• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "BranchScope" Side-channel CPU Vulnerability Threatens Modern Processors

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
38,242 (8.39/day)
Location
Hyderabad, India
Processor AMD Ryzen 7 2700X
Motherboard ASUS ROG Strix B450-E Gaming
Cooling AMD Wraith Prism
Memory 2x 16GB Corsair Vengeance LPX DDR4-3000
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro
In the age of cyber-security vulnerabilities being named by their discoverers, much like incoming tropical storms, the latest, which exploits speculative execution of modern processors, is named "BranchScope," discovered by academics from four US universities, Dmitry Evtyushkin, Ryan Riley, Nael Abu-Ghazaleh, and Dmitry Ponomarev. The vulnerability has been successfully tested on Intel "Sandy Bridge," "Haswell," and "Skylake" micro-architectures, and remains to be tested on AMD processors. It bears similarities to "Spectre" variant 2, in that it is an exploit of the branch prediction features of modern CPUs.

BranchScope differs from Spectre variant 2, in that while the latter exploits the branch target buffer, BranchScope goes after the directional branch predictor, a component that decides which speculative operations to execute. By misdirecting it, attackers can make the CPU read and spit out data from the memory previously inaccessible. The worst part? You don't need administrative privileges to run the exploit, it can be run from the user-space. Unlike CTS-Labs, the people behind the BranchScope discovery appear to have alerted hardware manufacturers significantly in advance, before publishing their paper (all of it, including technicals). They will present their work at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018), later today.



View at TechPowerUp Main Site
 
  • Like
Reactions: HTC
Joined
Jan 8, 2017
Messages
4,827 (4.10/day)
System Name Good enough
Processor AMD Ryzen R7 1700X - 4.0 Ghz / 1.350V
Motherboard ASRock B450M Pro4
Cooling Scythe Katana 4 - 3x 120mm case fans
Memory 16GB - Corsair Vengeance LPX
Video Card(s) OEM Dell GTX 1080
Storage 1x Samsung 850 EVO 250GB , 1x Samsung 860 EVO 500GB
Display(s) 4K Samsung TV
Case Zalman R1
Power Supply 500W
If they don't make a fancy website and some buzzfeed type videos about this it ain't worth our time. :laugh:

Joking aside , I wonder just how many of these things will be found out until no one will care anymore.
 
Joined
Dec 16, 2017
Messages
644 (0.77/day)
Location
Argentina
System Name Desktop5
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling AMD Wraith Stealth
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage Kingston HyperX Fury 240 GB // Toshiba 2 TB HDD // WD 2 TB HDD // Mushkin Triactor 3DL 256 GB
Display(s) LG 22MP55 IPS Display
Case Corsair Carbide 100R
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Logitech Wireless Mouse M280 // Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Windows 10
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..
 
Joined
Oct 27, 2009
Messages
745 (0.20/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..
Hopefully they will develop better design and coding practices...
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
8,488 (1.55/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
At least it seems like they told Intel in advance..
Again time to pull on the Chamber pot i have covered in tinfoil to wear as a security Hat :)
To me this smacks of the PAST 3 letter Agency Activity in Action and their pet BackDoors now useless coming to the fore.
The Full body Armor living in a faraday cage nutters Said those 3 l A had paid Intel to Bake in Back Doors

Time for me to go i can feel something dripping down my neck :)
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,911 (4.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply FSP Hydro GE 550w :: something
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I predict this whole "vulnerabilities everywhere" thing won't stop anytime soon.

