• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Spectre Vulnerability Version Beats All Mitigations, Performance to Badly Degrade After the Fix

AleksandarK

Staff member
Joined
Aug 19, 2017
Messages
1,058 (0.77/day)
Researches from the University of Virginia and University of California San Diego have published their latest case study. The two universities have worked hard to discover a new Spectre vulnerability variant that can pass all of the existing Spectre mitigations and exploit all of the existing processors coming from Intel and AMD. The vulnerability exploits all of the existing x86 processors, and as it is new, there are not implementations of hardware mitigation. The whitepaper called "I see dead μops" takes the implementation of exploiting micro-op caches that could lead to a potential data leak in the processor, which is leading to a Spectre-type exploit.

Modern x86 processors break down complex instructions into smaller RISC-like units called micro-ops, in the frontend, where it makes the design of the backend part much simpler. The micro-ops are stored in the micro-ops cache. The paper is describing micro-op cache-based timing channel exploits in three primary settings: "a) across code regions within the same thread, but operating at different privilege levels, (b) across different co-located threads running simultaneously on different SMT contexts (logical cores) within the same physical core, and (c) two transient execution attack variants that leverage the micro-op cache to leak transiently accessed secrets, bypassing several existing hardware and software-based mitigations, including Intel's recommended LFENCE."



For more details about the ways of exploiting the data, it is recommended to read the paper in full. However, if you are wondering about the possible mitigations of this exploit, there could be some bad news regarding performance. Both Intel and AMD have been informed about the attack, and the solution is coming our way. However, since the exploit targets a low-level caching structure, a possible solution would take a severe degradation of performance, as believed by researchers. Maybe Intel and AMD find a solution that is not as severe, but rather a modest one. We must wait to find out.

View at TechPowerUp Main Site
 
Joined
Mar 31, 2014
Messages
1,276 (0.49/day)
Location
Grunn
System Name Indis the Fair
Processor R5 3600 (PBO 150/130/130, 73c temp limit, FCLK/UCLK 1866)
Motherboard Asus Prime X470 Pro
Cooling Heatkiller VI Pro, VPP755 V.3, XT45 240mm, 2xA12x25, Arctic P14 case fans
Memory G.Skill Ripjaws V 2x16GB 4000 16-19-19 (b-die@3733 14-15/9-13-26-36 1.45v)
Video Card(s) EVGA 2080 Super Hybrid (A12x25 fan)
Storage 860EVO 500GB, 660p 1TB, WD Blue 3D 1TB, Sandisk Ultra 3D 2TB
Display(s) BenQ XL2430T, Dell P2417H
Case Phanteks Enthoo Pro M
Audio Device(s) DT770 Pro, Topping A50, Focusrite Scarlett 2i2, Røde VXLR+, Modmic 5
Power Supply Seasonic 860w Platinum
Mouse Razer Viper Mini, Razer Gigantus
Keyboard GMMK Fullsize v2 (Gateron Browns)
Software Win10 x64/Win7 x64/Ubuntu
:sleep:

Nothing we haven't seen before... Superscalar out of order with the levels of speculative execution and caching that are enabled by modern processes will always be vulnerable to this kind of attack. Go make a new paradigm if you want to build something that's secure from the ground up, but trust me, you'll lose a lot of performance along the way.
 

Mussels

Moderprator
Staff member
Joined
Oct 6, 2004
Messages
49,822 (8.21/day)
Location
Australalalalalaia.
System Name Rainbow Sparkles
Processor Ryzen R7 5800X
Motherboard Asus x570 Gaming-F
Cooling EK 240mm RGB AIO | Custom 280mm EK loop
Memory 64GB DDR4 3600 Corsair Vengeance RGB @ 3800 C16
Video Card(s) Galax RTX 3090 SG 24GB (0.8v 1.8GHz) - EK ARGB block
Storage 1TB Sasmsung 970 Pro NVME + 500GB 850 Evo
Display(s) Gigabyte G32QC + Phillips 328m6fjrmb (32" 1440p 165Hz/144Hz curved )
Case Fractal Design R6
Audio Device(s) Razer Leviathan + Corsair Void pro RGB, Blue Yeti mic
Power Supply Corsair HX 750i (Platinum, fan off til 300W)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE
Software Windows 10 pro x64 (all systems)
Benchmark Scores Lots of RGB, so you know it's fast.
Joined
Oct 22, 2014
Messages
11,951 (4.98/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel i5-9600KF
Motherboard NZXT N7 Z370 Black
Cooling Cooler Master 240 RGB AIO / Stock
Memory Thermaltake Toughram 16GB 4400MHz DDR4 or Gigabyte 16GB 3600MHz DDR4 or Adata 8GB 2133Mhz DDR4
Video Card(s) Asus Dual 1060 6GB
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
So physical access is required to implement any exploit?
 
