• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Researchers Find Unfixable Vulnerability Inside Intel CPUs

Cheeseball

Cheeseball

Not a Potato
Supporter
Joined
Jan 2, 2009
Messages
1,851 (0.33/day)
Location
Pittsburgh, PA
System Specs
System Name Titan
Processor AMD Ryzen™ 7 7950X3D
Motherboard ASUS ROG Strix X670E-I Gaming WiFi
Cooling ID-COOLING SE-207-XT Slim Snow
Memory TEAMGROUP T-Force Delta RGB 2x16GB DDR5-6000 CL30
Video Card(s) ASRock Radeon RX 7900 XTX 24 GB GDDR6 (MBA)
Storage 2TB Samsung 990 Pro NVMe
Display(s) AOpen Fire Legend 24" (25XV2Q), Dough Spectrum One 27" (Glossy), LG C4 42" (OLED42C4PUA)
Case ASUS Prime AP201 33L White
Audio Device(s) Kanto Audio YU2 and SUB8 Desktop Speakers and Subwoofer, Cloud Alpha Wireless
Power Supply Corsair SF1000L
Mouse Logitech Pro Superlight (White), G303 Shroud Edition
Keyboard Wooting 60HE / NuPhy Air75 v2
VR HMD Occulus Quest 2 128GB
Software Windows 11 Pro 64-bit 23H2 Build 22631.3447
Dredi said:
What a sick burn! Too bad that this allows for things to happen even without physical access.
Click to expand...

Currently, CVE-2019-0090 states that exploiting this requires physical access to the target machine.

They are still exploring how to exploit this through a virtual machine (since they use IOMMUs to map out to the memory), but the exploit needing DMA to get into the Intel CSME makes that difficult without directly connecting to the hardware.
 
D

Dredi

Joined
Oct 15, 2019
Messages
549 (0.33/day)
Cheeseball said:
Currently, CVE-2019-0090 states that exploiting this requires physical access to the target machine.

They are still exploring how to exploit this through a virtual machine (since they use IOMMUs to map out to the memory), but the exploit needing DMA to get into the Intel CSME makes that difficult without directly connecting to the hardware.
Click to expand...
Yes, the CVE states that that method does require physical access. The attack vector however is visible even without it, they just haven’t had the resources to make a proof of concept(s) yet which are necessary for the CVE’s.
”We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.”
 
R-T-B

R-T-B

Supporter
Joined
Aug 20, 2007
Messages
20,789 (3.41/day)
System Specs
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64
Dredi said:
What a sick burn! Too bad that this allows for things to happen even without physical access.
Click to expand...

Sort of. If you can execute local admin level code somehow, you don't need physical access. But how do you get that? Likely malware infection or similar. For a healthy system you are going to need physical access or at the very least, social engineering.

I might note that bug would be rendered powerless by using the ME "Temp disable" (actually permanent) mode I used to provide. They'd log into a shutdown platform, effectively (if it even allowed login). I need to think of a way to provide that that doesn't require firmware hacking, too time consuming.
 
Totally

Totally

Joined
Nov 21, 2010
Messages
2,233 (0.46/day)
Location
Right where I want to be
System Specs
System Name Miami
Processor Ryzen 3800X
Motherboard Asus Crosshair VII Formula
Cooling Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory F4-3600C16Q-32GTZNC
Video Card(s) XFX 6900 XT Speedster 0
Storage 1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s) DELL AW3420DW / HP ZR24w
Case Lian Li O11 Dynamic XL
Audio Device(s) EVGA Nu Audio
Power Supply Seasonic Prime Gold 1000W+750W
Mouse Corsair Scimitar/Glorious Model O-
Keyboard Corsair K95 Platinum
Software Windows 10 Pro
rtwjunkie said:
So, much ado about nothing, since physical access is required.


Is anyone still using that?
Click to expand...

Yes, and it's gaining traction as more companies switch to mobile centric operating models. You're probably think Java, unless you were being sarcastic, don't mind me.
 
L

lexluthermiester

Joined
Jul 5, 2013
Messages
25,559 (6.47/day)
I posted this in another thread but it's relevant here as well. They touch on every important aspect and explain a few things in some detail.
Please refer to the first topic starting at 1:56
 
You must log in or register to reply here.
Top