• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
35,878 (8.85/day)
Likes
18,315
Location
Hyderabad, India
System Name Dronacharya
Processor AMD Ryzen 7 2700X
Motherboard MSI B450 Gaming Pro Carbon AC
Cooling AMD Wraith Prism
Memory 2x 16GB Corsair Vengeance LPX DDR4-3000
Video Card(s) Colorful iGame GTX 1070 Ti Vulcan X
Storage Crucial MX500 500GB
Display(s) Samsung U28D590 28-inch 4K UHD
Case Corsair Carbide 100R
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Antec EarthWatts Pro Gold 750W
Mouse Razer Abyssus
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro
#1
A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.

 
Joined
Apr 12, 2013
Messages
1,756 (0.86/day)
Likes
790
#2
Considering the potential loss of revenues & face, a 100 grands sounds like peanuts to me! If only Intel would've spent more on making processors secure instead of hotchips presentation:ohwell:
 
Last edited:
Joined
Nov 14, 2012
Messages
531 (0.24/day)
Likes
124
System Name Outdated
Processor i7-6700K @ 5 GHz / 1.45v (Without Pigeon Poop)
Motherboard Asus Maximus Gene Z170
Cooling Custom Water @ 20 dB
Memory 32 GB DDR4 3600/CL15
Video Card(s) 1080 Ti @ 2050/1520 (Fullblock)
Storage 2x 850 Evo 500 GB - Raid 0
Display(s) Asus PG279Q 27" 1440p/AHVA/165 Hz/Gsync + LG C7V 65" 2160p/OLED/HDR
Case Fractal Define Mini C
Audio Device(s) Asus Essence STX w/ Upgraded Op-Amps
Power Supply EVGA SuperNOVA 850 G2
Mouse Logitech G403 / PWM3366
Keyboard Logitech G610 / MX Red + O Rings
Software Windows 10 Pro x64
#3
Great. Didn't know Intel paid people to discover bugs. Does AMD pay people to find bugs too? I don't hear alot about Ryzenfall, Chimera and Masterkey these days. Only that it "should" be fixed in Zen 2.
 
Joined
Feb 18, 2013
Messages
1,253 (0.60/day)
Likes
526
Location
KL, Malaysia
System Name Rainbow Air 240
Processor Intel Core i5-7600K (Stock)
Motherboard ASUS PRIME H270M-PLUS mATX
Cooling Corsair Hydro H60 (2018) AIO + 3 x HD120 RGB w/ Commander PRO
Memory Corsair Vengeance LPX 16GB DDR4 2.4GHz (2 x 8GB kits, Black)
Video Card(s) Zotac GeForce GTX970 4GB Reference (Stock)
Storage Samsung 960 EVO 250GB M.2 PCIe SSD + Seagate FireCuda Desktop 1TB SSHD + Intel 540 Series 240GB SSD
Display(s) LG Flatron 29WK600 29in Ultrawide 1080p IPS
Case Corsair Carbide Air 240 SFF mATX (Black) + Lighting Node PRO RGB LED Strips (2)
Audio Device(s) ASUS XONAR DX PCIe Sound Card + Corsair VOID Stereo Gaming Headset
Power Supply Corsair RM750x 80+ Gold Fully Modular
Mouse Corsair M65 RGB (White) + MM800 Polaris RGB Mouse Mat
Keyboard Corsair STRAFE RGB Mechanical (Cherry MX RGB Red)
Software Windows 10 Professional x64 October Update. (1809)
Benchmark Scores CDM Sequential @ 1GB (960 Evo): R: 3053MB/s, W: 1264MB/s CineBench R15 CPU score: 730 pt
#4
here we go again... == come on Intel... you can do better than that.
 
