Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Raevenlord · Mar 5, 2019

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.

View at TechPowerUp Main Site

Trompochi · Mar 5, 2019

Holy batman....

trparky · Mar 5, 2019

Oh crap... :shadedshu:

eidairaman1 · Mar 5, 2019

Thank @HTC

GoldenX · Mar 5, 2019

Well... Sh#t...

jmcslob · Mar 5, 2019

So in other words they discovered the NSA's back door.

juiseman · Mar 5, 2019

I think Intel found the flaws themselves....That way they have an excuse to sell more of the same CPU's they have been selling since 2010.

"scare ware tactic" to sell more over priced CPU's...

If it ain't broke don't fix...well guess what? its broke again; "now we have to upgrade 1000's of our severs again""We just bought them last quarter!!"....lol...

This is most likely not accurate what I just wrote, but I can believe in market manipulation on almost any level....this would just be an extreme case of that.

I'm sure then, the next post will be "Why would Intel call foul on their own product? Because people will buy from them anyways because they are Intel....
Ever heard the phrase "All press is good press" its almost free advertisement in a way; though one might think it would hurt sales. The opposite effect
is most of the time observed....

jmcslob said:
So in other words they discovered the NSA's back door.

lol...that was my next thought....hahahhah
funney; and really kind of scary, but most likely true.

HTC · Mar 5, 2019

eidairaman1 said:
Thank @HTC

Nope: i "found" it in this Anandtech forum post.

GloryToYou · Mar 5, 2019

jmcslob said:
So in other words they discovered the NSA's back door.

Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine

Blinken · Mar 5, 2019

in all reality, it was probably just negligence in the pursuit of more profit. I'm sure in the coming years there'll be an internal memo leak where someone expressed a concern but was ignored and then there'll be a groundbreaking 20/20 story on some Sunday night about it, all while the general populace goes on computing in ignorant bliss.

Steevo · Mar 5, 2019

GloryToYou said:
Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine

Called it.

sam_86314 · Mar 5, 2019

Good thing I switched to AMD recently...

...except my laptop and all of my other computers have Intel chips :banghead:

ArbitraryAffection · Mar 5, 2019

laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.

lexluthermiester · Mar 5, 2019

Wow, this is literally deep core logic problems. Pun intended. This has the potential to be a little worse than the S&M thing of last year, if I'm understnding it correctly. Ouch. My poor Xeon's...

Darmok N Jalad · Mar 5, 2019

Curious what sort of solutions we will get if it’s not software patchable as the reasearcher claims.

jmcslob · Mar 5, 2019

lexluthermiester said:
Wow, this is literally deep core logic problems. Pun intended. This has the potential to be a little worse than the S&M thing of last year, if I'm understnding it correctly. Ouch. My poor Xeon's...

I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.

phanbuey · Mar 5, 2019

So you would have to have code running on the machine that sits there looking for the moment when it can intercept a full address to a page in memory, and then grab that out of memory, in the hopes that it has sensitive data in there.

And after I grab that sensitive data and figure out how to use it, I will clean my house with a toothpick.

mcraygsx · Mar 5, 2019

INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC :eek:

.

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

GoldenX · Mar 5, 2019

mcraygsx said:
INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC .

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

But but, best CPUs on the world, but but mah FPS, but but I can't go to "are you poor?" AMD.

HTC · Mar 5, 2019

To be fair, while Meltdown and Spoiler don't affect AMD's CPUs, Spectre does so speculative execution needs to be addressed @ silicon level in order for speculative execution based vulnerabilities to "go away".

Spectre based vulnerabilities do have software mitigations which come @ a performance cost. @ least that's better than Spoiler which, supposedly, can't be mitigated by software:

The attack exploits the fact that when there is a load instruction after a number ofstore instructions, the physical address conflict causes a high timing behavior. This happens because of the speculatively executed load before all the stores are finished executing. There is no software mitigation that can completely erase this problem.

