More side-channel attacks for Intel processors

Here you can discuss every aspect of Debian. Note: not for support requests!

More side-channel attacks for Intel processors

Postby Head_on_a_Stick » 2019-05-14 19:55

https://lore.kernel.org/lkml/2019051418 ... kroah.com/

I'm never buying anything with an Intel CPU ever again.

RISC-V ftw!
User avatar
Head_on_a_Stick
 
Posts: 10346
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: More side-channel attacks for Intel processors

Postby neuraleskimo » 2019-05-14 21:43

Head_on_a_Stick wrote:https://lore.kernel.org/lkml/20190514180424.GA11131@kroah.com/

I'm never buying anything with an Intel CPU ever again.

RISC-V ftw!

+1 (or maybe *10) :wink:
User avatar
neuraleskimo
 
Posts: 102
Joined: 2019-03-12 23:26
Location: Bloomington, Indiana, USA

Re: More side-channel attacks for Intel processors

Postby CwF » 2019-05-14 22:53

Good, hope xeons lose value so I can buy more. I already disable HT for other reasons.
CwF
 
Posts: 396
Joined: 2018-06-20 15:16

Re: More side-channel attacks for Intel processors

Postby neuraleskimo » 2019-05-15 13:53

I have to admit that I was surprised and excited to see AWS release ARM and AMD instances. I am hoping they can influence the CPU market in favor of ARM and AMD. By the way, as a bit of trivia, AWS operates at a scale where they get custom CPUs from Intel. I suspect the AMD instances caused a bit of discomfort inside Intel.
User avatar
neuraleskimo
 
Posts: 102
Joined: 2019-03-12 23:26
Location: Bloomington, Indiana, USA

Re: More side-channel attacks for Intel processors

Postby Head_on_a_Stick » 2019-05-15 13:59

The vulnerability has a trendy name now: zombieload :roll:

CwF wrote:I already disable HT for other reasons.

That will not protect you against this specific problem but it will probably help defend against so-far undiscovered holes.

OpenBSD disables SMT by default but Linux prefers to ignore the potential risks because Intel are a Platinum member of the Linux Foundation and they don't want to be made to look any more incompetent.

The fixes have already been added to the intel-microcode packages for stretch & sid but not buster or jessie so users of those branches should install the intel-microcode .debs from sid.

And any Arch users reading this should add the intel-ucode package from [Testing] because the version in [Extra] is vulnerable.
User avatar
Head_on_a_Stick
 
Posts: 10346
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: More side-channel attacks for Intel processors

Postby dotlj » 2019-05-18 00:56

https://www.schneier.com/blog/archives/2019/05/another_intel_c.html

Bruce Schneier suggested this at the beginning of 2018 and now he is predicting still more vulnerabilities to come.
User avatar
dotlj
 
Posts: 646
Joined: 2009-12-25 17:21

Re: More side-channel attacks for Intel processors

Postby Head_on_a_Stick » 2019-05-18 14:25

dotlj wrote:Bruce Schneier suggested this at the beginning of 2018

Theo deRaadt suggested this back in 2007:

https://marc.info/?l=openbsd-misc&m=118296441702631

And he also predicted *many* more of these types of vulnerability last year:

https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

And yet the Linux kernel developers still have SMT enabled by default but I suppose Intel are giving them lots of money so... :roll:
User avatar
Head_on_a_Stick
 
Posts: 10346
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: More side-channel attacks for Intel processors

Postby GarryRicketson » 2019-05-18 15:57

What , Me worry ? :mrgreen: I have clamav, so my system is safe :mrgreen:
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: More side-channel attacks for Intel processors

Postby sickpig » 2019-05-19 02:11

congratulations what a valuable input ur post added
haven = Sir P.G. Wodehouse's books. U havent lived unless u have read one :)
User avatar
sickpig
 
Posts: 314
Joined: 2019-01-23 10:34

Re: More side-channel attacks for Intel processors

Postby eor2004 » 2019-05-19 05:44

OS Debian Stretch 64-bit DE Gnome 3.22 CPU AMD Phenom II X4 925 @ 2.8GHZ RAM 8GB CORSAIR XMS2 PC2-6400U DDR2 (CM2X2048-6400C5C) GPU ATI Radeon HD 3200 Mobo Gigabyte GA-MA78GPM-DS2H HDD Hitachi 2TB (HUA723020ALA641) 7200RPM
User avatar
eor2004
 
Posts: 187
Joined: 2013-10-01 22:49
Location: Puerto Rico

Re: More side-channel attacks for Intel processors

Postby eor2004 » 2019-05-19 05:56

OS Debian Stretch 64-bit DE Gnome 3.22 CPU AMD Phenom II X4 925 @ 2.8GHZ RAM 8GB CORSAIR XMS2 PC2-6400U DDR2 (CM2X2048-6400C5C) GPU ATI Radeon HD 3200 Mobo Gigabyte GA-MA78GPM-DS2H HDD Hitachi 2TB (HUA723020ALA641) 7200RPM
User avatar
eor2004
 
Posts: 187
Joined: 2013-10-01 22:49
Location: Puerto Rico

Re: More side-channel attacks for Intel processors

Postby dotlj » 2019-05-19 10:00

https://www.amd.com/en/corporate/product-security#Current-Security-Updates

5/14/19

At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.

For more information, see our new whitepaper, titled “Speculation Behavior in AMD Micro-Architectures.”


11/13/18

AMD is aware of the latest research published claiming new speculative execution attacks. AMD believes it is not vulnerable to some of these attacks because of the hardware paging architecture protections in AMD devices and, for those that are not solved by our paging architecture protections, the mitigation is to implement our existing recommendations.

Specific recommendations by published description:

New Variants of Spectre v1 – AMD recommends implementing existing mitigations

Pattern History Table - Cross Address - Out of Place (PHT-CA-OP)
Pattern History Table - Cross Address - In Place (PHT-CA-IP)
Pattern History Table - Same Address - Out of Place (PHT-SA-OP)

New Variants of Spectre v2 – AMD recommends implementing existing mitigations

Branch Target Buffer - Same Address - In Place (BTB-SA-IP)
Branch Target Buffer - Same Address - Out of Place (BTB-SA-OP)

New Variant of Meltdown

Meltdown-BK – AMD believes this does not affect its platforms because AMD does not have this feature in its products

New Variant of Spectre v1 – referred by researchers as a Meltdown variant

Meltdown-BD – AMD believes 32-bit systems using the BOUND instruction may be impacted and recommends implementing existing mitigations for Spectre v1 for such systems.



11/27/18

AMD does not believe the PortSmash issue (https://seclists.org/oss-sec/2018/q4/123) is related to previously found speculative execution issues like Spectre. Instead, AMD believes the issues are related to any processor that uses simultaneous multithreading (SMT), including those from AMD, that is vulnerable to software that exposes the activity of one process to another running on the same processor. We believe this issue can be mitigated in software by using side-channel counter measures. For example, OpenSSL, which was used in the researcher’s proof of concept, has already been updated to address this type of attack.
User avatar
dotlj
 
Posts: 646
Joined: 2009-12-25 17:21


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable