU read and spit out data from the memory previously inaccessible. The worst part? You don't need administrative privileges to run the exploit, it can be run from the user-space. Unlike CTS-Labs, the people behind the BranchScope discovery appear to have alerted hardware manufacturers significantly in advance, before publishing their paper (all of it, including technicals). They will present their work at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018), later today.



View at TechPowerUp Main Site
 
  • Like
Reactions: HTC
Joined
Jan 8, 2017
Messages
8,860 (3.36/day)
System Name Good enough
Processor AMD Ryzen R9 7900 - Alphacool Eisblock XPX Aurora Edge
Motherboard ASRock B650 Pro RS
Cooling 2x 360mm NexXxoS ST30 X-Flow, 1x 360mm NexXxoS ST30, 1x 240mm NexXxoS ST30
Memory 32GB - FURY Beast RGB 5600 Mhz
Video Card(s) Sapphire RX 7900 XT - Alphacool Eisblock Aurora
Storage 1x Kingston KC3000 1TB 1x Kingston A2000 1TB, 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) LG UltraGear 32GN650-B + 4K Samsung TV
Case Phanteks NV7
Power Supply GPS-750C
If they don't make a fancy website and some buzzfeed type videos about this it ain't worth our time. :laugh:

Joking aside , I wonder just how many of these things will be found out until no one will care anymore.
 
Joined
Dec 16, 2017
Messages
2,720 (1.19/day)
Location
Buenos Aires, Argentina
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / WD20EZRX / MKNSSDTR256GB-3DL / LG BH16NS40 / ST10000VN0008
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Whatever build of Windows 11 is being served in Dev channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..
 
Joined
Oct 27, 2009
Messages
1,129 (0.21/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..

Hopefully they will develop better design and coding practices...
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,105 (1.31/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
At least it seems like they told Intel in advance..

Again time to pull on the Chamber pot i have covered in tinfoil to wear as a security Hat :)
To me this smacks of the PAST 3 letter Agency Activity in Action and their pet BackDoors now useless coming to the fore.
The Full body Armor living in a faraday cage nutters Said those 3 l A had paid Intel to Bake in Back Doors

Time for me to go i can feel something dripping down my neck :)
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..
Sure seems to be the trend doesn't it... I guess we can no longer trust win xp on an unprotected network anymore... :laugh:
 
Joined
Feb 15, 2018
Messages
248 (0.11/day)
An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story
 
Joined
Jul 29, 2014
Messages
484 (0.14/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story


"You don't need administrative privileges to run the exploit, it can be run from the user-space."
 

the54thvoid

Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
12,378 (2.37/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
This announcement so clearly demonstrates the very bad PR extravaganza that was CTS-Labs. This has no inflammatory statements, it is not derogatory and it does not make predictions of gloom and doom. This is how these things are meant to be released, as far as we can see, and also, more importanly, how news outlets should cover them.

As far as this breach, I assume it means you can read the cached RAM data remotely? Not as dangerous as a BIOS infected system but as it does not require admin rights, possibly far more likely to happen.
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
This looks bad. In essence , because intel has made its branch prediction logic so good (the reason Intel CPUs are as good as they are at what they do) , it knows too much and tells anyone (on the same host) who knows how to ask everything.

We demonstrate BranchScope on three recent Intel x86_64
processors — Sandy Bridge, Haswell and Skylake. To perform
BranchScope, the attacker does not need to reverse-engineer
the details of the branch predictor operation, and only needs
to perform simple manipulations with the prediction state
machines from the user space. We also demonstrate how
BranchScope can be extended to attack SGX enclaves even if
recently-proposed protections are implemented. We show
that BranchScope can be performed across hyperthreaded
cores, advancing previously demonstrated BTB-based attacks
which leaked information only between processes scheduled
on the same virtual core [21].
 
