• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 7, 2010
Messages
421 (0.13/day)
Likes
184
Location
Michigan
System Name Daves
Processor AMD Ryzen 1700 @ 4.00
Motherboard AsRock X370 Killer SLI/ac
Cooling Corsair H110i
Memory 16 GIG GSKILL Ripjaw @ 2400
Video Card(s) Gigabyte GTX 1070 G1
Storage Crucial M.2 250 Samsung 840 EVO 250-Samsung 850 Pro-WD 1 TB
Display(s) LG 27
Case NZXT
Audio Device(s) N/A
Power Supply EVGA 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Home
#26
Profit over security?
Nah, Intel would never..................:shadedshu:
 
Joined
Mar 18, 2015
Messages
1,639 (1.12/day)
Likes
919
Location
Long Island
#27
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
Agreed, I don't understand why this topic is sensationalized everywhere or why asking if any instance of consumers or enthusiasts being negatively impacted has ever been reported is prohibited .
 
Joined
Mar 10, 2015
Messages
1,258 (0.85/day)
Likes
840
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#29
this topic is sensationalized everywhere
In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.
 
Joined
Dec 16, 2017
Messages
328 (0.71/day)
Likes
221
Location
Argentina
System Name Desktop4
Processor Intel Core i3-4330
Motherboard Gigabyte GA-B85M-D3H v2.1
Cooling Standard Intel Cooler
Memory 32 GB DDR3 1600 MHz (11-10-10-29 CR2)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage Kingston HyperX Fury 240 GB // Toshiba 2 TB HDD // WD 2 TB HDD
Display(s) LG 22MP55 IPS Display (6-bit + FRC)
Case Corsair Carbide 100R
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Logitech Wireless Mouse M280 // Microsoft Trackball Optical 1.0
Keyboard Microsoft Natural Keyboard 4000
Software Windows 10
Benchmark Scores CPU-Z: 327.9 ST / 973.8 MT Cinebench R20: 797 cb
#30
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
 
Joined
Mar 16, 2017
Messages
294 (0.40/day)
Likes
148
Location
Tanagra
System Name 2017 iMac 5K
Processor Intel i5-7500
Motherboard Intel Z170
Cooling Apple
Memory 16GB DDR4
Video Card(s) Radeon Pro 570 4GB
Storage Apple SM0256L
Display(s) 27” 5120x2880 3P
Case iMac
Audio Device(s) My ears
Software MacOS 10.14 and Windows 10 pro
Benchmark Scores Plays games at 1080p
#31
I guess Intel engineers are probably feeling a bit like "OH ~$%&ING COME ON! $&@#! THIS @€$# AGAIN!? *$%#@!!"

That aside, considering what seems to be a never-ending parade of vulnerabilities, I'm wondering if Intel and AMD should consider investing heavily in R&D to maybe one day launch CPUs that do not rely on speculative execution to get work done fast. I know I'd do.
All your high performance, out-of-order CPU makers use speculative execution--it's a key component of OeOE. The benefits of the technology are huge. Without it, the CPU spends a lot of time waiting when it could be doing more work. Maybe on the day system memory is as fast as the CPU, it (and the various cache stages) will no longer be needed, or maybe the benefit of SE will be less. Still, each CPU maker implements SE differently, so vulnerability largely depends on the design.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
25,500 (5.96/day)
Likes
8,677
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
#32
The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.
bulldozer it is not...

Piledriver it is
 
Joined
Oct 22, 2014
Messages
6,703 (4.16/day)
Likes
3,974
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E5-2680 10c/20t 2.8GHz @ 3.0GHz
Motherboard Asrock X79 Extreme 11
Cooling Coolermaster 240 RGB A.I.O.
Memory G. Skill 16Gb (4x4Gb) 2133Mhz
Video Card(s) Nvidia GTX 710
Storage Sandisk X 400 256Gb
Display(s) AOC 22" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Software W10 Home Premium 64 bit
#33
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
 
Joined
Mar 10, 2015
Messages
1,258 (0.85/day)
Likes
840
System Name Wut?
Processor 4770K @ Stock
Motherboard MSI Z97 Gaming 7
Cooling Water
Memory 16GB DDR3 2400
Video Card(s) Vega 56
Storage Samsung 840 Pro 256GB
Display(s) 3440 x 1440
Case Thermaltake T81
Power Supply Seasonic 750 Watt Gold
#34
Wait, how many average home users of computers has this affected exactly, now or in the past?
I'm talking about all prior vulnerabilities affecting processors as well.
I doubt one single average joe has been affected.
That depends, how many average Joe's had their data stolen from a data center?
 