Joined
Jan 17, 2006
Messages
640 (0.14/day)
Likes
169
Location
Ireland
System Name Elysium
Processor i7-4790k @ 4800MHz (re-lidded)
Motherboard Asus Z97-WS
Cooling Custom 3 radiator loop for CPU and GPUs, D5 pump
Memory 32GB (4 x 8GB) GSkill @ 2400MHz
Video Card(s) 2 x R9 290x with full cover blocks
Storage Plextor P6E M.2 (OS/work). Samsung 950 Pro 512GB on NVMe card (Games etc.)
Display(s) BenQ BL3200
Case Xigmatek Elysium
Audio Device(s) On board, SBZ + HDMI to sound processor
Power Supply Corsair AX1500i
Mouse Mad Catz MOUS 9
Keyboard K95 RGB
Software Windows 10 Pro x64
Benchmark Scores #1 worldwide on 3D Mark 99 or 2000 or one of those, at one point back in the day. :)
#6
Because these bugs/vulnerabilities are only usable if you already have admin/root permissions on the machine you want to attack which makes these flaws pretty useless as far as i know.
Aren't they also mitigated in the latest AGESA?
 
Joined
Oct 10, 2009
Messages
292 (0.09/day)
Likes
52
Location
Madrid, Spain
System Name Cubito
Processor Core i7-8700K
Motherboard Gigabyte Z370M D3H
Cooling Noctua NH-D15
Memory 32 GB DDR4 3000mhz Corsair Vengeance LPX
Video Card(s) Gigabyte GTX 1070Ti
Storage Kingston V300 120GB + Samsung 850 EVO 250GB + Toshiba MQ01ABD100 1 TB x 2
Display(s) Asus ROG Swift PG258Q + Asus VS229
Case Thermaltake Core V21
Audio Device(s) Asus Xonar Xense
Power Supply Corsair RMX750
Mouse Roccat Nyth
Keyboard Apple Keyboard
Software Windows 10 Home x64
#7
Great. Didn't know Intel paid people to discover bugs. Does AMD pay people to find bugs too?
It's not an uncommon way to test things or headhunt talented people.
 
Joined
Oct 17, 2014
Messages
1,646 (1.11/day)
Likes
758
Location
USA
System Name $170 family PC, rest was reused old parts.
Processor Ryzen Athlon 200GE @ 3.2Ghz ($55)
Motherboard Biostar A320M Pro ($42)
Memory 8gb (2x4) DDR4 2666 CAS 15-15-15 ($63)
Video Card(s) Vega 3 Integrated
Storage 120GB SSD
Display(s) AOC 22V2H 21.5" Frameless 75hz Freesync
Case Thermaltake View 22
Audio Device(s) Schiit Modi 3 + Custom Tube Amp + Sennheiser HD58X
Power Supply Corsair 750w Bronze
Mouse Roccat Kone AIMO
Keyboard Logitech G610+ Cherry MX Red
Software Ubuntu
#8
At this rate, I think I might just go Ryzen next year for my final build.
 

MT66

New Member
Joined
Feb 21, 2017
Messages
15 (0.02/day)
Likes
7
#9
At this rate, I think I might just go Ryzen next year for my final build.
I think ryzen 3000 series is going to be very good, this is just a speculation on my part but AMD is claiming vega 7nm is touting 35% performance increase over Vega 14nm so if they can get close to that number on ryzen 3000 also getting that 7nm treatment that should be a pretty significant boost to performance.
 
Joined
Nov 14, 2012
Messages
531 (0.24/day)
Likes
124
System Name Outdated
Processor i7-6700K @ 5 GHz / 1.45v (Without Pigeon Poop)
Motherboard Asus Maximus Gene Z170
Cooling Custom Water @ 20 dB
Memory 32 GB DDR4 3600/CL15
Video Card(s) 1080 Ti @ 2050/1520 (Fullblock)
Storage 2x 850 Evo 500 GB - Raid 0
Display(s) Asus PG279Q 27" 1440p/AHVA/165 Hz/Gsync + LG C7V 65" 2160p/OLED/HDR
Case Fractal Define Mini C
Audio Device(s) Asus Essence STX w/ Upgraded Op-Amps
Power Supply EVGA SuperNOVA 850 G2
Mouse Logitech G403 / PWM3366
Keyboard Logitech G610 / MX Red + O Rings
Software Windows 10 Pro x64
#10
I think ryzen 3000 series is going to be very good, this is just a speculation on my part but AMD is claiming vega 7nm is touting 35% performance increase over Vega 14nm so if they can get close to that number on ryzen 3000 also getting that 7nm treatment that should be a pretty significant boost to performance.
Won't happen core vs core