Darmok N Jalad · Mar 5, 2019

mcraygsx said:
INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC .

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

So what should they do for the next 2-4 years while they engineer a solution to a problem that wasn’t even detected for over a decade? Companies as big as Intel can’t just stop selling their products for that long. There would probably not be an Intel anymore by the time they resolved this problem, redesigned their CPUs, performed a bunch of validation and testing, retooled their FABs, worked out yields, manufactured millions of chips, and refilled the huge vacuum they left behind. They no doubt have to fix the problem, but stopping the presses would cause major damage to the economy and affect many, many people’s livelihoods. AMD can’t even come close to picking up Intel’s level of supply, so there would be a mass shortage of CPUs for years. 9th gen Core doesn’t fix all the issues at a hardware level—we are still a few generations from that.

CounterZeus · Mar 5, 2019

The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.

biffzinker · Mar 5, 2019

HTC said:
Spectre based vulnerabilities do have software mitigations which come @ a performance cost.

Microsoft Update KB4482887 on March 1st the company will be rolling out and enabling the Google-developed Retpoline performance optimizations that reduce the performance impact of security mitigations put in place to combat Spectre Variant 2 (CVE-2017-5715). Windows 10 users running 64-bit versions of Windows 10 Build 1809 and newer will have the Retpoline optimizations installed with the KB4482887 and other updates turned on via cloud configuration in a phased rollout.

https://www.pcper.com/news/General-...izations-Update-Reduce-Performance-Impact-Spe

moproblems99 · Mar 5, 2019

ArbitraryAffection said:
Zen didn't get the memo?

Zen is not immune from speculative execution flaws.

yeeeeman · Mar 5, 2019

The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...

System Name	The Ryzening
Processor	AMD Ryzen 7 1700
Motherboard	MSI X370 Gaming Pro Carbon
Cooling	Arctic Cooling Liquid Freezer 120
Memory	16 GB G.Skill Trident Z F4-3200 (2x 8 GB)
Video Card(s)	TPU's Awesome MSI GTX 1070 Gaming X
Storage	Boot: Crucial MX100 128GB; Gaming: Crucial MX 300 525GB; Storage: Samsung 1TB HDD, Toshiba 2TB HDD
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	NOX Hummer MC Black
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	LongBoi
Processor	Ryzen 2700x
Motherboard	Asus x570 TUF Gaming Plus (Wifi)
Cooling	EK 360mm AIO D-RGB with x3 NF-A12x25
Memory	32gb G.Skill Ripjaws V (F4-3200C16D-16GVKB, 4x8gb)
Video Card(s)	Asus Strix RTX 2080 Ti OC
Storage	WD Black SN750 1TB, WD Green 2TB, Seagate 2TB+3TB
Display(s)	Acer XG270HU
Case	Thermaltake Core V71 Power Cover
Audio Device(s)	on-board
Power Supply	Enermax Platimax 750w
Mouse	Coolermaster Devastator II
Keyboard	Redragon K556
Software	Windows 10 64bit Pro

System Name	My Super Computer
Processor	Intel Core i7 8700K
Motherboard	Gigabyte Z370 AORUS Ultra Gaming
Cooling	Corsair H55 AIO
Memory	2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s)	ASUS GeForce GTX1060 6GB
Storage	Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s)	Acer Nitro XV272U (DisplayPort) and HP 2311x (DVI)
Case	CoolerMaster MasterBox Lite 5 RGB
Audio Device(s)	On-Board Sound
Power Supply	EVGA Supernova 650 G3 Gold
Mouse	Logitech M705
Keyboard	Logitech Wave K350
Software	Windows 10 Pro 64-bit
Benchmark Scores	https://valid.x86.fr/liwjs3

