• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 6, 2017
Messages
1,741 (1.73/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Root is nothing more than Administrator functionality. Works the exact same way in Windows.
And yet people still run as admin on Windows. I at least have the common sense to run with UAC enabled.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,689 (4.34/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
 
Joined
Mar 10, 2015
Messages
2,353 (1.36/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
Neither of them are that great unless you are doing a smash and grab or get your discrete alley way entry setup.
 
Joined
Jul 5, 2013
Messages
7,626 (3.25/day)
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.
 
Joined
Aug 20, 2007
Messages
12,079 (2.69/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 13-13-13-33-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) Onboard TOSLINK to Schiit Modi MB to Schiit Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply EVGA SuperNova T2 850W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Root is nothing more than Administrator functionality. Works the exact same way in Windows. Calling it "game over" is making a mountain out of an ant-hill.
No, it's SYSTEM-account level functionality. Even Windows doesn't give you that. Administrator is a high privilege account. Root is a god account and it does not privilege check. If the compute can do it, it will be done. Root even ignores fs permissions.

That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.
delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that. ;)
 
Joined
Oct 28, 2010
Messages
222 (0.07/day)
They should learn to stop bypassing things with such dirty tricks only to show-off in benchmarks.

This is something like checking parity of a file instead of its SHA to see if it's valid (a little exaggerated example, but that's the logic: let's cheat on any possible calculations).

@R-T-B 'Administrator' of Windows OS is the equivalent of SU in Linux.

So yes, the more exact equivalent of root would be the system account in Windows, of which privileges you can assimilate and use if you want.
 
Joined
Mar 23, 2005
Messages
3,402 (0.63/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseEN Gaming PC
Processor AMD Ryzen 7 1700X @ stock
Motherboard ASRock Fatal1ty X370 GAMING X AM4
Cooling Corsair H115i PRO RGB, 280mm Radiator, Dual 140mm ML Series PWM Fans
Memory G.Skill TridentZ 32GB (2 x 16GB) DDR4 3200
Video Card(s) Sapphire Radeon RX 580 8GB Nitro+ SE
Storage Corsair Force MP500 480GB M.2 (OS) + Force MP510 480GB M.2 (Steam/Games)
Display(s) Asus 27" (MG278Q) 144Hz WQHD 1440p + 1 x Asus 24" (VG245H) FHD 75Hz 1080p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ ASUS Xonar DGX PCI-E GX2.5 Audio Engine Sound Card
Power Supply Corsair TX750W Power Supply
Mouse Razer DeathAdder PC Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G15 Classic Gaming Keyboard
Software Windows 10 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor.
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
AMD nor ARM are affected by this.
They looked for the same weakness in ARM and AMD processor cores but didn't find the same behaviour that is present in Intel chips. Spoiler depends on "a novel microarchitectural leakage, which reveals critical information about physical page mappings to userspace processes".
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments."
Oh crap... :shadedshu::banghead:
Good news for AMD, Bad news for Intel :D
 
Last edited:
  • Like
Reactions: HTC

HTC

Joined
Apr 1, 2008
Messages
3,734 (0.88/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 2600X
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Nitro+ Radeon RX 480 OC 4 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 19.04 LTS
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

AMD nor ARM are affected by this.

Good news for AMD, Bad news for Intel:D
No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,689 (4.34/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
 

HTC

Joined
Apr 1, 2008
Messages
3,734 (0.88/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 2600X
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Nitro+ Radeon RX 480 OC 4 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 19.04 LTS
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
Depends on the "cost" of that speed.

I agree that spec - ex is a "key feature" in current CPU's performance but if indeed it turns out that it's performance enhancement comes with too big security risks, than i'd rather have the companies that are most susceptible to be the target of these kinds of exploits (banks, and the like) to have slower CPUs.

Us individuals are much less prone to be the target of such attacks, but this fact doesn't rule it out: keep that in mind.
 
Joined
Jul 5, 2013
Messages
7,626 (3.25/day)
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
It would literally drop processor performance by 35% to 40%. Granted, for what most people do it would not be so bad or even noticeable. However for any task that requires performance, the difference would be severe.
 
Joined
Oct 28, 2010
Messages
222 (0.07/day)
@HTC no, this specific issue will not affect the others ever since they didn't cheat on basic processing.

Other vulnerabilities may appear on all, but not this one.
 