I'd be very happy if Zen 2 reaches 4.5 GHz... The 1700 in my server can't even do 4 GHz stable
 
Joined
Nov 14, 2012
Messages
531 (0.24/day)
Likes
124
System Name Outdated
Processor i7-6700K @ 5 GHz / 1.45v (Without Pigeon Poop)
Motherboard Asus Maximus Gene Z170
Cooling Custom Water @ 20 dB
Memory 32 GB DDR4 3600/CL15
Video Card(s) 1080 Ti @ 2050/1520 (Fullblock)
Storage 2x 850 Evo 500 GB - Raid 0
Display(s) Asus PG279Q 27" 1440p/AHVA/165 Hz/Gsync + LG C7V 65" 2160p/OLED/HDR
Case Fractal Define Mini C
Audio Device(s) Asus Essence STX w/ Upgraded Op-Amps
Power Supply EVGA SuperNOVA 850 G2
Mouse Logitech G403 / PWM3366
Keyboard Logitech G610 / MX Red + O Rings
Software Windows 10 Pro x64
#12
Yeah true, but maybe he's talking overall (MT) performance?
Would easily be possible - if they up the max core/threads to 12/24 or 16/32

If they want to attract gamers, they need the clockspeed boost instead of adding more cores, preferably both

8C/16T with single/duo core boost at 4.5 GHz boost out of the box and 4.6-4.8 GHz max OC would be very good. Dream scenario

TSMC should be better for high clocks compared to GloFo
 
Joined
Oct 17, 2014
Messages
1,646 (1.11/day)
Likes
758
Location
USA
System Name $170 family PC, rest was reused old parts.
Processor Ryzen Athlon 200GE @ 3.2Ghz ($55)
Motherboard Biostar A320M Pro ($42)
Memory 8gb (2x4) DDR4 2666 CAS 15-15-15 ($63)
Video Card(s) Vega 3 Integrated
Storage 120GB SSD
Display(s) AOC 22V2H 21.5" Frameless 75hz Freesync
Case Thermaltake View 22
Audio Device(s) Schiit Modi 3 + Custom Tube Amp + Sennheiser HD58X
Power Supply Corsair 750w Bronze
Mouse Roccat Kone AIMO
Keyboard Logitech G610+ Cherry MX Red
Software Ubuntu
#13
Also if one invests in a freesync monitor it does make any loss of performance vs intel and nvidia go further, same with gsync and say you can only afford a gtx 1060 at 144hz 1080p, like sure you vant crank everything to ultra, but its all about that smoothness that really creates the experience if you have gsync. same thing/logic applies to any future all AMD builds I plan to do, not to mention I probably will be saving $300-400 by going Freesync 2 HDR600 over gsync HDR600 - and I do have every intention of buying a monitor like that in 2019 or 2020 when I do my ultimate build, so we will just see how things play out. I am leaning towards AMD even if its 10% slower across the board, mainly out of respect, but also because of no security issues, and on top of all that 10% is not really noticeable when you add in freesync or gsync, etc.
 

MT66

New Member
Joined
Feb 21, 2017
Messages
15 (0.02/day)
Likes
7
#14
Won't happen core vs core

I'd be very happy if Zen 2 reaches 4.5 GHz... The 1700 in my server can't even do 4 GHz stable
Glofo is claiming 5ghz-ish with their 7nm process so I don't see why the tsmc 7nm process should not enable 5ghz-ish for ryzen 3000. I think an overlooked aspect of what AMD has been using process node wise is that its a 14nm samsung node used by Glofo, as far as I know samsung only make mobile centric processors where power efficiency is a premium and clock speed tend to be in the 1ghz to maybe 3ghz range, I dont believe there is a high performance variant of a samsung node just low power, TSMC and Glofo both state they will have both a high performance and low power verison of their 7nm process. This is why I believe the ryzen clock speeds have been lacking but power efficiency has been pretty good. Either way in time it will be revealed.
 
Joined
Aug 6, 2017
Messages
2,651 (5.70/day)
Likes
1,531
Location
Poland
System Name skurwiel szatan
Processor i7 5775c OC:4.3/1.36v/EDRAM @2GHz Power save: 3.3/1.06v
Motherboard Z97X Gaming 5
Cooling Noctua D15S
Memory Crucial Ballistix Tactical LP DDR3L 2133MHz 9-9-9-27-1T 1.512v.
Video Card(s) MSI GTX 1080 Ti Gaming X Trio
Storage SU900 128 (OS),850 Pro 256+256+ 512+860 Evo 500 (games),4TB of HDDs (3+1)
Display(s) Acer XB241YU+Dell S2716DG dual monitor setup
Case Full tower
Audio Device(s) Mad Catz FREQ wireless
Power Supply Superflower Leadex Gold 850W
Mouse G403 wireless + Steelseries DeX + Roccat rest
Keyboard Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
#15
If they want to attract gamers, they need the clockspeed boost instead of adding more cores, preferably both
If they want gamers they first need to do something with this horrendous latency that CCX design produces, otherwise Intel will beat them in gaming as long as they keep using ring design.
 
Joined
Oct 5, 2017
Messages
184 (0.45/day)
Likes
154
#16
Great. Didn't know Intel paid people to discover bugs. Does AMD pay people to find bugs too? I don't hear alot about Ryzenfall, Chimera and Masterkey these days. Only that it "should" be fixed in Zen 2.
You don't hear about them because they're not actually AMD specific bugs - They're bugs in ASMedia products that Intel also uses extensively. AMD already patched them, it didn't require Zen 2, and the root of the vulnerability was ASMedia

Meanwhile, there’s no sign of any effort by CTS Labs to address the backdoors and critical security flaws baked into tens of millions of Intel motherboards courtesy of their onboard Asmedia controllers, even though the ASM1042 and ASM1142 have shipped on Intel products for the past six years.
https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole

The only reason that they were ever phrased as being solely AMD-relevant was that the company that publicised them, was making an attempt to manipulate AMD stocks. That's why the legal disclaimer on their site states: "CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate. "

They're also linked to Viceroy Research (Who published a HYSTERICAL hit piece on AMD within hours of the CTS publication), and who have done this before, even going as far as to say "We take a financial position in our research and our readers should assume we have a position on the stock."

https://www.businesslive.co.za/bd/c...-out-the-info-to-make-a-killing-on-steinhoff/
 
Joined
Aug 6, 2017
Messages
2,651 (5.70/day)
Likes
1,531
Location
Poland
System Name skurwiel szatan
Processor i7 5775c OC:4.3/1.36v/EDRAM @2GHz Power save: 3.3/1.06v
Motherboard Z97X Gaming 5
Cooling Noctua D15S
Memory Crucial Ballistix Tactical LP DDR3L 2133MHz 9-9-9-27-1T 1.512v.
Video Card(s) MSI GTX 1080 Ti Gaming X Trio
Storage SU900 128 (OS),850 Pro 256+256+ 512+860 Evo 500 (games),4TB of HDDs (3+1)
Display(s) Acer XB241YU+Dell S2716DG dual monitor setup
Case Full tower
Audio Device(s) Mad Catz FREQ wireless
Power Supply Superflower Leadex Gold 850W
Mouse G403 wireless + Steelseries DeX + Roccat rest
Keyboard Razer Deathstalker
Software Windows 10
Benchmark Scores A LOT
Joined
Mar 6, 2017
Messages
1,185 (1.92/day)
Likes
447
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
#19
If they want gamers they first need to do something with this horrendous latency that CCX design produces, otherwise Intel will beat them in gaming as long as they keep using ring design.
I figure that that will be solved by the introduction of DDR5 in the coming years.
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
10,878 (2.89/day)
Likes
15,368
Location
Louisiana -Laissez les bons temps rouler!
System Name Bayou Devil
Processor Core i7-4790k 4.4Ghz @ 1.18v
Motherboard ASUS Z97 Deluxe
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax T40F CPU cooler
Memory 2x 8GB Mushkin Redline DDR-3 1866
Video Card(s) MSI GTX 1080Ti Gaming X
Storage 1x 500 MX500 SSD; 2x 2TB WD Black; 1x4TB WD Black;1x 2TB WD Green (eSATA)
Display(s) HP 27q 27" IPS @ 2560 x 1440
Case Fractal Design Define R4 Black w/Titanium front -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic X-850
Mouse Coolermaster Sentinel III
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
#20
At this rate, quarterly fixes should have us back to Northwood performance in no time. :rolleyes:
 
