• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 7, 2010
Messages
710 (0.18/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro
Profit over security?
Nah, Intel would never..................:shadedshu:
 
Joined
Mar 18, 2015
Messages
2,723 (1.35/day)
Location
Long Island
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
Agreed, I don't understand why this topic is sensationalized everywhere or why asking if any instance of consumers or enthusiasts being negatively impacted has ever been reported is prohibited .
 
Joined
Mar 10, 2015
Messages
3,445 (1.70/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
this topic is sensationalized everywhere
In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.
 
Joined
Dec 16, 2017
Messages
1,068 (1.05/day)
Location
Buenos Aires, Argentina
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling AMD Wraith Stealth // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / WD20EZRX / MKNSSDTR256GB-3DL / LG BH16NS40
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Windows 10
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
 
Joined
Mar 16, 2017
Messages
1,009 (0.78/day)
Location
Tanagra
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
All your high performance, out-of-order CPU makers use speculative execution--it's a key component of OeOE. The benefits of the technology are huge. Without it, the CPU spends a lot of time waiting when it could be doing more work. Maybe on the day system memory is as fast as the CPU, it (and the various cache stages) will no longer be needed, or maybe the benefit of SE will be less. Still, each CPU maker implements SE differently, so vulnerability largely depends on the design.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
30,443 (6.29/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.
bulldozer it is not...

Piledriver it is
 
Joined
Oct 22, 2014
Messages
9,642 (4.44/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel i5-9600KF
Motherboard NZXT N7 Z370 Black
Cooling Cooler Master 240 RGB AIO / Stock
Memory Thermaltake Toughram 16GB 4400MHz DDR4 or Gigabyte 16GB 3600MHz DDR4 or Adata 8GB 2133Mhz DDR4
Video Card(s) Asus Dual 1060 6GB
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
 
Joined
Mar 10, 2015
Messages
3,445 (1.70/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
That depends, how many average Joe's had their data stolen from a data center?
 
D

Deleted member 158293

Guest
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
 
Joined
Oct 22, 2014
Messages
9,642 (4.44/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel i5-9600KF
Motherboard NZXT N7 Z370 Black
Cooling Cooler Master 240 RGB AIO / Stock
Memory Thermaltake Toughram 16GB 4400MHz DDR4 or Gigabyte 16GB 3600MHz DDR4 or Adata 8GB 2133Mhz DDR4
Video Card(s) Asus Dual 1060 6GB
Storage Kingston A2000 512Gb NVME
Display(s) AOC 24" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Pro 64 bit
That depends, how many average Joe's had their data stolen from a data center?
I was one of thousands that did, but that was a data centre, not at individual at home, and it was a normal data breach by hacking.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,144 (4.18/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply FSP Hydro GE 550w :: something
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
 
Joined
Oct 2, 2015
Messages
2,650 (1.45/day)
Location
Argentina
System Name Ciel / Yukino
Processor AMD Ryzen R5 3400G / Intel Core i3 5005U
Motherboard Asus Prime B450M-A / HP 240 G5
Cooling AM3 Wraith + Spire v2 fan / Stock
Memory 2x 8GB Corsair Vengeance LPX DDR4 3200MHz / 2x 4GB Hynix + Kingston DDR3L 1600MHz
Video Card(s) AMD Radeon RX Vega 11 / Intel HD 5500
Storage SSD WD Green 240GB M.2 + HDD Toshiba 2TB / SSD Kingston A400 120GB SATA
Display(s) Samsung S22F350 @ 75Hz/ Integrated 1366x768 @ 94Hz
Case Generic / Stock
Audio Device(s) Realtek ALC892 / Realtek ALC282
Power Supply Sentey XPP 525W / Power Brick
Mouse Logitech G203 / Elan Touchpad
Keyboard Generic / Stock
Software Windows 10 x64
If we used VIA this wouldn't happen.
 
Joined
Jun 3, 2010
Messages
1,304 (0.35/day)
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
You know this would make the stage for an all new Robocop movie...
 
Joined
Jan 11, 2005
Messages
1,359 (0.24/day)
Location
66 feet from the ground
System Name 2nd AMD puppy
Processor FX-8350 vishera
Motherboard Gigabyte GA-970A-UD3
Cooling Cooler Master Hyper TX2
Memory 16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s) Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s) Benq XL2730Z 144 Hz freesync
Case NZXT 820 PHANTOM
Audio Device(s) Audigy SE with Logitech Z-5500
Power Supply Riotoro Enigma G2 850W
Mouse Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard MS Sidewinder x4
Software win10 64bit ltsc
Benchmark Scores irrelevant for me
cpu is designed by man therefore is a flawed product from start.

we'll never know how many unknown design errors exist in a cpu as finding a way to by-pass certain hardware security using software is considered a bug

seems some people are smarter :respect: than cpu design teams and their computers which ran the security checks ....
 