At least it seems like they told Intel in advance..
Sure seems to be the trend doesn't it... I guess we can no longer trust win xp on an unprotected network anymore... :laugh:
 
Joined
Feb 15, 2018
Messages
133 (0.17/day)
An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story
 
Joined
Jul 29, 2014
Messages
476 (0.23/day)
Location
Fort Sill, OK
Processor Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard Asus Maximus IX Code
Cooling Corsair Hydro H115i Platinum
Memory 48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s) nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage Intel 760p 2280 2TB
Display(s) MSI Optix MPG27CQ Black 27" 1ms 144hz
Case Thermaltake View 71
Power Supply EVGA SuperNova 1000 Platinum2
Mouse Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software Windows 10 Enterprise 1803
Benchmark Scores Yes I am Intel fanboy that is my benchmark score.
An Another day... an another security vulnerability/ hack / data breach/ data exploits....

its just a normal day guyz... people will forget in 1 or 2 days..until the next major security breach comes in..

its a normal businees day for intel/AMD/facebook/yahoo etc...
people will still buy them & use them....no matter what..for there's nothing a normal consumer can do...
end of the story

"You don't need administrative privileges to run the exploit, it can be run from the user-space."
 

the54thvoid

Moderator
Staff member
Joined
Dec 14, 2009
Messages
7,607 (2.02/day)
Location
Glasgow - home of formal profanity
System Name Newer Ho'Ryzen
Processor Ryzen 3700X
Motherboard Asus Crosshair VI Hero
Cooling TR Le Grand Macho
Memory 16Gb G.Skill 3200 RGB
Video Card(s) RTX 2080ti MSI Duke @2Ghz ish
Storage Samsumg 960 Pro m2. 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Lian Li PC-V33WX
Audio Device(s) On Board
Power Supply Seasonic Prime TItanium 850
Software W10
Benchmark Scores Look, it's a Ryzen on air........ What's the point?
This announcement so clearly demonstrates the very bad PR extravaganza that was CTS-Labs. This has no inflammatory statements, it is not derogatory and it does not make predictions of gloom and doom. This is how these things are meant to be released, as far as we can see, and also, more importanly, how news outlets should cover them.

As far as this breach, I assume it means you can read the cached RAM data remotely? Not as dangerous as a BIOS infected system but as it does not require admin rights, possibly far more likely to happen.
 
Joined
May 6, 2012
Messages
184 (0.06/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
This looks bad. In essence , because intel has made its branch prediction logic so good (the reason Intel CPUs are as good as they are at what they do) , it knows too much and tells anyone (on the same host) who knows how to ask everything.

We demonstrate BranchScope on three recent Intel x86_64
processors — Sandy Bridge, Haswell and Skylake. To perform
BranchScope, the attacker does not need to reverse-engineer
the details of the branch predictor operation, and only needs
to perform simple manipulations with the prediction state
machines from the user space. We also demonstrate how
BranchScope can be extended to attack SGX enclaves even if
recently-proposed protections are implemented. We show
that BranchScope can be performed across hyperthreaded
cores, advancing previously demonstrated BTB-based attacks
which leaked information only between processes scheduled
on the same virtual core [21].
 
Joined
Nov 3, 2013
Messages
1,638 (0.70/day)
Location
Tokyo, Ota
Processor i5 - 7300HQ
Memory 8GB DDR4
Video Card(s) 1060 6GB
Storage 180GB m.2 SATA | 250GB 850Evo SATA
Display(s) FHD 15" Gsync IPS + Acer H243H
Mouse Rival 300 with Omron main switches.
Keyboard Apex m500 (mx red)
Joined
May 19, 2009
Messages
1,373 (0.35/day)
Location
Latvia
System Name Personal \\ Work - HP EliteBook 840 G3
Processor i7-4790K \\ i7-6500U
Motherboard MSI Z97 Gaming 7
Cooling Noctua DH-15
Memory Corsair Vengeance Pro 32GB 2400 MHz \\ 16GB DDR4-2133
Video Card(s) ASUS RoG Strix 1070 Ti\\ Intel 520 HD
Storage Samsung 850 Pro 512GB, WD Black 2 TB, Samsung 970 Pro 512GB \\ Samsung 256GB SSD
Display(s) BenQ XL2411Z \\ FullHD + 2x HP Z24i external screens via docking station
Case Fractal Design Define Arc Midi R2 with window
Audio Device(s) Realtek ALC1150 with Logitech Z323
Power Supply Corsair AX860i
Software Windows 10
How much performance loss this time? :/
 
