Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Intel Security Technology

Intel CPUs Released in Last 8 Years Impacted by New Zombieload Side-Channel Attack (zdnet.com) 149

Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. From a report: The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow. Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process.

Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. [...] In a research paper published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. Processors for desktops, laptops, and (cloud) servers are all impacted, researchers said on a special website they've set up with information about the Zombieload flaws.

This discussion has been archived. No new comments can be posted.

Intel CPUs Released in Last 8 Years Impacted by New Zombieload Side-Channel Attack

Comments Filter:
  • by Selur ( 2745445 ) on Tuesday May 14, 2019 @12:29PM (#58591184)

    "Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks."
    source: https://techcrunch.com/2019/05... [techcrunch.com]

    • Comment removed based on user account deletion
    • by gweihir ( 88907 ) on Tuesday May 14, 2019 @03:19PM (#58592538)

      While I _have_ asked myself whether buying AMD gave me an overall worse result in the past, it is now amply clear where Intel got that extra performance: Really bad design trade-offs.

      Looking forward to buying a zen-2 later this year!

      • While I _have_ asked myself whether buying AMD gave me an overall worse result in the past, it is now amply clear where Intel got that extra performance: Really bad design trade-offs.

        Looking forward to buying a zen-2 later this year!

        I thought about that too, but only for tiny fractions of a second. Then I always remembered that I paid less per performance, and didn't care enough about performance to set up a Beowulf cluster. So I must have made the right choice.

      • Then you haven't seen how badly recent AMDs are crippled. I own a Zen+ Threadripper (the big one: 2990WX), and all communication between quarters of the processor (it's split into four pieces, 8 cores 16 HT each) goes through a narrow pipe that's 15GB/s total. You can't even access L3 cache faster than that! So the external PCIe bandwidth that's impressive on paper (63GB/s -- 64 PCI3.0 lanes) is of no real use as the processor can't consume or return data fast enough. Half of the cores (NUMA nodes 1 and

        • by fintux ( 798480 )

          And which Intel product are you comparing it against? How's the price per performance, when patching against the known vulnerabilities?

          Also, the Threadripper performance does depend a lot on the use case. In some cases, a 2700x will beat them, but in some cases the Threadripper wipes the floor with those. I think it's always a good idea to check the benchmarks for the particular use case(s) one plans to use the product, and make the decision based on those (of course thinking about performance per cost and/

        • by gweihir ( 88907 )

          That is complete nonsense. You do never use all those PCI-E lanes at once.

      • Really bad design trade-offs.

        Nope. Just design trade-offs. The risk profile actually makes these relevant and good design trade-offs which renders Intel processors unsuitable for only a small minority of workloads.

        Personally I run AMD, but I don't pretend that this is somehow related to security.

    • by Myrrh ( 53301 )

      Goes back further than that. It even affects Penryn chips (and there's no microcode update planned for them).

  • by Suren Enfiajyan ( 4600031 ) on Tuesday May 14, 2019 @12:30PM (#58591196)
    My next laptop will probably be AMD.
    • AMD cheerleading (Score:2, Insightful)

      by sjbe ( 173966 )

      My next laptop will probably be AMD.

      Yeah yeah there always are people who think it really matters somehow. What leads you to believe that their stuff is in any way more secure? Nothing against AMD but I see no reason to believe nor any evidence that their processors are provably more secure than Intel's. Use AMD if you like their products but I think it's naive to think they don't have their own bugs and security issues.

      • by Suren Enfiajyan ( 4600031 ) on Tuesday May 14, 2019 @12:46PM (#58591314)
        AMD isn't ideal in regards of security but they have somewhat fewer known issues and AMD spectre type bugs are less severe, the applications can't read kernel memory, only the user mode memory. AMD is just the lesser of two evils. .
        • by eth1 ( 94901 )

          AMD isn't ideal in regards of security but they have somewhat fewer known issues and AMD spectre type bugs are less severe, the applications can't read kernel memory, only the user mode memory. AMD is just the lesser of two evils. .

          Yes, fewer KNOWN issues. Do these researchers put the same time and resources into exploiting AMD chips? Or are they focusing on Intel because there are so many more of those out there, and that's why the Intel vulnerabilities are being found?

          • Yes and what's so? The issues' unknown (or only known to very few people) status is actually protective. Also AMD doesn't easily leak the kernel memory like Intel does, so the kernel can avoid the performance overhead. At least Linux kernel does so.
          • by DarkOx ( 621550 )

            My guess yes they do probably put the effort into AMD chips because guess what EPYC is pretty darn popular for cloud hosts and big virtualization farms.