Joined
Jun 28, 2015
Messages
333 (0.24/day)
Likes
129
#35
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
 
Joined
Oct 22, 2014
Messages
6,703 (4.16/day)
Likes
3,974
Location
Sunshine Coast
System Name Black Box
Processor Intel Xeon E5-2680 10c/20t 2.8GHz @ 3.0GHz
Motherboard Asrock X79 Extreme 11
Cooling Coolermaster 240 RGB A.I.O.
Memory G. Skill 16Gb (4x4Gb) 2133Mhz
Video Card(s) Nvidia GTX 710
Storage Sandisk X 400 256Gb
Display(s) AOC 22" Freesync 1m.s. 75Hz
Case Corsair 450D High Air Flow.
Audio Device(s) No need.
Power Supply FSP Aurum 650W
Software W10 Home Premium 64 bit
#36
That depends, how many average Joe's had their data stolen from a data center?
I was one of thousands that did, but that was a data centre, not at individual at home, and it was a normal data breach by hacking.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,429 (4.53/day)
Likes
4,607
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#37
This is seriously making a good case to not have Intel CPUs for mission critical servers & stations.
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
 
Joined
Oct 2, 2015
Messages
1,852 (1.46/day)
Likes
871
Location
Argentina
System Name Ciel / Yukino
Processor AMD Ryzen R3 1200 @ 3900MHz / Intel Core i3 5005U
Motherboard MSI B350M PRO-VDH / HP 240 G5
Cooling Wraith Stealth / Stock
Memory 2x 4GB Corsair Ballistix Sport DDR4 2400MHz @ 3066MHz / 2x 4GB Hynix + Kingston DDR3L 1600MHz
Video Card(s) Sapphire R9 270X Toxic 2GB 1250/1575MHz / Intel HD 5500
Storage SSD WD Green 240GB M.2 / SSD Kingston A400 120GB SATA
Display(s) HP w17e 1440x900 @ 75 Hz / Integrated 1366x768 @ 94Hz
Case Generic / Stock
Audio Device(s) Realtek ALC892 / Realtek ALC282
Power Supply Sentey XPP 525W / Power Brick
Mouse Logitech MX Revolution / Elan Touchpad
Keyboard Generic / Stock
Software Windows 10 Education x64 / Ubuntu 18.04 x64
Benchmark Scores Time Spy: 2200
#38
If we used VIA this wouldn't happen.
 
Joined
Jun 3, 2010
Messages
377 (0.12/day)
Likes
69
#39
Maybe not. Security through obscurity is not real security. Meaning, if all the data centers switched to AMD tomorrow, I don't think it would be very long before their flaws are discovered. I'm not saying there are (or aren't) flaws to be found, just saying Intel is the bigger target, so it makes sense we hear about Intel more often than AMD.

...But that also doesn't excuse all the Intel flaws, either. They've definitely got to do something about all this. If I were managing a datacenter, I would be none too happy about hearing about another Intel security flaw for the umpteenth time. Especially one that can't be patched by software, which means now I have to wait (for an unknown period of time while I run unsecure hardware) until I can spend more money on (maybe) secure hardware! Ridiculous.
You know this would make the stage for an all new Robocop movie...
 
Joined
Jan 11, 2005
Messages
1,186 (0.23/day)
Likes
435
Location
66 feet from the ground
System Name 2nd AMD puppy
Processor FX-8350 vishera
Motherboard Gigabyte GA-970A-UD3
Cooling Cooler Master Hyper TX2
Memory 16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s) Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s) Benq XL2730Z 144 Hz freesync
Case NZXT 820 PHANTOM
Audio Device(s) Audigy SE with Logitech Z-5500
Power Supply Cooleer Master RP M520
Mouse Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard MS Sidewinder x4
Software win10 64bit ltsc
Benchmark Scores irrelevant for me
#40
cpu is designed by man therefore is a flawed product from start.

we'll never know how many unknown design errors exist in a cpu as finding a way to by-pass certain hardware security using software is considered a bug

seems some people are smarter :respect: than cpu design teams and their computers which ran the security checks ....
 
