• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 7, 2010
Messages
523 (0.15/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 1700 @ 4.00
Motherboard AsRock X370 Killer SLI/ac
Cooling Corsair H110i
Memory 16 GIG GSKILL Ripjaw @ 2400
Video Card(s) Gigabyte GTX 1070 G1
Storage Crucial M.2 250 Samsung 840 EVO 250-Samsung 850 Pro-WD 1 TB
Display(s) LG 27
Case NZXT
Audio Device(s) N/A
Power Supply EVGA 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Home
Profit over security?
Nah, Intel would never..................:shadedshu:
 
Joined
Mar 18, 2015
Messages
2,237 (1.31/day)
Location
Long Island
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
Agreed, I don't understand why this topic is sensationalized everywhere or why asking if any instance of consumers or enthusiasts being negatively impacted has ever been reported is prohibited .
 
Joined
Mar 10, 2015
Messages
2,256 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
this topic is sensationalized everywhere
In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.
 
Joined
Dec 16, 2017
Messages
517 (0.73/day)
Location
Argentina
System Name Desktop5
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling AMD Wraith Stealth
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage Kingston HyperX Fury 240 GB // Toshiba 2 TB HDD // WD 2 TB HDD // Mushkin Triactor 3DL 256 GB
Display(s) LG 22MP55 IPS Display
Case Corsair Carbide 100R
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Logitech Wireless Mouse M280 // Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Windows 10
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
 
Joined
Mar 16, 2017
Messages
674 (0.69/day)
Location
Tanagra
Processor Intel i5-9600K
Motherboard ASRock H370M-ITX/ac
Cooling Gammax 300
Memory 16GB DDR4 3000
Video Card(s) Sapphire Pulse RX 570 4GB
Storage Inland 512GB NVMe
Display(s) LG 27UL500-W
Case Thermaltake Core V1
Audio Device(s) My ears
Power Supply EVGA 500W
Software Windows 10
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
All your high performance, out-of-order CPU makers use speculative execution--it's a key component of OeOE. The benefits of the technology are huge. Without it, the CPU spends a lot of time waiting when it could be doing more work. Maybe on the day system memory is as fast as the CPU, it (and the various cache stages) will no longer be needed, or maybe the benefit of SE will be less. Still, each CPU maker implements SE differently, so vulnerability largely depends on the design.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
27,925 (6.17/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.
bulldozer it is not...

Piledriver it is
 
Joined
Oct 22, 2014
Messages
7,165 (3.86/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E5-2680 10c/20t 2.8GHz @ 3.0GHz
Motherboard Asrock X79 Extreme 11
Cooling Coolermaster 240 RGB A.I.O.
Memory G. Skill 16Gb (4x4Gb) 2133Mhz
Video Card(s) Nvidia GTX 710
Storage Sandisk X 400 256Gb
Display(s) AOC 22" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Home Premium 64 bit
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
 
Joined
Mar 10, 2015
Messages
2,256 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
That depends, how many average Joe's had their data stolen from a data center?
 
Joined
Jun 28, 2015
Messages
760 (0.47/day)
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
 
Joined
Oct 22, 2014
Messages
7,165 (3.86/day)
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E5-2680 10c/20t 2.8GHz @ 3.0GHz
Motherboard Asrock X79 Extreme 11
Cooling Coolermaster 240 RGB A.I.O.
Memory G. Skill 16Gb (4x4Gb) 2133Mhz
Video Card(s) Nvidia GTX 710
Storage Sandisk X 400 256Gb
Display(s) AOC 22" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Mouse Yes
Keyboard Of course
Software W10 Home Premium 64 bit
That depends, how many average Joe's had their data stolen from a data center?
I was one of thousands that did, but that was a data centre, not at individual at home, and it was a normal data breach by hacking.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,678 (4.36/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
 
Joined
Oct 2, 2015
Messages
2,384 (1.58/day)
Location
Argentina
System Name Ciel / Yukino
Processor AMD Ryzen R3 1200 @ 3875MHz / Intel Core i3 5005U
Motherboard MSI B350M PRO-VDH / HP 240 G5
Cooling Wraith Stealth / Stock
Memory 2x 8GB Corsair Vengeance LPX DDR4 3200MHz @ 3333MHz / 2x 4GB Hynix + Kingston DDR3L 1600MHz
Video Card(s) Sapphire R9 270X Toxic 2GB / Intel HD 5500
Storage SSD WD Green 240GB M.2 + HDD Toshiba 2TB / SSD Kingston A400 120GB SATA
Display(s) HP w17e 1440x900 @ 75 Hz / Integrated 1366x768 @ 94Hz
Case Generic / Stock
Audio Device(s) Realtek ALC892 / Realtek ALC282
Power Supply Sentey XPP 525W / Power Brick
Mouse Logitech G203 / Elan Touchpad
Keyboard Generic / Stock
Software Windows 10 LTSC x64 + Arch Linux
If we used VIA this wouldn't happen.
 
Joined
Jun 3, 2010
Messages
452 (0.13/day)
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
You know this would make the stage for an all new Robocop movie...
 
