CrossTalk is Another Intel-exclusive Security Vulnerability

AleksandarK · Jun 10, 2020

Intel has had quite a lot of work trying to patch all vulnerabilities discovered in the past two years. Starting from Spectre and Meltdown which exploited speculative execution of the processor to execute malicious code. The entire process of speculative execution relies on the microarchitectural technique for adding more performance called speculative branch prediction. This technique predicts branch paths and prepared them for execution, so the processor spends less time figuring out where and how will instructions flow through the CPU. So far, lots of these bugs have been ironed out with software, but a lot of older CPUs are vulnerable.

However, an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores. This is where the new CrossTalk vulnerability comes in. Dubbed Special Register Buffer Data Sampling (SRBDS) by Intel, it is labeled as CVE-2020-0543 in the vulnerability identifier system. The CrossTalk is bypassing all intra-core patches against Spectre and Meltdown so it can attack any CPU core on the processor. It enables attacker-controlled code execution on one CPU core to leak sensitive data from victim software executing on a different core. This technique is quite dangerous for users of shared systems like in the cloud. Often, one instance is shared across multiple customers and until now they were safe from each other. The vulnerability uses Intel's SGX security enclave against the processor so it can be executed. To read about CrossTalk in detail, please visit the page here.

View at TechPowerUp Main Site

Melvis · Jun 10, 2020

Caring1 · Jun 10, 2020

"The vulnerability uses Intel's SGX security enclave against the processor so it can be executed"

Hasn't Intel stopped using SGX?

Shou Miko · Jun 10, 2020

Caring1 said:
"The vulnerability uses Intel's SGX security enclave against the processor so it can be executed"

Hasn't Intel stopped using SGX?

That's a negative, SGX is used for 4K/UHD blu-ray playback on computers which is also why this ain't working on AMD CPU/Graphics and Nvidia graphics.

AleksandarK · Jun 10, 2020

Caring1 said:
"The vulnerability uses Intel's SGX security enclave against the processor so it can be executed"

Hasn't Intel stopped using SGX?

SGX is a hardware feature. They plan to stop using it with Tiger Lake iirc.

Shou Miko · Jun 10, 2020

AleksandarK said:
SGX is a hardware feature. They plan to stop using it with Tiger Lake iirc.

They properly won't if there isn't a replacement for 4K/UHD blu-ray it's depending on SGX for the encrypted playback from what I know.

I dropped it a couple of years back because it wasn't worth it because you could only play with on Intel CPU's that supported SGX and with Intel Onboard Graphics you couldn't even have a AMD or Nvidia card in the machine and the test and playback with fail.

ncrs · Jun 10, 2020

There are two new vulnerabilities: CROSSTalk and SGAxe with only the latter using SGX.

CROSSTalk will be patched by microcode updates from Haswell to Comet Lake as denoted at Intel's site. Earlier models are vulnerable but WILL NOT be patched.

The worst case scenario is the RdRand instruction that gets its performance reduced by 97% as tested by Phoronix. Normal usage should not be affected apart from some cryptographic loads.

I'm a bit disappointed at the reporting quality for this issue on TPU...

Vayra86 · Jun 10, 2020

It starts to feel as if Intel is plugging one hole only to discover a few new ones.

Owen1982 · Jun 10, 2020

@Melvis - Thanks, loudest LOL I've had today

XiGMAKiD · Jun 10, 2020

"...Intel-exclusive...", that line got me :roll:

"Intel-only" is another option for news post like this albeit less attractive

1d10t · Jun 10, 2020

Intel-exclusive Security Vulnerability

Man, that harsh :laugh:

TheoneandonlyMrK · Jun 10, 2020

Where is the usual required access comments.

Do you need physical access, admin rights or the stupidest owner, is it remote execute possible etc.

All drama and little substance.

Do I smash my kaby lake CPU up or not? I dunno.

hurakura · Jun 10, 2020

it's not funny anymore

evernessince · Jun 10, 2020

hurakura said:
it's not funny anymore

It is because it's not in the slightest influencing people's decisions to purchase Intel products. No one cares about security until it's already too late.

Bill_Bright · Jun 11, 2020

XiGMAKiD said:
"...Intel-exclusive...", that line got me

Yeah. This one too: "an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores."

I find it interesting how one knows how an attacker has always thought. :rolleyes:

And then of course, there's the big one where the title that claims CrossTalk is a security "vulnerability". No its not!

CrossTalk is a profiler tool developed by the security firm, VUSec (the "good guys"). See here (same link provided by author!) and note the following,

we built CrossTalk, a profiler to inspect the behavior of complex (“microcoded”) x86 instructions beyond the CPU core boundaries.

evernessince said:
It is because it's not in the slightest influencing people's decisions to purchase Intel products. No one cares about security until it's already too late.

