• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

Major Intel CPU Hardware Vulnerability Found

Status
Not open for further replies.
Blo3der-Kuh said:
Have you read the offical statement from Intel yet?

I am not sure what to make of it, this is probably the most interesting part:
Click to expand...

It's just a bit of damage control on their part. They are insinuating there are similar vulnerabilities in many other processors but they aren't referring to this one in particular, which might very well be true.
 
Vya Domus said:
It's just a bit of damage control on their part.
Click to expand...
I read it more as deflect the attention away from Intel, and claim other companies are at fault.
 
Last edited:
Some testing in linux... not sure how that translate to windows though. Seems like the testing up top is brutal. Good news for most tpu readers that the consumer loads, encoding and compiling, didnt show a difference.
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2

There's also a link at the bottom showing zero difference in games.

Again... not sure how this translates to windows... that top part is rough though. DC and cloud providers are going to take a beating.


Intel also responded, saw this in another thread here, and said there are a lot of rumors out as far as performance hits go, it will be fixed, and improvements to performance will happen over time.
 
Computer Base also has some Windows tests done using a Win10 Insider Preview which has the fix enabled.

Full article here in German, charts below. Graphics card used for AC: Origins was a GTX 1080 Ti.

1515017841347.png1515017869379.png1515017915153.png
Performance loss is only marginal in most cases, M.2 SSD performance does take quite a hit though. The loss in AC: Origins is at least measurable (~3%), but only when the CPU is bottlenecking (low details, high FPS).
 
Speculative execution always came with this concern/vulnerability. I do not think this is the exact same issue Intel is dealing with.
 
Why do you think that? Google said...

"We are posting before an originally coordinated disclosure date of January 9, 2018 because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation. The full Project Zero report is forthcoming."

Maybe this intel thing is pushing something unrelated under the rug as i havent seen any other major issue which would cause an announcement to move up by 4 days. They do say "the issue" immediately after 'existing public reports' and 'growing speculation by media'....
 
If there is an ARM issue, I wonder if the AMD PSP is vulnerable, being it is ARM based...
 
EarthDog said:
Why do you think that?
Click to expand...

ARM is fundamentally different from X86_64 ? They also mention how only certain high end processors have this vulnerability , talking probably about cores such as the A72 which have out-of-order execution and dynamic branch predictor. Their problem seems related more to that particular aspect rather than anything else.

Their statement is as cryptic and vague as expected.
 
Blo3der-Kuh said:
Computer Base also has some Windows tests done using a Win10 Insider Preview which has the fix enabled.

Full article here in German, charts below.
Click to expand...
If true, I can live with that. :)
Waiting for the final update and results on servers.

R-T-B said:
If there is an ARM issue, I wonder if the AMD PSP is vulnerable, being it is ARM based...
Click to expand...
Even if, is there any security risk at all? Putting a theoretical gov backdoor aside, I don't think you can access PSP from the OS level. Plus, PSP can access the whole RAM by design, so it's not like this flaw would change much. :-)
 
Last edited:
Vya Domus said:
ARM is fundamentally different from X86_64 ?
Click to expand...

Not really when talking about concepts like rings, virtualization, and page tables. They are quite similar there. It would not surprise me if ARM holdings back in the day licensed vt-d from intel...
 
Yes but my point was from what they said it seems related to other aspects. Maybe I am just looking too much into it and it really is the same issue.
 
So Google has just published their research on the matter. Actually there are three kinds of problems which were identified:
  • Variant 1: bounds check bypass
  • Variant 2: branch target injection
  • Variant 3: rogue data cache load
Variant 3 is called Meltdown, while 1 and 2 are called Spectre.

From what I have read so far AMD processors actually are save at least for Variant 3 which is the one the Linux and Windows Kernels are getting patched for with PTI (page table isolation).

Variant 1 seems to be a problem for all Vendors, but is already fixed or easily fixed by OS updates with negligible performance impact.

Variant 2 seems to be the biggest problem and will need some time to get fixed, although AMD claims they are not affected according to this post by Ryan Shrout.

Edit: Some more information on the bugs called Meltdown and Spectre.
 
Last edited:
Apparenty, the guys who wrote this paper, https://spectreattack.com/spectre.pdf , also found that AMD chips are affected, to a degree.
Though, they talk about different types of attacks, Spectre and Meltdown. From what I've gathered, Meltdown is the "big" one and it affects Intel only, Spectre affects all.
Someone more knowledgeable, or with better reading comprehension can/will learn more.

EDIT: This appears to be a similar research to the one @Blo3der-Kuh posted.
 
As far as I can tell, the only way this will affect my plans of an 8700k is positively. AMD will likely get some needed sales back, which may force Intel to be more competitive on pricing. I've already noticed a recent drop in price from $405 to $390 at Newegg on the 8700k.

Performance wise I see this as a non issue on the latest CPUs, especially with balanced hardware spec. I'm actually more concerned about cell phone security, since I finally bit the bullet and decided to get one. Yeah I'm a retro grouch about some things, sue me.
 
Frag Maniac said:
I'm actually more concerned about cell phone security
Click to expand...

Yes, this is probably the biggest problem. According to Google you are safe when you are running Android with the January 2018 security patches installed. I hope Sony keeps up the pace with their updates for my XZ ;)
 
I wouldn't scream AMD is better, because obviously it isn't for many reasons. Cheaper? Yes and I use my for gaming and does just fine for that. I don't run tests on speed of overclocking abilities or any of that crap. But what I use it for it handles perfect. Gaming and video editing mostly, oh and Internet of course.
 
it seems that Intel has ruined AMD's Party:rolleyes:
 
About spectre 1 and BPF JIT

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

You can look in linux kernel documentatio what it is:
(IMO, not that useful stuff, like GRUB command line or kernel root console #)

https://www.mjmwired.net/kernel/Documentation/sysctl/net.txt

proc/sys/net/core - Network core options

bpf_jit_enable

This enables the BPF Just in Time (JIT) compiler. BPF is a flexible
and efficient infrastructure allowing to execute bytecode at various
hook points. It is used in a number of Linux kernel subsystems such
as networking (e.g. XDP, tc), tracing (e.g. kprobes, uprobes, tracepoints)
and security (e.g. seccomp). LLVM has a BPF back end that can compile
restricted C into a sequence of BPF instructions. After program load
through bpf(2) and passing a verifier in the kernel, a JIT will then
translate these BPF proglets into native CPU instructions. There are
two flavors of JITs, the newer eBPF JIT currently supported on:
 
Status
Not open for further replies.
Back
Top