Joined
Mar 31, 2014
Messages
1,276 (0.49/day)
Location
Grunn
System Name Indis the Fair
Processor R5 3600 (PBO 150/130/130, 73c temp limit, FCLK/UCLK 1866)
Motherboard Asus Prime X470 Pro
Cooling Heatkiller VI Pro, VPP755 V.3, XT45 240mm, 2xA12x25, Arctic P14 case fans
Memory G.Skill Ripjaws V 2x16GB 4000 16-19-19 (b-die@3733 14-15/9-13-26-36 1.45v)
Video Card(s) EVGA 2080 Super Hybrid (A12x25 fan)
Storage 860EVO 500GB, 660p 1TB, WD Blue 3D 1TB, Sandisk Ultra 3D 2TB
Display(s) BenQ XL2430T, Dell P2417H
Case Phanteks Enthoo Pro M
Audio Device(s) DT770 Pro, Topping A50, Focusrite Scarlett 2i2, Røde VXLR+, Modmic 5
Power Supply Seasonic 860w Platinum
Mouse Razer Viper Mini, Razer Gigantus
Keyboard GMMK Fullsize v2 (Gateron Browns)
Software Win10 x64/Win7 x64/Ubuntu
So physical access is required to implement any exploit?
Modern data centers generally work on the assumption that code run on the processor cannot be considered secure. Because of this, one of the biggest vulnerability cases here is the colocated SMT threads on a physical core.
 
Joined
Oct 10, 2009
Messages
595 (0.14/day)
Location
Madrid, Spain
System Name Cubito
Processor Core i7-8700K
Motherboard Asus TUF Z390M
Cooling Alphacool Eisbaer Aurora 280 + Eisblock RTX 390 + 2 x 240 ST30
Memory 32 GB DDR4 3000mhz Corsair Vengeance LPX
Video Card(s) KFA2 RTX 3090 SG
Storage 1 WD Blue 3D 1TB + 2 x WD Black SN750 1TB
Display(s) 2 x Asus ROG Swift PG278QR
Case Thermaltake Core V21
Audio Device(s) Evga Nu Audio + Sennheiser HD599SE + Trust GTX 258
Power Supply Corsair RMX750
Mouse Razer Naga Wireless Pro
Keyboard Logitech MX Keys
Software Windows 10 Home x64


Return to monke
 
Joined
Sep 28, 2012
Messages
773 (0.25/day)
System Name Potato PC
Processor AMD Ryzen 5 3600
Motherboard ASRock B550M Steel Legend
Cooling ID Cooling SE 224XT Basic
Memory 32GB Team Dark Alpha DDR4 3600Mhz
Video Card(s) MSI RX 5700XT Mech OC
Storage Kingston A2000 1TB + 8 TB Toshiba X300
Display(s) Mi Gaming Curved 3440x1440 144Hz
Case Cougar MG120-G
Audio Device(s) Plantronic RIG 400
Power Supply Seasonic X650 Gold
Mouse Logitech G903
Keyboard Logitech G613
Benchmark Scores Who need bench when everything already fast?
Spectre V5 now? Wow, HBO or Netflix should make mini series from this.
 
Joined
Dec 28, 2012
Messages
1,612 (0.53/day)
This requires high level access to execute, which traditional security measures already prevent. This is one of those "if they get this you're already hosed" type situation. I'd be really surprised if the mitigations are required rather then optional patches that can be applied to just mission critical equipment that is most likely to get hit by this.

Although IMO most of this stuff has been wildly overblown, the majority of CPU attacks require a pre pwned system with remote administrator/BIOS access. I can see emergency patches for the remote execution ones, but the rest should be optional IMO.
 
Joined
Jul 16, 2014
Messages
4,969 (1.99/day)
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Joined
Feb 20, 2019
Messages
2,471 (3.03/day)
System Name Flavour of the month. I roll through hardware like it's not even mine (it often isn't).
Processor 3900X, 5800X, 2700U
Motherboard Aorus X570 Elite, B550 DS3H
Cooling Alphacool CPU+GPU soft-tubing loop (Laing D5 360mm+140mm), AMD Wraith Prism
Memory 32GB Patriot 3600CL17, 32GB Corsair LPX 3200CL16, 16GB HyperX 2400CL14
Video Card(s) 2070S, 5700XT, Vega10
Storage 1TB WD S100G, 2TB Adata SX8200 Pro, 1TB MX500, 500GB Hynix 2242 bastard thing, 16TB of rust + backup
Display(s) Dell SG3220 165Hz VA, Samsung 65" Q9FN 120Hz VA
Case NZXT H440NE, Silverstone GD04 (almost nothing original left inside, thanks 3D printer!)
Audio Device(s) CA DacMagic+ with Presonus Eris E5, Yamaha RX-V683 with Q Acoustics 3000-series, Sony MDR-1A
Power Supply BeQuiet StraightPower E9 680W, Corsair RM550, and a 45W Lenovo DC power brick, I guess.
Mouse G303, MX Anywhere 2, Another MX Anywhere 2.
Keyboard CM QuickFire Stealth (Cherry MX Brown), Logitech MX Keys (not Cherry MX at all)
Software W10
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
The whitepaper makes it look like you need to be running fairly complex code in order to exploit this vulnerability.

Perhaps someone cleverer than me can tell me why adding its signature/behaviour to antivirus/antimalware wouldn't solve the issue?
 
Joined
Aug 20, 2007
Messages
14,925 (2.97/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL Ripjaws V Series 64GB (4 x 16GB) DDR4-3200
Video Card(s) EVGA GeForce RTX 3070 FTW3
Storage 2x Mushkin Pilot-E 2TB NVMe SSDs in bootable RAID0 by HIGHPOINT - SSD7202
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply Seasonic Prime Titanium 750W
Mouse Razer Deathadder v2
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (Product of work, yes it's legit)
Benchmark Scores www.3dmark.com/fs/23478641 www.3dmark.com/spy/13863605 www.3dmark.com/pr/306218
:sleep:

Nothing we haven't seen before... Superscalar out of order with the levels of speculative execution and caching that are enabled by modern processes will always be vulnerable to this kind of attack. Go make a new paradigm if you want to build something that's secure from the ground up, but trust me, you'll lose a lot of performance along the way.
This is my line of thought these days.

Hardware security was flawed from the get go, do not trust the machine you run on as a programmer if your data is sensitive. If it is, treat it as such. Otherwise, this'll be an endless uphill battle.

Perhaps someone cleverer than me can tell me why adding its signature/behaviour to antivirus/antimalware wouldn't solve the issue?
Because once the behavior has happened, it's usually too late? The targeted data was already taken.

AND we have a frog to play the narrator/host!!!

@R-T-B
I hate this gameshow.
 
Joined
Feb 19, 2009
Messages
1,102 (0.25/day)
Location
I live in Norway
System Name 3 sys spec seperated by "|"
Processor R9 3900x| R7 1700 @3.75 | 4800H
Motherboard Asrock X570M | AB350M Pro 4 | Asus Tuf A15
Cooling Air | Air | duh laptop
Memory 64gb G.skill SniperX @3600 CL16 | 64GB | 32GB
Video Card(s) XFX RX 6800 Speedster |V64\Quadro P4000 | RTX2060M
Storage MP510 2TB, 660P 2TB, 2x860 evo 1tb | 960 500gb Intel 660P 1tb PM871 4x256gb ++| 1TB 660+ 1tb A1000
Display(s) AOC 28" 4K something + 1440p AOC 144hz something.
Case Phanteks EvolvX M-Atx
Power Supply Corsair RM850
Mouse g502 Lightspeed
Keyboard G915
Software win10,unraid,Manjaro
Benchmark Scores 30000FS, 16300 TS. Lappy, 7000 TS.
This requires high level access to execute, which traditional security measures already prevent. This is one of those "if they get this you're already hosed" type situation. I'd be really surprised if the mitigations are required rather then optional patches that can be applied to just mission critical equipment that is most likely to get hit by this.