Joined
Nov 3, 2013
Messages
2,141 (0.56/day)
Location
Serbia
Processor Ryzen 3600
Motherboard X570 I Aorus Pro
Cooling Deepcool AG400
Memory HyperX Fury 2 x 8GB 3200 CL16
Video Card(s) RX 470 Nitro+ 4GB
Storage SX8200 Pro 512 / NV2 512
Display(s) 24G2U
Case NR200P
Power Supply Ion SFX 650
Mouse G703
Keyboard Keychron V1 (Akko Matcha Green) / Apex m500 (gateron milky yellow)
Software W10
disu.jpg
 
Joined
May 19, 2009
Messages
1,817 (0.33/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G6
Processor 7700X \\ i7-8565U
Motherboard Asrock X670E PG Lightning
Cooling Noctua DH-15
Memory G.SKILL Trident Z5 RGB Black 32GB 6000MHz CL36 \\ 16GB DDR4-2400
Video Card(s) ASUS RoG Strix 1070 Ti \\ Intel UHD Graphics 620
Storage 2x KC3000 2TB, Samsung 970 EVO 512GB \\ OEM 256GB NVMe SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z533
Power Supply Corsair AX860i
Mouse Logitech G502
Keyboard Corsair K55 RGB PRO
Software Windows 11 \\ Windows 10
How much performance loss this time? :/
 
Joined
May 6, 2012
Messages
184 (0.04/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Any "fixes" on branch predictor logic come with performance cost.

Couple percent up to double digits on edge cases.
 
Joined
Mar 18, 2008
Messages
5,717 (0.98/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
Wait a minute. No green screened video? No flashy "XXX Flaws" websites? No "CPU Companies should file chapter 11"? What is wrong with this?

Oh wait, this is from actual security researcher, not some attention whore.
 
Joined
Sep 15, 2015
Messages
1,018 (0.33/day)
Location
Latvija
System Name Fujitsu Siemens, HP Workstation
Processor Athlon x2 5000+ 3.1GHz, i5 2400
Motherboard Asus
Memory 4GB Samsung
Video Card(s) rx 460 4gb
Storage 750 Evo 250 +2tb
Display(s) Asus 1680x1050 4K HDR
Audio Device(s) Pioneer
Power Supply 430W
Mouse Acme
Keyboard Trust
Is that mean Sandy Bridge needs to run in offline (no internet) mode.
 
Joined
Aug 2, 2012
Messages
1,759 (0.41/day)
Location
Netherlands
System Name TheDeeGee's PC
Processor Intel Core i7-11700
Motherboard ASRock Z590 Steel Legend
Cooling Noctua NH-D15
Memory Crucial Ballistix 3200/C16 4x8GB
Video Card(s) Nvidia RTX 4070 Ti 12GB
Storage Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s) EIZO CX240
Case Fractal Design Define 7
Audio Device(s) Creative Sound Blaster ZXR, AKG K601 Headphones
Power Supply Seasonic Fanless TX-700
Mouse Logitech G500s
Keyboard Keychron Q6
Software Windows 10 Pro 64-Bit
Benchmark Scores None, as long as my games runs smooth.
So at the end with all 139875945 patches applied our CPUs will perform like a Pentium 3.
 
Joined
Sep 11, 2015
Messages
624 (0.20/day)
The only lesson from this is: never trust your personal data to any computer that is even remotely online. Have a separate PC at home without any access to the internet. Probably until the end of time, this is the only truth about data security. Only way you can stop reading these news and sleep tight.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The only lesson from this is: never trust your personal data to any computer that is even remotely online.

That's extreme.

I've always been more partial to the philosophy of "make your data harder to access than it's worth"

That can be acomplished, even today.
 
Joined
Dec 3, 2014
Messages
338 (0.10/day)
Location
Marabá - Pará - Brazil
System Name KarymidoN TitaN
Processor AMD Ryzen 7 5700X
Motherboard ASUS TUF X570
Cooling Custom Watercooling Loop
Memory 2x Kingston FURY RGB 16gb @ 3200mhz 18-20-20-39
Video Card(s) MSI GTX 1070 GAMING X 8GB
Storage Kingston NV2 1TB| 4TB HDD
Display(s) 4X 1080P LG Monitors
Case Thermaltake Core V71
Power Supply Corsair TX 600
Mouse Logitech G300S
So this guys actually sent an advanced warning to Intel? No Intelflaws.com? hmmm :laugh:
Jokes aside, what a good reading on their paper, really a professional work on finding a explaining the Vulnerability.
 
Top