Joined
Oct 5, 2017
Messages
184 (0.45/day)
Likes
154
#22
If they want gamers they first need to do something with this horrendous latency that CCX design produces, otherwise Intel will beat them in gaming as long as they keep using ring design.
You're really overblowing that issue. AMD's Intra-CCX latency is actually slightly lower than Intel's Ring Bus architecture (39.38ns for data to travel between cores in a CCX, versus Intel's 43.10).

Yes, when you move between CCXs there's a difference, but especially with Ryzen 2, users won't see any difference at all until they move beyond 4 cores for a task. I'd also note that while Intel's monolithic design helps them to have 6 cores with low latency on the 8700K, the 7820X actually sees a dramatic jump in Ring Bus latency.

This was tested with DDR-2933 RAM by Tom's Hardware. The OC'd 2700X result used 3466.


 
Last edited:

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,893 (4.39/day)
Likes
6,038
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.5Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Corsair H100i V2
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 SSD Raid-0, 4x1Tb RAID-5, 1x500GB, 1x512GB Samsung 960 Pro NVMe
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 18.04
Benchmark Scores Benchmarks aren't everything.
#23
A malicious program already running on the affected machine can
Your machine might be at risk if it has already been infected. Really? I would have never known. :rolleyes:
 
Joined
Oct 5, 2017
Messages
184 (0.45/day)
Likes
154
#24
Your machine might be at risk if it has already been infected. Really? I would have never known. :rolleyes:
This is different to that program already having access to all the data on your machine or in memory.

If you had a program on your machine that had no admin-level access, and was capable of doing very little malicious without that access, that's one thing. Some low-level adware or whatever.

This vulnerability would enable a program running in such restricted conditions, to access data beyond those restrictions. That's potentially quite significant.
 
Joined
Apr 30, 2011
Messages
1,062 (0.39/day)
Likes
1,059
Location
Greece
Processor AMD FX-8350 4GHz@1.3V
Motherboard Gigabyte GA-970A UD3 Rev3.0
Cooling Zalman CNPS5X Performa
Memory 2*4GB Patriot Venom RED DDR3 1600MHz CL9
Video Card(s) XFX RX580 GTS 4GB
Storage Sandisk SSD 120GB, 2 Samsung F1 & F3 (1TB)
Display(s) LG IPS235
Case Zalman Neo Z9 Black
Audio Device(s) Via 7.1 onboard
Power Supply OCZ Z550
Mouse Zalman ZM-M401R
Keyboard Trust GXT280
Software Win 7 sp1 64bit
Benchmark Scores CB R15 64bit: single core 99p, multicore 626p WPrime 1.55 (8 cores): 9.0 secs
#25
Won't happen core vs core

I'd be very happy if Zen 2 reaches 4.5 GHz... The 1700 in my server can't even do 4 GHz stable
Since we got from 3.9-4.1 to 4.2-4.4 with a refresh and without tweaks in the arch on basically the same production line which with some tweaks got from 14nm to 12nm, a full node improvement to 7nm alongside a big improvement encore can easily reach very close or above the 5GHz limit at stock boost for 1-2 thread needs. My 5 cents.
 
Top