Joined
Jan 11, 2005
Messages
1,226 (0.23/day)
Location
66 feet from the ground
System Name 2nd AMD puppy
Processor FX-8350 vishera
Motherboard Gigabyte GA-970A-UD3
Cooling Cooler Master Hyper TX2
Memory 16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s) Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s) Benq XL2730Z 144 Hz freesync
Case NZXT 820 PHANTOM
Audio Device(s) Audigy SE with Logitech Z-5500
Power Supply Cooleer Master RP M520
Mouse Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard MS Sidewinder x4
Software win10 64bit ltsc
Benchmark Scores irrelevant for me
cpu is designed by man therefore is a flawed product from start.

we'll never know how many unknown design errors exist in a cpu as finding a way to by-pass certain hardware security using software is considered a bug

seems some people are smarter :respect: than cpu design teams and their computers which ran the security checks ....
 
Joined
Oct 30, 2008
Messages
1,617 (0.40/day)
System Name Lailalo / Edelweiss
Processor Ryzen 1700 @ 3.8Ghz / i7 3610QM @2.3-3.2Ghz
Motherboard Asus X370 Prime/ Lenovo Y580
Cooling Noctua / Big hunk of copper
Memory 16GB DDR4 3200 Ripjaws with Samsung chips / 8GB Hyundai DDR3 1600
Video Card(s) XFX R9 390 / GTX 660M 2GB
Storage Crucial 1TB MX500 SSD, Segate 3TB, 64GB Synapse SSD as Pagefile drive / Western Digital 1TB 7200RPM
Display(s) LG Ultrawide 29in @ 2560x1080 / Lenovo 15.6 @ 1920x1080
Case Coolermaster Storm Sniper / Lenovo Y580
Audio Device(s) Asus Xonar DG / Whatever Lenovo used
Power Supply Antec Truepower Blue 750W + Thermaltake 5.25in 250W / Big Power Brick
Mouse G602
Keyboard G510s
Software Windows 10 Pro / Windows 10 Home
laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
 
Joined
Jun 3, 2010
Messages
452 (0.13/day)
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
Tablets are the best. 300gr polycarbonate+corning, even the volume buttons are loose from impacts, can drop it around all day.
 
Joined
Dec 27, 2013
Messages
887 (0.41/day)
Location
somewhere
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
it seems okay? i've had it a couple months and everything seems solid, i even took it apart to replace the ssd with a bigger one.
 
Joined
Jul 5, 2013
Messages
7,512 (3.23/day)
I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,678 (4.36/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Don't make that jump to quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
Agreed. Worry about it if you're a datacenter or something. This attack requires physical access, as does Meltdown and Spectre IIRC (but NetSpectre can be used over a network... but would still require access to your network, in some way).
 
Joined
Jan 5, 2006
Messages
9,934 (1.96/day)
System Name Desktop / Laptop
Processor Intel i7 6700K @ 4.3GHz (1.180 V) / Intel i3 7100U
Motherboard Asus Z170 Pro Gaming / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut + 5 case fans / Fan
Memory 16GB DDR4 Corsair Vengeance LPX 3000MHz CL15 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 970 Evo 500GB + Samsung 850 Pro 512GB + Samsung 860 Evo 1TB / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p + 21.5" LG 22MP67VQ IPS 60Hz 1080p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) SupremeFX Onboard / Realtek onboard + B&O speaker system
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 10 / Windows 10
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
 
Joined
Jul 5, 2013
Messages
7,512 (3.23/day)
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
The research paper for this is a very tedious read, but also very enlightening. Worth a read;
https://arxiv.org/pdf/1903.00446.pdf
 
Last edited:
Joined
Mar 10, 2015
Messages
2,256 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Joined
Jul 5, 2013
Messages
7,512 (3.23/day)
No, it doesn't.
While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.
 
Joined
Mar 14, 2009
Messages
4,339 (1.11/day)
Location
Ohio
System Name Fractured puke.
Processor Intel I7-8700k/G4400/AMD 2200g/Ryzen 5 1600
Motherboard MSI z370 Gaming M5/h110/ AMD a320/ AMD B450-ASRock pro 4 atx
Cooling Corsair H110i/Intel/AMD/H60
Memory 16GB G.Skill TridentZ 3200MHZ/8gb 2133mhz/8gb 2400mhz/8gb Viper 3000mhz
Video Card(s) Nvidia GTX 1070ti/integrated/apu/rx570
Storage 960 EVO 500gb/256gb WD Black 2280 M2/Patriot Ignite 480gb SSD/ Inland Pro 256gb SSD/Patriot Scorch-&
Display(s) AOC 32" QHD/Acer 32" QHD/ ViewSonic 24" FHD/ TV
Case Fractal Design Meshify-C/ Rosewill FBM-01/ Rosewill FBM-01/Sigma eclipse
Audio Device(s) creative audigy/nboard/ onboard/inboard
Power Supply Seasonic/TT/TT/Cooler Master white80+ 500w
Mouse Red Dragon/red dragon/Razer/Razer
Keyboard Razer Deatstalker/red dragon RGB/Red Dragon 502/Razer
Software Windows 10Pro x64///
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
This more or less gives me (absolutely no reason) a good reason to pickup a b450 Mobo since I have a spare AM4 CPU that needs used, ( after I get a Mobo for it I'll more than likely order a better CPU since its a 9600) since I hate having stuff so around doing nothing (I may be a tech Horder in need of help)

On a serious note, I don't think anything will ever come if this other than some type of patch.
 
Last edited:
Top