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	Ciel / Yukino
Processor	AMD Ryzen R5 3400G / Intel Core i3 5005U
Motherboard	Asus Prime B450M-A / HP 240 G5
Cooling	AM3 Wraith + Spire v2 fan / Stock
Memory	2x 8GB Colorful 2666@3466MHz / 2x 4GB Hynix + Kingston DDR3L 1600MHz
Video Card(s)	Asus Tuf 1650 SUPER OC + AMD Radeon RX Vega 11 / Intel HD 5500
Storage	SSD WD Green 240GB M.2 + HDD Toshiba 2TB / SSD Kingston A400 120GB SATA
Display(s)	Samsung S22F350 @ 75Hz/ Integrated 1366x768 @ 94Hz
Case	Generic / Stock
Audio Device(s)	Realtek ALC892 / Realtek ALC282
Power Supply	Sentey XPP 525W / Power Brick
Mouse	Logitech G203 / Elan Touchpad
Keyboard	Generic / Stock
Software	Windows 10 x64

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Raevenlord

News Editor

Trompochi

trparky

eidairaman1

The Exiled Airman

GoldenX

jmcslob

juiseman

HTC

GloryToYou

New Member

Blinken

Steevo

sam_86314

ArbitraryAffection

lexluthermiester

Darmok N Jalad

jmcslob

phanbuey

mcraygsx

GoldenX

HTC

Darmok N Jalad

CounterZeus

biffzinker

moproblems99

yeeeeman

System Name	Rainbow puke/ Orange Poop
Processor	AMD Ryzen 3600/ AMD Ryzen 2600x
Motherboard	ASRock X570 Gaming 4s/ ASRock B450- pro 4 atx
Cooling	Cooler master Master Air/ Corsair H110i
Memory	16GB G.Skill TridentZ 3200MHZ
Video Card(s)	Zotac 2080 Super AMP
Storage	Corsair 512gb PCI-E 4.0/ 960 EVO 500gb/256gb Inland Premium 2280 M2
Display(s)	ACER 144hz 27"
Case	Thermaltake Commander C33/ Radimax Gama (LoL)
Power Supply	Seasonic
Mouse	Red Dragon RGB 602 Griffin
Keyboard	Razer Deatstalker
Software	Windows 10Pro x64

System Name	HTC's System
Processor	Ryzen 5 2600X
Motherboard	Asrock Taichi X370
Cooling	NH-C14, with the AM4 mounting kit
Memory	G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s)	Sapphire Nitro+ Radeon RX 480 OC 4 GB
Storage	1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s)	LG 27UD58
Case	Fractal Design Define R6 USB-C
Audio Device(s)	Onboard
Power Supply	Corsair TX 850M 80+ Gold
Mouse	Razer Deathadder Elite
Software	Ubuntu 19.04 LTS

Processor	i7-4770k
Motherboard	ASUS
Cooling	Noctua
Memory	Corsair
Video Card(s)	Nvidia
Storage	Samsung
Case	Fractal Design

System Name	MoFo 2
Processor	AMD PhenomII 1100T @ 4.2Ghz
Motherboard	Asus Crosshair IV
Cooling	Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory	8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s)	HD7970 1250/1750
Storage	Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s)	46" 1080P Toshiba LCD
Case	Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s)	ATI HDMI
Power Supply	750W PC Power & Cooling modded (thanks to MKmods)
Software	A lot.
Benchmark Scores	Its fast. Enough.

System Name	Space Heater MKIII.5
Processor	AMD Ryzen 5 2600X
Motherboard	ASUS TUF Gaming X570-PLUS WiFi
Cooling	Cryorig R1 Ultimate, 5x Cryorig XF140 fans
Memory	2x16GB Team T-Force Dark Z DDR4-3600 C18 1.35V (running 3200MHz C16)
Video Card(s)	GeForce GTX 1070 Gigabyte G1 Gaming
Storage	500GB Samsung 970 EVO, 2x1TB Crucial MX500 (striped array), 4TB Seagate Barracuda
Display(s)	Monoprice 35" 3440x1440p 100Hz
Case	Phanteks Enthoo Pro M
Audio Device(s)	Klipsch ProMedia 2.1
Power Supply	EVGA 750 B3, CyberPower CST135XLU
Mouse	Logitech MX Master
Keyboard	Logitech G610 Orion Brown
Software	Windows 10 Pro