Well, that's not true, on both parts.

Part 1 - There are many who blindly believe those attention seeking rumor mongers in the IT media who try to convince everyone that if they own an Intel processor, all the bad guys have immediate access to all their data. So they have been influenced to never ever buy Intel.

Part 2 - While admittedly, there are some who neglect things until it is too late (like keeping regular backups of their data, using strong and unique passwords, wearing masks in crowds :twitch:

etc.), there are also many who do their homework to learn the facts before panicking about something that does NOT affect them. See theoneandonlymrk's post above and note, AFAIK, there has not been one report of a Meltdown/Spectre compromise in the wild despite all the sky is falling warnings the world is about to end for all Intel users.

evernessince · Jun 11, 2020

Bill_Bright said:
CrossTalk is a profiler tool developed by the security firm, VUSec (the "good guys"). See here (same link provided by author!) and note the following,
Well, that's not true, on both parts.

Part 1 - There are many who blindly believe those attention seeking rumor mongers in the IT media who try to convince everyone that if they own an Intel processor, all the bad guys have immediate access to all their data. So they have been influenced to never ever buy Intel.

Part 2 - While admittedly, there are some who neglect things until it is too late (like keeping regular backups of their data, using strong and unique passwords, wearing masks in crowds etc.), there are also many who do their homework to learn the facts before panicking about something that does NOT affect them. See theoneandonlymrk's post above and note, AFAIK, there has not been one report of a Meltdown/Spectre compromise in the wild despite all the sky is falling warnings the world is about to end for all Intel users.

Sounds to me like you are basing your security recommendations off opinion.

Anyone with two hands can google a list of Intel vulnerabilities and see there are multiple remote access ones:

Intel : Security vulnerabilities, CVEs

Security vulnerabilities related to Intel : List of vulnerabilities affecting any product of this vendor

www.cvedetails.com

Bill_Bright · Jun 11, 2020

evernessince said:
Sounds to me like you are basing your security recommendations off opinion.

LOL And what is the following?

evernessince said:
It is because it's not in the slightest influencing people's decisions to purchase Intel products. No one cares about security until it's already too late.

Where did you Google that?

And while you learn to Google, you might want to learn what the difference is between a "vulnerability", and malware that has been developed and released out into the wild that can successfully bypass all other security measures (Windows itself, the router, the firewall, the anti-malware program, the deadbolts on my door, my Rottweiler, and my Glock 17) to gain access to that vulnerability, and "IS" infecting and exploiting that vulnerability.

Just because there is a vulnerability, that does not mean it can, or has been exploited.

Totally · Jun 13, 2020

Bill_Bright said:
Yeah. This one too: "an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores."

I find it interesting how one knows how an attacker has always thought.

And then of course, there's the big one where the title that claims CrossTalk is a security "vulnerability". No its not!

CrossTalk is a profiler tool developed by the security firm, VUSec (the "good guys"). See here (same link provided by author!) and note the following,
Well, that's not true, on both parts.

Part 1 - There are many who blindly believe those attention seeking rumor mongers in the IT media who try to convince everyone that if they own an Intel processor, all the bad guys have immediate access to all their data. So they have been influenced to never ever buy Intel.

Part 2 - While admittedly, there are some who neglect things until it is too late (like keeping regular backups of their data, using strong and unique passwords, wearing masks in crowds etc.), there are also many who do their homework to learn the facts before panicking about something that does NOT affect them. See theoneandonlymrk's post above and note, AFAIK, there has not been one report of a Meltdown/Spectre compromise in the wild despite all the sky is falling warnings the world is about to end for all Intel users.

The vulnerabilty in the cpu is exposed when using crosstalk hence the vuln was named after it's clearly explained following the link.

Bill_Bright · Jun 13, 2020

Totally said:
The vulnerabilty in the cpu is exposed when using crosstalk hence the vuln was named after it's clearly explained following the link.

I understand and already explained what Crosstalk is and isn't. And you quoted me explaining it! You even included the source link to the Crosstalk tool I posted - but you still missed the point. :rolleyes:

Crosstalk is a tool used to expose the vulnerability IN A CONTROLLED ENVIRONMENT! The official name of the vulnerability is, "special register buffer data sampling" or "SRBDS", officially designated CVE-2020-0543.

My point was about illustrating how some in the IT Media love to attract attention to themselves and their bylines with sensationalized, exaggerated or even false headlines that inaccurately paint others in a bad light!

I will not go so far as to call it "fake news", because as noted, it is, more or less, explained correctly later on - or at least includes links to the accurate information. But such irresponsible [so called] "journalism" :twitch:

leads to fake news and rumormongering - and that disgusts me. The IT media (and tech sites like TPU) should be setting the records straight - not simply parroting and "spinning" stories with inaccuracies and exaggerations.