Joined
Mar 23, 2005
Messages
3,402 (0.63/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseEN Gaming PC
Processor AMD Ryzen 7 1700X @ stock
Motherboard ASRock Fatal1ty X370 GAMING X AM4
Cooling Corsair H115i PRO RGB, 280mm Radiator, Dual 140mm ML Series PWM Fans
Memory G.Skill TridentZ 32GB (2 x 16GB) DDR4 3200
Video Card(s) Sapphire Radeon RX 580 8GB Nitro+ SE
Storage Corsair Force MP500 480GB M.2 (OS) + Force MP510 480GB M.2 (Steam/Games)
Display(s) Asus 27" (MG278Q) 144Hz WQHD 1440p + 1 x Asus 24" (VG245H) FHD 75Hz 1080p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ ASUS Xonar DGX PCI-E GX2.5 Audio Engine Sound Card
Power Supply Corsair TX750W Power Supply
Mouse Razer DeathAdder PC Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G15 Classic Gaming Keyboard
Software Windows 10 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor.
No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.
 
Joined
Jul 5, 2013
Messages
7,626 (3.25/day)
AMD doesn't have this issue, nor does ARM. As I stated above.
That has yet to be determined by further research.
The issue here is Intel cheating, where they finally got caught with there pants down.
Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
 

HTC

Joined
Apr 1, 2008
Messages
3,734 (0.88/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 2600X
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Nitro+ Radeon RX 480 OC 4 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 19.04 LTS
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.
Spoiler apparently not, but Spectre yes.

New spec - ex based exploits are being discovered and, for all we know, other exploits just as dangerous or even more so may have been reported to manufacturers already. Remember: this new Spoiler exploit was referred to Intel in December of 2018, but we only found out about it in March 2019.

That has yet to be determined by further research.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
I'm 100% sure that was the case. However, and if it turns out someone @ design level stages pointed out the potential issues that could arise from it but was ignored in the persuit of performance, then that's a different matter entirely. I'm not talking about Intel only, since AMD and ARM also use spec - ex.
 
Joined
Mar 29, 2014
Messages
65 (0.03/day)
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...
You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
 
Joined
Mar 23, 2005
Messages
3,402 (0.63/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseEN Gaming PC
Processor AMD Ryzen 7 1700X @ stock
Motherboard ASRock Fatal1ty X370 GAMING X AM4
Cooling Corsair H115i PRO RGB, 280mm Radiator, Dual 140mm ML Series PWM Fans
Memory G.Skill TridentZ 32GB (2 x 16GB) DDR4 3200
Video Card(s) Sapphire Radeon RX 580 8GB Nitro+ SE
Storage Corsair Force MP500 480GB M.2 (OS) + Force MP510 480GB M.2 (Steam/Games)
Display(s) Asus 27" (MG278Q) 144Hz WQHD 1440p + 1 x Asus 24" (VG245H) FHD 75Hz 1080p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ ASUS Xonar DGX PCI-E GX2.5 Audio Engine Sound Card
Power Supply Corsair TX750W Power Supply
Mouse Razer DeathAdder PC Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G15 Classic Gaming Keyboard
Software Windows 10 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor.
You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
Both AMD and ARM have been checked again and again. Intel CPUs starting from its 1st generation Core design are affected. Based on the research that found this vulnerability.
 
Joined
Mar 10, 2015
Messages
2,353 (1.36/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
 
Joined
Mar 23, 2005
Messages
3,402 (0.63/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseEN Gaming PC
Processor AMD Ryzen 7 1700X @ stock
Motherboard ASRock Fatal1ty X370 GAMING X AM4
Cooling Corsair H115i PRO RGB, 280mm Radiator, Dual 140mm ML Series PWM Fans
Memory G.Skill TridentZ 32GB (2 x 16GB) DDR4 3200
Video Card(s) Sapphire Radeon RX 580 8GB Nitro+ SE
Storage Corsair Force MP500 480GB M.2 (OS) + Force MP510 480GB M.2 (Steam/Games)
Display(s) Asus 27" (MG278Q) 144Hz WQHD 1440p + 1 x Asus 24" (VG245H) FHD 75Hz 1080p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ ASUS Xonar DGX PCI-E GX2.5 Audio Engine Sound Card
Power Supply Corsair TX750W Power Supply
Mouse Razer DeathAdder PC Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G15 Classic Gaming Keyboard
Software Windows 10 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor.
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

That has yet to be determined by further research.
The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.
They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.


Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
 
Joined
Mar 10, 2015
Messages
2,353 (1.36/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol
As they should have. The only way this was getting fixed was with a new architecture. And it wasn't like they weren't working on one.

I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
More like they were pursuing performance not benchmarks.
 
Top