Joined
Oct 30, 2008
Messages
1,648 (0.38/day)
System Name Lailalo / Edelweiss
Processor Ryzen 1700 @ 3.8Ghz / i7 3610QM @2.3-3.2Ghz
Motherboard Asus X370 Prime/ Lenovo Y580
Cooling Noctua / Big hunk of copper
Memory 16GB DDR4 3200 Ripjaws with Samsung chips / 8GB Hyundai DDR3 1600
Video Card(s) XFX R9 390 / GTX 660M 2GB
Storage Crucial 1TB MX500 SSD, Segate 3TB, 64GB Synapse SSD as Pagefile drive / Western Digital 1TB 7200RPM
Display(s) LG Ultrawide 29in @ 2560x1080 / Lenovo 15.6 @ 1920x1080
Case Coolermaster Storm Sniper / Lenovo Y580
Audio Device(s) Asus Xonar DG / Whatever Lenovo used
Power Supply Antec Truepower Blue 750W + Thermaltake 5.25in 250W / Big Power Brick
Mouse G602
Keyboard G510s
Software Windows 10 Pro / Windows 10 Home
laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
 
Joined
Jun 3, 2010
Messages
1,304 (0.35/day)
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
Tablets are the best. 300gr polycarbonate+corning, even the volume buttons are loose from impacts, can drop it around all day.
 
Joined
Dec 27, 2013
Messages
887 (0.36/day)
Location
somewhere
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
it seems okay? i've had it a couple months and everything seems solid, i even took it apart to replace the ssd with a bigger one.
 
Joined
Jul 5, 2013
Messages
10,614 (4.01/day)
System Name GPD-Q9
Processor Rockchip RK-3288 1.8ghz quad core
Motherboard GPD Q9_V6_150528
Cooling Passive
Memory 2GB DDR3
Video Card(s) Mali T764
Storage 16GB Samsung NAND
Display(s) IPS 1024x600
I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,144 (4.18/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - iLive IT153B Soundbar (optical) :: None
Power Supply FSP Hydro GE 550w :: something
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Don't make that jump to quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
Agreed. Worry about it if you're a datacenter or something. This attack requires physical access, as does Meltdown and Spectre IIRC (but NetSpectre can be used over a network... but would still require access to your network, in some way).
 
Joined
Jan 5, 2006
Messages
10,712 (1.99/day)
System Name Desktop / Laptop
Processor Intel i7 6700K @ 4.5GHz (1.270 V) / Intel i3 7100U
Motherboard Asus Z170 Pro Gaming / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut + 5 case fans / Fan
Memory 16GB DDR4 Corsair Vengeance LPX 3000MHz CL15 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 970 Evo 500GB + Samsung 850 Pro 512GB + Samsung 860 Evo 1TB / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p + 21.5" LG 22MP67VQ IPS 60Hz 1080p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) SupremeFX Onboard / Realtek onboard + B&O speaker system
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 10 / Windows 10
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
 
Joined
Jul 5, 2013
Messages
10,614 (4.01/day)
System Name GPD-Q9
Processor Rockchip RK-3288 1.8ghz quad core
Motherboard GPD Q9_V6_150528
Cooling Passive
Memory 2GB DDR3
Video Card(s) Mali T764
Storage 16GB Samsung NAND
Display(s) IPS 1024x600
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
The research paper for this is a very tedious read, but also very enlightening. Worth a read;
https://arxiv.org/pdf/1903.00446.pdf
 
Last edited:
Joined
Mar 10, 2015
Messages
3,445 (1.70/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Joined
Jul 5, 2013
Messages
10,614 (4.01/day)
System Name GPD-Q9
Processor Rockchip RK-3288 1.8ghz quad core
Motherboard GPD Q9_V6_150528
Cooling Passive
Memory 2GB DDR3
Video Card(s) Mali T764
Storage 16GB Samsung NAND
Display(s) IPS 1024x600
No, it doesn't.
While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.
 
Joined
Mar 14, 2009
Messages
4,626 (1.10/day)
Location
Ohio
System Name Rainbow puke/ Orange Poop
Processor AMD Ryzen 3600/ AMD Ryzen 2600x
Motherboard ASRock X570 Gaming 4s/ ASRock B450- pro 4 atx
Cooling Cooler master Master Air/ Corsair H110i
Memory 16GB G.Skill TridentZ 3200MHZ
Video Card(s) Zotac 2080 Super AMP
Storage Corsair 512gb PCI-E 4.0/ 960 EVO 500gb/256gb Inland Premium 2280 M2
Display(s) ACER 144hz 27"
Case Thermaltake Commander C33/ Radimax Gama (LoL)
Power Supply Seasonic
Mouse Red Dragon RGB 602 Griffin
Keyboard Razer Deatstalker
Software Windows 10Pro x64
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
This more or less gives me (absolutely no reason) a good reason to pickup a b450 Mobo since I have a spare AM4 CPU that needs used, ( after I get a Mobo for it I'll more than likely order a better CPU since its a 9600) since I hate having stuff so around doing nothing (I may be a tech Horder in need of help)

On a serious note, I don't think anything will ever come if this other than some type of patch.
 
Last edited:
Top