Joined
May 6, 2012
Messages
184 (0.06/day)
Location
Estonia
System Name Steamy
Processor Ryzen 7 2700X
Motherboard Asrock AB350M-Pro4
Cooling Wraith Prism
Memory 2x8GB HX429C15PB3AK2/16
Video Card(s) R9 290X WC
Storage 960Evo 500GB nvme
Case Fractal Design Define Mini C
Power Supply Seasonic SS-660XP2
Software Windows 10 Pro
Benchmark Scores http://hwbot.org/user/kinski/ http://valid.x86.fr/qfxqhj https://goo.gl/uWkw7n
Any "fixes" on branch predictor logic come with performance cost.

Couple percent up to double digits on edge cases.
 
Joined
Mar 18, 2008
Messages
4,908 (1.12/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA 2080Ti
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) Acer K272HUL, HTC Vive
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
Software Windows 10 Professional/Linux Mint
Wait a minute. No green screened video? No flashy "XXX Flaws" websites? No "CPU Companies should file chapter 11"? What is wrong with this?

Oh wait, this is from actual security researcher, not some attention whore.
 
Joined
Sep 15, 2015
Messages
664 (0.40/day)
Location
Latvija
System Name Fujitsu Siemens, HP Workstation
Processor Athlon x2 5000+ 3.1GHz, i5 2400
Motherboard Asus
Memory 4GB Samsung
Video Card(s) rx 460 4gb
Storage 750 Evo 250 +2tb
Display(s) Asus 1680x1050 4K HDR
Audio Device(s) Pioneer
Power Supply 430W
Mouse Acme
Keyboard Trust
Is that mean Sandy Bridge needs to run in offline (no internet) mode.
 
Joined
Aug 2, 2012
Messages
602 (0.22/day)
Location
Netherlands
System Name TheDeeGee's PC
Processor Intel Core i7 4770K
Motherboard Gigabyte Z87X-UD5H
Cooling Noctua NH-U14S
Memory Crucial Ballistix Tactical LP 16GB
Video Card(s) MSI GTX 1070 AERO OC
Storage Crucial M4 256GB, 2x Western Digital 1TB 2,5"
Display(s) EIZO CX240
Case Antec P280
Audio Device(s) Creative SoundBlaster ZxR
Power Supply Seasonic P-760
Mouse Logitech G500s
Keyboard Logitech G710+
Software Windows 10 Pro 64-Bit
So at the end with all 139875945 patches applied our CPUs will perform like a Pentium 3.
 
Joined
Sep 11, 2015
Messages
376 (0.23/day)
The only lesson from this is: never trust your personal data to any computer that is even remotely online. Have a separate PC at home without any access to the internet. Probably until the end of time, this is the only truth about data security. Only way you can stop reading these news and sleep tight.
 
Joined
Aug 20, 2007
Messages
12,677 (2.75/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 32" 1440p LG 32GK850F Freesync 2 Monitor based on an AU Optronics true 8-bit AMVA Panel
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
The only lesson from this is: never trust your personal data to any computer that is even remotely online.
That's extreme.

I've always been more partial to the philosophy of "make your data harder to access than it's worth"

That can be acomplished, even today.
 
Joined
Dec 3, 2014
Messages
154 (0.08/day)
Location
Marabá - Pará - Brazil
System Name KarymidoN TitaN
Processor AMD Ryzen 7 3700X
Motherboard Gigabyte X470 Aorus Ultra Gaming
Cooling Corsair H105 @ Push-Pull
Memory 4x Crucial BallistX 8GB 2666mhz
Video Card(s) MSI GTX 970 GAMING 4GB (3,5gb lol)
Storage Corsair Force MP300 120gb | 4TB HDD
Display(s) 4X 1080P LG Monitors
Case Thermaltake Core V71
Power Supply Corsair TX 600
So this guys actually sent an advanced warning to Intel? No Intelflaws.com? hmmm :laugh:
Jokes aside, what a good reading on their paper, really a professional work on finding a explaining the Vulnerability.
 
Top