Although IMO most of this stuff has been wildly overblown, the majority of CPU attacks require a pre pwned system with remote administrator/BIOS access. I can see emergency patches for the remote execution ones, but the rest should be optional IMO.

a few of the first ones which received mitigations were not overblown at all.
a few are and a few arent, hence we all got reduced performance cause it wasn't overblown.

But all spectre like attacks are not critical
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
16,497 (3.36/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) BenQ XL2720Z (144Hz, 3D Vision 2, 1080p) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Oh hell no.
 

billeman

New Member
Joined
Jan 7, 2020
Messages
9 (0.02/day)
Well as long as it's possible to disable the mitigation it's okay for me
 
Joined
Sep 1, 2020
Messages
415 (1.61/day)
Location
Bulgaria
But how fast will work modern PC's if disable any security protocols and pathes?
 

london

New Member
Joined
Apr 28, 2021
Messages
9 (0.50/day)
like nasa working hard for 6 months to prevent and eventual asteroid impact. result? " its going to hit us hard, and there is notin we can do" geez good work guys, next time just shut the hell up? by !
 

Solaris17

Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
22,159 (3.85/day)
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EK Custom
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Nvidia Titan RTX
Storage 1x 250GB 960 EVO | 1x 500gb Intel 720p | 32TB SAN
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Schiit Fulla 3 on Beyerdynamic DT 990 Pros
Power Supply Seasonic 1050W Snow
Mouse Roccat Kone Aimo White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
YES!!!

I have been waiting for TPU to pick this up, so I can finally correct the bad reporting, and the terrible assumptions users who cant read make.

Neat take aways from this white paper:

- They only specify "Skylake" but fail to say which rendition of the arch, and its important to note, after initial skylake protection has been built in on an arc level

- They mention "Zen" testing, but not which one. Zen is old and been around awhile, they make a uOP mention with "Zen2" but its just an example.

- They mention ARM in the title and the text, but never actually show testing done with the ARM arc.

People are already questioning the methods used in this work as the flaws mentioned above are a pretty bid deal.

Remember kids, 100% of people that drink water die.
 
Joined
Jun 11, 2017
Messages
47 (0.03/day)
Location
Montreal Canada
To be honest. I think they should stop finding these things. Because when they do the source gets leaked then the new virus's come out. Stop finding holes period and things would not come out. Now adays we hear oh we found a new way to break a system. The weeks later the source is released to public and hackers just suck it up.
 
Joined
Jul 24, 2009
Messages
817 (0.19/day)
Most of these are bit like bird flu craze, only existing in theoretical realm.
 
Joined
May 15, 2020
Messages
503 (1.37/day)
To be honest. I think they should stop finding these things. Because when they do the source gets leaked then the new virus's come out. Stop finding holes period and things would not come out. Now adays we hear oh we found a new way to break a system. The weeks later the source is released to public and hackers just suck it up.
Is it not best to be informed, or would you rather us all wander around in a dark wood?
 
Joined
Apr 19, 2018
Messages
367 (0.33/day)
Processor AMD Ryzen 9 3900X
Motherboard Asus ROG Crosshair VIII Hero WiFi
Cooling Corsair Hydro H115i
Memory 16Gb CL14 Ripjaws V @3666MHz
Video Card(s) MSI GeForce RTX2070
Storage Samsung 970 EVO Plus SSD
Display(s) Korean Unbadged
Case Cooler Master Cosmos
Audio Device(s) O2 USB Headphone AMP
Power Supply Corsair HX850i
Mouse Logitech G703
Keyboard Crap!
Could this be the reason for all those AMD CPU cancellation rumours lately???
 
Top