System Name	GPD-Q9
Processor	Rockchip RK-3288 1.8ghz quad core
Motherboard	GPD Q9_V6_150528
Cooling	Passive
Memory	2GB DDR3
Video Card(s)	Mali T764
Storage	16GB Samsung NAND
Display(s)	IPS 1024x600

System Name	Chernobyl
Processor	10850K @ 5.1
Motherboard	MSI 490-A PRO
Cooling	360mm AIO
Memory	32 GB 4100 Mhz DDR4 18-18-18-38-440 trfc - 2T
Video Card(s)	MSI Ventus RTX 3080
Storage	3x1TB SSDs, 2TB SSD
Display(s)	LG 49NANO85 - 49" 4K 120HZ NanoIPS
Case	Zalman X3
Audio Device(s)	Bose Solo
Power Supply	Corsair SF750
Mouse	Logitech GPro Wired
Keyboard	tecware phantom
Software	Windows 10 64 Bit

Processor	Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard	Asus Maximus IX Code
Cooling	Corsair Hydro H115i Platinum
Memory	48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s)	nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage	Intel 760p 2280 2TB
Display(s)	MSI Optix MPG27CQ Black 27" 1ms 144hz
Case	Thermaltake View 71
Power Supply	EVGA SuperNova 1000 Platinum2
Mouse	Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software	Windows 10 Enterprise 1803
Benchmark Scores	Yes I am Intel fanboy that is my benchmark score.

System Name	Illidan
Processor	Intel Core i7 6700K@4.5GHz
Motherboard	MSI Z170A Gaming Pro Carbon
Cooling	Scythe Mugen 4
Memory	G.Skill Trident Z 32GB DDR4 3000MHz CL14
Video Card(s)	Palit GTX 1080 Super Jetstream
Storage	Crucial P1 1TB + Sandisk Ultra II 960GB + Samsung F3 1TB + Toshiba X300 4TB
Display(s)	AGON AG35UCG
Case	Corsair 750D Airflow
Audio Device(s)	Steelseries Arctis 5 (2019)
Power Supply	Seasonic Focus Plus Platinum 650W
Mouse	Logitech G502 Proteus Core
Keyboard	Corsair Vengeance K70 (Cherry MX Red)
Software	Windows 10 Pro

Processor	Ryzen 7 3800X
Motherboard	MSI B450 Tomahawk ATX
Cooling	Cooler Master Hyper 212 Black Edition
Memory	PNY Anarchy-X XLR8 Red DDR4-3200 16GB kit & PNY Anarchy-X XLR8 Red DDR4-2666 16GB kit
Video Card(s)	MSI GeForce RTX 2060 GAMING Z 6G
Storage	Samsung 970 EVO NVMe M.2 500 GB, SanDisk Ultra II 480 GB
Display(s)	Samsung SyncMaster C27H711 OC refresh rate 110Hz
Case	Phantek Eclipse P400S (PH-EC416PS)
Audio Device(s)	EVGA NU Audio
Power Supply	EVGA 850 BQ
Mouse	SteelSeries Rival 310
Keyboard	Logitech G G413 Silver
Software	Windows 10 Professional 64-bit v2004

System Name	Wut?
Processor	3900X
Motherboard	ASRock Taichi X570
Cooling	Water
Memory	32GB GSkill CL16 3600mhz
Video Card(s)	Vega 56
Storage	2 x AData XPG 8200 Pro 1TB
Display(s)	3440 x 1440
Case	Thermaltake Tower 900
Power Supply	Seasonic Prime Ultra Platinum