Is the vulnerability real? Yes! Of course? Absolutely! So are Spectre and Meltdown.

But are they being "exploited" by the bad guys? NO!!!!!!! And why? Because like so many vulnerabilities (in processors, operating systems, networks, etc.) the bad guy must have physical access to the computer (or, maybe, be granted specific remote access by an authorized user). And the bad guy must have root (admin) access to the computer. That is, he or she must be in your home, sitting at your computer desk, and have access to an admin account on your computer, or you consciously granted the bad guy remote and admin access to your computer. Then he or she must bypass or disable all your security measures and then install and run special malware on your computer that can then exploit that vulnerability for their evil deeds.

Now if that scenario is likely in your computing environment, then I would say you have much greater security concerns than SRBDS, Spectre or Meltdown - and for sure, you do need to be worried.

However, because such "exploitation" is unlikely, Intel sales are NOT being impacted by those vulnerabilities.

So I say again, "Just because there is a vulnerability, that does not mean it can, or has been exploited." What it does mean, however, is AS ALWAYS, users must "practice safe computing". That is we must:

Keep our computers, operating systems, and security programs updated and current,

Avoid risky behavior like visiting illegal pornography, gambling, and filesharing sites,

Avoid public "hotspots" with admin level accounts,

Use strong and unique passwords and passphrases,

Ensure other, less "security-aware" users of that computer don't have root/admin access to that computer,

Avoid being "click-happy" on unsolicited downloads, attachments, links, and popups.

But of course, those are the same precautions all users must take regardless the processor, browser, OS or security program we use.

System Name	Night Rider \| Mini LAN PC \| Workhorse
Processor	AMD R7 5800X3D \| Ryzen 1600X \| i7 970
Motherboard	MSi AM4 Pro Carbon \| GA- \| Gigabyte EX58-UD5
Cooling	Noctua U9S Twin Fan\| Stock Cooler, Copper Core)\| Big shairkan B
Memory	2x8GB DDR4 G.Skill Ripjaws 3600MHz\| 2x8GB Corsair 3000 \| 6x2GB DDR3 1300 Corsair
Video Card(s)	MSI AMD 6750XT \| 6500XT \| MSI RX 580 8GB
Storage	1TB WD Black NVME / 250GB SSD /2TB WD Black \| 500GB SSD WD, 2x1TB, 1x750 \| WD 500 SSD/Seagate 320
Display(s)	LG 27" 1440P\| Samsung 20" S20C300L/DELL 15" \| 22" DELL/19"DELL
Case	LIAN LI PC-18 \| Mini ATX Case (custom) \| Atrix C4 9001
Audio Device(s)	Onboard \| Onbaord \| Onboard
Power Supply	Silverstone 850 \| Silverstone Mini 450W \| Corsair CX-750
Mouse	Coolermaster Pro \| Rapoo V900 \| Gigabyte 6850X
Keyboard	MAX Keyboard Nighthawk X8 \| Creative Fatal1ty eluminx \| Some POS Logitech
Software	Windows 10 Pro 64 \| Windows 10 Pro 64 \| Windows 7 Pro 64/Windows 10 Home

System Name	Black Box
Processor	Intel Xeon E3-1260L v5
Motherboard	MSI E3 KRAIT Gaming v5
Cooling	Tt tower + 120mm Tt fan
Memory	G.Skill 16GB 3600 C18
Video Card(s)	Asus GTX 970 Mini
Storage	Kingston A2000 512Gb NVME
Display(s)	AOC 24" Freesync 1m.s. 75Hz
Case	Corsair 450D High Air Flow.
Audio Device(s)	No need.
Power Supply	FSP Aurum 650W
Mouse	Yes
Keyboard	Of course
Software	W10 Pro 64 bit

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2 \| WD SN700 1TB
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2 \| WD SN700 1TB
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

Processor	i7 8700k 4.6Ghz @ 1.24V
Motherboard	AsRock Fatal1ty K6 Z370
Cooling	beQuiet! Dark Rock Pro 3
Memory	16GB Corsair Vengeance LPX 3200/C16
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Fractal Design Define R5
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	XTRFY M42
Keyboard	Lenovo Thinkpad Trackpoint II
Software	W10 x64

