Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
More side-channel attacks for Intel processors
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
More side-channel attacks for Intel processors
https://lore.kernel.org/lkml/2019051418 ... kroah.com/
I'm never buying anything with an Intel CPU ever again.
RISC-V ftw!
I'm never buying anything with an Intel CPU ever again.
RISC-V ftw!
deadbang
-
- Posts: 195
- Joined: 2019-03-12 23:26
Re: More side-channel attacks for Intel processors
+1 (or maybe *10)Head_on_a_Stick wrote:https://lore.kernel.org/lkml/2019051418 ... kroah.com/
I'm never buying anything with an Intel CPU ever again.
RISC-V ftw!
-
- Posts: 195
- Joined: 2019-03-12 23:26
Re: More side-channel attacks for Intel processors
I have to admit that I was surprised and excited to see AWS release ARM and AMD instances. I am hoping they can influence the CPU market in favor of ARM and AMD. By the way, as a bit of trivia, AWS operates at a scale where they get custom CPUs from Intel. I suspect the AMD instances caused a bit of discomfort inside Intel.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: More side-channel attacks for Intel processors
The vulnerability has a trendy name now: zombieload
OpenBSD disables SMT by default but Linux prefers to ignore the potential risks because Intel are a Platinum member of the Linux Foundation and they don't want to be made to look any more incompetent.
The fixes have already been added to the intel-microcode packages for stretch & sid but not buster or jessie so users of those branches should install the intel-microcode .debs from sid.
And any Arch users reading this should add the intel-ucode package from [Testing] because the version in [Extra] is vulnerable.
That will not protect you against this specific problem but it will probably help defend against so-far undiscovered holes.CwF wrote:I already disable HT for other reasons.
OpenBSD disables SMT by default but Linux prefers to ignore the potential risks because Intel are a Platinum member of the Linux Foundation and they don't want to be made to look any more incompetent.
The fixes have already been added to the intel-microcode packages for stretch & sid but not buster or jessie so users of those branches should install the intel-microcode .debs from sid.
And any Arch users reading this should add the intel-ucode package from [Testing] because the version in [Extra] is vulnerable.
deadbang
Re: More side-channel attacks for Intel processors
https://www.schneier.com/blog/archives/ ... tel_c.html
Bruce Schneier suggested this at the beginning of 2018 and now he is predicting still more vulnerabilities to come.
Bruce Schneier suggested this at the beginning of 2018 and now he is predicting still more vulnerabilities to come.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: More side-channel attacks for Intel processors
Theo deRaadt suggested this back in 2007:dotlj wrote:Bruce Schneier suggested this at the beginning of 2018
https://marc.info/?l=openbsd-misc&m=118296441702631
And he also predicted *many* more of these types of vulnerability last year:
https://marc.info/?l=openbsd-tech&m=153504937925732&w=2
And yet the Linux kernel developers still have SMT enabled by default but I suppose Intel are giving them lots of money so...
deadbang
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: More side-channel attacks for Intel processors
What , Me worry ? I have clamav, so my system is safe
- eor2004
- Posts: 251
- Joined: 2013-10-01 22:49
- Location: Puerto Rico
- Has thanked: 6 times
- Been thanked: 5 times
Re: More side-channel attacks for Intel processors
Debian 12 Gnome on a MSI H61M-P25 (B3) PC & on a Dell Latitude E6410 & HP EliteBook 8540p Laptops.
LMDE 6 on a Panasonic ToughBook CF-C1 Laptop.
Bodhi Linux 7 on a HP Compaq DC5750 Small Form Factor PC.
Windows 11 on a Intel DH55TC PC.
LMDE 6 on a Panasonic ToughBook CF-C1 Laptop.
Bodhi Linux 7 on a HP Compaq DC5750 Small Form Factor PC.
Windows 11 on a Intel DH55TC PC.
- eor2004
- Posts: 251
- Joined: 2013-10-01 22:49
- Location: Puerto Rico
- Has thanked: 6 times
- Been thanked: 5 times
Re: More side-channel attacks for Intel processors
Debian 12 Gnome on a MSI H61M-P25 (B3) PC & on a Dell Latitude E6410 & HP EliteBook 8540p Laptops.
LMDE 6 on a Panasonic ToughBook CF-C1 Laptop.
Bodhi Linux 7 on a HP Compaq DC5750 Small Form Factor PC.
Windows 11 on a Intel DH55TC PC.
LMDE 6 on a Panasonic ToughBook CF-C1 Laptop.
Bodhi Linux 7 on a HP Compaq DC5750 Small Form Factor PC.
Windows 11 on a Intel DH55TC PC.
Re: More side-channel attacks for Intel processors
https://www.amd.com/en/corporate/produc ... ty-Updates
5/14/19
At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.
For more information, see our new whitepaper, titled “Speculation Behavior in AMD Micro-Architectures.”
11/13/18
AMD is aware of the latest research published claiming new speculative execution attacks. AMD believes it is not vulnerable to some of these attacks because of the hardware paging architecture protections in AMD devices and, for those that are not solved by our paging architecture protections, the mitigation is to implement our existing recommendations.
Specific recommendations by published description:
New Variants of Spectre v1 – AMD recommends implementing existing mitigations
Pattern History Table - Cross Address - Out of Place (PHT-CA-OP)
Pattern History Table - Cross Address - In Place (PHT-CA-IP)
Pattern History Table - Same Address - Out of Place (PHT-SA-OP)
New Variants of Spectre v2 – AMD recommends implementing existing mitigations
Branch Target Buffer - Same Address - In Place (BTB-SA-IP)
Branch Target Buffer - Same Address - Out of Place (BTB-SA-OP)
New Variant of Meltdown
Meltdown-BK – AMD believes this does not affect its platforms because AMD does not have this feature in its products
New Variant of Spectre v1 – referred by researchers as a Meltdown variant
Meltdown-BD – AMD believes 32-bit systems using the BOUND instruction may be impacted and recommends implementing existing mitigations for Spectre v1 for such systems.
11/27/18
AMD does not believe the PortSmash issue (https://seclists.org/oss-sec/2018/q4/123) is related to previously found speculative execution issues like Spectre. Instead, AMD believes the issues are related to any processor that uses simultaneous multithreading (SMT), including those from AMD, that is vulnerable to software that exposes the activity of one process to another running on the same processor. We believe this issue can be mitigated in software by using side-channel counter measures. For example, OpenSSL, which was used in the researcher’s proof of concept, has already been updated to address this type of attack.