Joined
Oct 30, 2008
Messages
1,599 (0.42/day)
Likes
410
System Name Lailalo / Edelweiss
Processor Ryzen 1700 @ 3.8Ghz / i7 3610QM @2.3-3.2Ghz
Motherboard Asus X370 Prime/ Lenovo Y580
Cooling Noctua / Big hunk of copper
Memory 16GB DDR4 3200 Ripjaws with Samsung chips / 8GB Hyundai DDR3 1600
Video Card(s) XFX R9 390 / GTX 660M 2GB
Storage Crucial 1TB MX500 SSD, Segate 3TB, 64GB Synapse SSD as Pagefile drive / Western Digital 1TB 7200RPM
Display(s) LG Ultrawide 29in @ 2560x1080 / Lenovo 15.6 @ 1920x1080
Case Coolermaster Storm Sniper / Lenovo Y580
Audio Device(s) Asus Xonar DG / Whatever Lenovo used
Power Supply Antec Truepower Blue 750W + Thermaltake 5.25in 250W / Big Power Brick
Mouse G602
Keyboard G510s
Software Windows 10 Pro / Windows 10 Home
#41
laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
 
Joined
Jun 3, 2010
Messages
377 (0.12/day)
Likes
69
#42
As with all HP machines...wait for it. Happiness starts falling apart as soon as you realize how many corners they cut in construction. Heh...
Tablets are the best. 300gr polycarbonate+corning, even the volume buttons are loose from impacts, can drop it around all day.
 
Joined
Jul 5, 2013
Messages
5,088 (2.44/day)
Likes
3,247
Location
USA
#44
I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,429 (4.53/day)
Likes
4,607
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
#45
Don't make that jump to quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
Agreed. Worry about it if you're a datacenter or something. This attack requires physical access, as does Meltdown and Spectre IIRC (but NetSpectre can be used over a network... but would still require access to your network, in some way).
 

P4-630

The Way It's Meant to be Played
Joined
Jan 5, 2006
Messages
9,431 (1.95/day)
Likes
9,307
Location
Vinewood
System Name Desktop / Laptop
Processor Intel i7 6700K @ 4.3GHz (1.175 V) / Intel i3 7100U
Motherboard Asus Z170 Pro Gaming / HP 83A3 (U3E1)
Cooling Noctua NH-U12S + Thermal Grizzly Kryonaut + 3 case fans / Fan
Memory 16GB DDR4 Corsair Vengeance LPX 3000MHz CL15 / 6GB DDR4 Samsung 2400MHz CL15
Video Card(s) MSI GTX1070 Gaming X 8GB / Intel HD620
Storage Samsung 970 evo 500GB + Samsung 850 Pro 512GB + Hitachi 2.5" 7200rpm 750GB / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p + 21.5" LG 22MP67VQ IPS 60Hz 1080p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) SupremeFX Onboard / Realtek onboard + B&O speaker system
Power Supply Be quiet! Straight Power 10 500 Watt CM / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 10 x64 / Windows 10 x64
Benchmark Scores GTA V upto 125fps @ 1440p G-Sync MSAAx2
#46
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
 
Joined
Jul 5, 2013
Messages
5,088 (2.44/day)
Likes
3,247
Location
USA
#47
"
Updated to add
An Intel spokesperson told us after publication that it hopes applications can be built in future to defend against SPOILER attacks, or hardware protections can be deployed:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research."

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
(scroll to the bottom)
The research paper for this is a very tedious read, but also very enlightening. Worth a read;
https://arxiv.org/pdf/1903.00446.pdf
 
Last edited:
Joined
Jul 5, 2013
Messages
5,088 (2.44/day)
Likes
3,247
Location
USA
#49
While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.
 
Joined
Mar 14, 2009
Messages
3,916 (1.07/day)
Likes
2,004
Location
Ohio
System Name Fractured puke.
Processor Intel I7-8700k/G4400/AMD 9600
Motherboard MSI z370 Gaming M5/h110/ AMD b320
Cooling Corsair H110i/Intel/AMD
Memory 16GB G.Skill TridentZ 3200MHZ/8gb 2133mhz/8gb 2400mhz
Video Card(s) Nvidia GTX 1070ti/GTX 470/apu
Storage 960 EVO 500gb/256gb WD Black 2280 M2/Patriot Ignite 480gb SSD/ Inland Pro 256gb SSD
Display(s) Acer 32" QHD/ ViewSonic 24" FHD/HannSpree 24" 2680x1050
Case Fractal Design Meshify-C/ Rosewill FBM-01/ Rosewill FBM-01
Audio Device(s) creative audigy/nboard/ onboard
Power Supply Seasonic/TT/TT
Mouse Epicgear/red dragon/E3lue
Keyboard Razer Deatstalker/red dragon RGB/E3lue rgb
Software Windows 10Pro x64//
#50
Don't make that jump too quick. These kinds of vulnerabilities are useless against normal users and are near impossible to pull off remotely.
This more or less gives me (absolutely no reason) a good reason to pickup a b450 Mobo since I have a spare AM4 CPU that needs used, ( after I get a Mobo for it I'll more than likely order a better CPU since its a 9600) since I hate having stuff so around doing nothing (I may be a tech Horder in need of help)

On a serious note, I don't think anything will ever come if this other than some type of patch.
 
Last edited:
Top