CrossTalk is Another Intel-exclusive Security Vulnerability

AleksandarK

News Editor

Melvis

Caring1

Shou Miko

AleksandarK

News Editor

Shou Miko

ncrs

Vayra86

Owen1982

XiGMAKiD

1d10t

TheoneandonlyMrK

hurakura

evernessince

Bill_Bright

evernessince

Intel : Security vulnerabilities, CVEs

Bill_Bright

Totally

Bill_Bright

System Name	Computer!
Processor	i7-6700K
Motherboard	AsRock Z170 Extreme 7+
Cooling	EKWB on CPU & GPU, 240 slim and 360 Monsta, Aquacomputer Aquabus D5, Aquaaero 6 Pro.
Memory	32Gb Kingston Hyper-X 3Ghz
Video Card(s)	Asus 980 Ti Strix
Storage	2 x 950 Pro
Display(s)	Old Acer thing
Case	NZXT 440 Modded
Audio Device(s)	onboard
Power Supply	Seasonic PII 600W Platinum
Mouse	Razer Deathadder Chroma
Keyboard	Logitech G15
Software	Win 10 Pro

System Name	Skypas
Processor	Intel Core i7-6700
Motherboard	Asus H170 Pro Gaming
Cooling	Cooler Master Hyper 212X Turbo
Memory	Corsair Vengeance LPX 16GB
Video Card(s)	MSI GTX 1060 Gaming X 6GB
Storage	Corsair Neutron GTX 120GB + WD Blue 1TB
Display(s)	LG 22EA63V
Case	Corsair Carbide 400Q
Power Supply	Seasonic SS-460FL2 w/ Deepcool XFan 120
Mouse	Logitech B100
Keyboard	Corsair Vengeance K70
Software	Windows 10 Pro (to be replaced by 2025)

System Name	Poor Man's PC
Processor	AMD Ryzen 5 7500F
Motherboard	MSI B650M Mortar WiFi
Cooling	ID Cooling SE 206 XT
Memory	32GB GSkill Flare X5 DDR5 6000Mhz
Video Card(s)	Sapphire Pulse RX 6800 XT
Storage	XPG Gammix S70 Blade 2TB + 8 TB WD Ultrastar DC HC320
Display(s)	Mi Gaming Curved 3440x1440 144Hz
Case	Cougar MG120-G
Audio Device(s)	MPow Air Wireless + Mi Soundbar
Power Supply	Enermax Revolution DF 650W Gold
Mouse	Logitech MX Anywhere 3
Keyboard	Logitech Pro X + Kailh box heavy pale blue switch + Durock stabilizers
VR HMD	Meta Quest 2
Benchmark Scores	Who need bench when everything already fast?

System Name	RyzenGtEvo/ Asus strix scar II
Processor	Amd R5 5900X/ Intel 8750H
Motherboard	Crosshair hero8 impact/Asus
Cooling	360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory	Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s)	Powercolour RX7900XT Reference/Rtx 2060
Storage	Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s)	Samsung UAE28"850R 4k freesync.dell shiter
Case	Lianli 011 dynamic/strix scar2
Audio Device(s)	Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply	corsair 1200Hxi/Asus stock
Mouse	Roccat Kova/ Logitech G wireless
Keyboard	Roccat Aimo 120
VR HMD	Oculus rift
Software	Win 10 Pro
Benchmark Scores	8726 vega 3dmark timespy/ laptop Timespy 6506

Processor	Ryzen 7800X3D
Motherboard	ASRock X670E Taichi
Cooling	Noctua NH-D15 Chromax
Memory	32GB DDR5 6000 CL30
Video Card(s)	MSI RTX 4090 Trio
Storage	Too much
Display(s)	Acer Predator XB3 27" 240 Hz
Case	Thermaltake Core X9
Audio Device(s)	Topping DX5, DCA Aeon II
Power Supply	Seasonic Prime Titanium 850w
Mouse	G305
Keyboard	Wooting HE60
VR HMD	Valve Index
Software	Win 10

System Name	Brightworks Systems BWS-6 E-IV
Processor	Intel Core i5-6600 @ 3.9GHz
Motherboard	Gigabyte GA-Z170-HD3 Rev 1.0
Cooling	Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory	32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s)	EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage	Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s)	Samsung S24E650BW LED x 2
Case	Fractal Design Define R4
Power Supply	EVGA Supernova 550W G2 Gold
Mouse	Logitech M190
Keyboard	Microsoft Wireless Comfort 5050
Software	W10 Pro 64-bit

System Name	Miami
Processor	Ryzen 3800X
Motherboard	Asus Crosshair VII Formula
Cooling	Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory	F4-3600C16Q-32GTZNC
Video Card(s)	XFX 6900 XT Speedster 0
Storage	1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s)	DELL AW3420DW / HP ZR24w
Case	Lian Li O11 Dynamic XL
Audio Device(s)	EVGA Nu Audio
Power Supply	Seasonic Prime Gold 1000W+750W
Mouse	Corsair Scimitar/Glorious Model O-
Keyboard	Corsair K95 Platinum
Software	Windows 10 Pro