CacheOut is the Latest Speculative Execution Attack for Intel Processors

[Deleted member 158293]

The compromises Intel made in the past for speed is still catching up with them. Desktops may not matter much, but the amount of additional attack vectors on their servers this is creating will probably be never be fully known as many more will probably never be seen above closely guarded secrets.

 

[TheinsanegamerN]

No amount of patchwork will completely fix these leaks. They exist on such a basic level there will probably always be some way to get past any sort of bandaid fix. Intel said as much when the first leaks came out, too. Let's be realistic about it

The more interesting part of it is that Intel actually still keeps selling leaky architecture to us, I mean Cascade Lake isn't exactly ancient. Gotta keep that money rollin' ey

But... they're taking it seriously Business as usual and made a record year... guess what. The memo we gave them since those leaks is that we also really don't give a shit and buy Intel regardless. We're helpless really.

You contradict yourself. If these leaks will keep happening regardless of patches, yet intel shouldnt be selling chips with these patches needed (in your opinion), then should intel just pack up shop and go home? Call it quits? What do you expect them to do?

As you said: "lets be realistic about it". Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors. These flaws are not game ending, and intel going out of business voluntaraly so they dont sell a flawed CPU is just rediculous.

 

[R0H1T]

Have to say great choice in terms of pic for the FP article

Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors.

Not always, in fact the vast majority of the critical ones centered around spectre & meltdown - both didn't require admin access & weren't what you'd call remote escalation attacks.

Except you probably won't know about these attacks ever, especially if an attacker exploited smeltdown on a vulnerable system - this is why they are scary & yes I'm talking nation state level targeted attacks.

And that's where I have a huge issue with the corporate culture, they never really learn do they

 

[Dave65]

Man, I wonder how Intel fanbois are holding up being unable to remark about bug ridden AMD CPUs are .

Yeah, am sure they are breaking blood vessels at a record pace

Joking aside tho, this is getting pretty bad, have upgraded most of my PCs to AMD but not because of the vulnerabilities but bang for the buck. I do hope Intel gets it together for the sake of health and wellness

 

[Vayra86]

You contradict yourself. If these leaks will keep happening regardless of patches, yet intel shouldnt be selling chips with these patches needed (in your opinion), then should intel just pack up shop and go home? Call it quits? What do you expect them to do?

As you said: "lets be realistic about it". Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors. These flaws are not game ending, and intel going out of business voluntaraly so they dont sell a flawed CPU is just rediculous.

One does not exclude the other, and the fact that it doesn't is a testament to our own helplessness. You say it well, and we wouldn't want Intel to pack up shop either. Its a contradiction... and yet we live it.

Intel knows this and that is why them 'taking it seriously' is accepted as an excuse. Also what's done is done. Everyone wants the easy way out of this, and its not just Intel or me bashing just Intel here; its just an observation. OTOH where is the class action for all our lost performance? Fair's fair...

This is one of those examples of 'too big to fail'.

 

[HD64G]

I wonder who has been surprised by those news. Only surprise to forum members comes from the existense of Intel's tech admirers. Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.

 

[londiste]

Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.

Bullshit.

 

[R0H1T]

Also, just in case you forgot about this
Intel is patching its Zombieload CPU security flaw for the third time

 

[V3ctor]

So my Pentium 3 500Mhz (Katmai) is safe!....

 

[HD64G]

Bullshit.

Another ignorant for my ignore list...

 

[EarthDog]

Another ignorant for my ignore list...

Or, you know, help out the forums and those who do not know by supporting your assertion with some links, perhaps.

I don't know why, with any certainty, AMD is slower, but I recall it having something to do with AMD's chiplet design and latency between the CCXs and IO die. If this isn't correct, help us out, eh?

 

[trparky]

Intel performance is great and all but if they had to take shortcuts to get that performance then what good is the performance? The fact that AMD is within striking distance of Intel performance while not having to take shortcuts that have lead to these security flaws is simply amazing. It makes me question if Intel has ran out of ideas and it lends even more credence to just why Intel hired Jim Keller who was instrumental in the creation of the Zen architecture.

 

[lewis007]

Whats up with Intel CPU's and vulnerabilities?

 

[HD64G]

Or, you know, help out the forums and those who do not know by supporting your assertion with some links, perhaps.

I don't know why, with any certainty, AMD is slower, but I recall it having something to do with AMD's chipset design and latency between the CCXs and IO die. If this isn't correct, help us out, eh?

There are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.

 

[EarthDog]

There are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.

So, excuse me, but how does this answer your previous statement...

"Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one."

You just said above that regardless its faster, but..........still I didn't see any proof of low latency intel due to security holes (or missed it).

 

[trparky]

There are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.

Apparently this won't be an issue with Zen 2 though.

 

[londiste]

Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.

This keeps coming up again and again while being simply incorrect and by now is more of a FUD than anything.

Another ignorant for my ignore list...

Any proof of lower latency being due to security holes?
There is proof of the opposite in Phoronix's performance tests for mitigations and hardware fixes where fixed hardware is essentially at the same performance as pre-Spectre (and by essentially I mean there is a general overall 2-4% perf hit from Spectre mitigations in software).

There are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal.

Higher latency is direct consequence of chiplet design. If you look at these same reviews 2700X also has lower latency than 3700X. The reason is simple, cores need to go across package to a different die to memory controller for memory access. This is done over IF which (while very fast) adds an additional bit of delay to every memory access. This is why Zen2 has such a huge L3 cache to hide as much of that latency as possible.

 

[lexluthermiester]

Description of what they refer to seems to be 5. Cross Process Attacks (on page 9).

Ok, read through that and the Linux problem is Kernel based and does not exist in Windows from XP 2K on. That problem will likely be swiftly rectified with a Kernel update. However, and more importantly, it's still not exploitable remotely. So even on Linux, you have to be at the system in question.

 

[moproblems99]

However, and more importantly, it's still not exploitable remotely. So even on Linux, you have to be at the system in question.

Haven't read the paper yet but does that mean ssh in combined with a PE does not work?

 

[EarthDog]

Apparently this won't be an issue with Zen 2 though.

Zen 3, you mean? Zen 2, 3000 series, is already out and has these issues.

 

[trparky]

Zen 3, you mean? Zen 2, 300 series, is already out and has these issues.

That’s what I meant. Oops.

 

[Xzibit]

Also, just in case you forgot about this
Intel is patching its Zombieload CPU security flaw for the third time

At this point Intel should coin DLC-P

Down
Loadable
CVE
Patch

 

[lexluthermiester]

Haven't read the paper yet but does that mean ssh in combined with a PE does not work?

The fact that it wasn't mentioned specifically very likely rules it out. However the research is ongoing so the jury might still be out on that scenario. My hypothesis is that it will ultimately not be possible.

 

[moproblems99]

The fact that it wasn't mentioned specifically very likely rules it out. However the research is ongoing so the jury might still be out on that scenario. My hypothesis is that it will ultimately not be possible.

I don't see why it wouldn't. In general, sitting in front of the box or SSH is no different.

 

[Steevo]

There is no one to blame. Like all of the vulnerabilities found in CPU's in the past few years, Intel created a CPU function that was intended to be of benefit. They had no expectation or foresight that it would be used in such a way.


That is incorrect.

If I had to guess at the possibility of Intel knowing these exploits existed and they made the conscious decision to ignore the risk for some performance.... 99% sure they knew and just didn't and don't care.