            Intel might have more market there but AMD has a pretty darn big presence in the market place where the really really valuable targets live. Certainly big enough to attract the attention of both black hats and white hats.

            The reality is AMD does have some important architectural differences that are serving them well with regard to both these side channel, c

          • Yes, fewer KNOWN issues. Do these researchers put the same time and resources into exploiting AMD chips? Or are they focusing on Intel because there are so many more of those out there, and that's why the Intel vulnerabilities are being found?

            Guess you haven't been paying attention to these issues at all. Remember how some Intel-related researchers in Israel reported AMD's vulnerability to some of these exploits? And how they exaggerated it? You can bet your ass that Intel themselves continues to look for vulnerabilities in AMD processors, but yes, there are lots of people looking for vulnerabilities in both, and ARM processors as well. Finding such a vulnerability is an instant road to some small publicity. Also, even if the original researcher

        • AMD spectre type bugs are less severe

          I live in a part of the world that is far from the equator, it makes meteor strikes killing me far less likely as there's more atmosphere to burn through.

          Picking AMD for security in any general purpose, especially a laptop, is making a similar decision. I'm willing to bet you never analyse the risk of any other part of your life down to this level.

          • Not only security, but also performance suffers from these mitigations. I'm sure that I'm pretty OK with both Intel and AMD with the latest security patches.
      • by vyvepe ( 809573 )

        There is a difference when an error is published for Intel CPUs but not for AMD CPUs. You are slightly better with an AMD CPU because more effort needs to be put into the exploit code for them. The additional effort may make it not profitable to attack.

        It is likely something similar exists for AMD processors. But will black hats bother to develop it? You have definitely ruled out at least all the low level attackers for now.

      • Re:AMD cheerleading (Score:4, Informative)

        by rahvin112 ( 446269 ) on Tuesday May 14, 2019 @01:07PM (#58591430)

        AMD CPUs are architected differently than Intel. Though AMD and almost everyone else with a speculative execution engine were susceptible to several variants of the Spectre exploits there were several that were also Intel only, including possibly this variant.

        Most of the Intel-only Spectre exploits were sloppy design that was meant to increase speed at the expense of security. Meltdown was a perfect example of this where AMD and ARM did the right thing at the expense of speed. To me the Spectre exploits have proved this without a doubt, Intel processors simply aren't safe until they change this design methodology and there is no evidence they have. They are doing what microsoft did in the 90's, trying to paper over the mistakes without changing the methodology of development.

        Speed at any cost, including security is stupid when almost every computer in the world is running code (JS) off the internet. Most of the Spectre variants can be executed from within a browser javescript sesion and that should scare the crap out of everyone. Do you trust every Javascript your computer executes?

        • Meltdown was a perfect example of this where AMD and ARM did the right thing at the expense of speed.

          Some ARM processors are vulnerable to both meltdown and spectre.

          • This is one of those things that seems to be "true," except there is a big lie hidden in the middle.

            If you gave the context, it would clearly be an irrelevant edge case, but you left out the context; and you have to know that context, and a bunch of details, to be making the claim you're making.

            So on a scale of "true" to "horse shit," this is clear horse shit.

            I'm sure you'll defend it anyways; but you sure as fuck won't teach the controversy, because if you did, your comment would clearly be shit.

            • Some ARM processors are vulnerable to both meltdown and spectre.

              Where is the lie?

              If you gave the context, it would clearly be an irrelevant edge case,

              It is very far from irrelevant. All A75 cores are vulnerable to MELTDOWN, which proves that ARM pulled the same kind of nefarious bullshit as Intel for performance reasons. They are not remotely trustworthy.

        • Most of the Intel-only Spectre exploits were sloppy design that was meant to increase speed at the expense of security. Meltdown was a perfect example of this where AMD and ARM did the right thing at the expense of speed.

          You mean where Intel did the right thing at the expense of security. The risk posed by Spectre and Meltdown is virtually non-existant for the vast majority of computer use cases.

          To me the fact that you live in a house and don't hide away in a bank vault all your life is evidence to me that you only take security seriously when talking on online forums, and not in real life.

          Hypocrite.

  • AMD FTW! (Score:4, Interesting)

    by imperious_rex ( 845595 ) on Tuesday May 14, 2019 @12:32PM (#58591204)
    Cheaper, better, and more secure!
    • by Anonymous Coward

      Even better... I haven't replaced my computer in more than 8 years!

    • Re: (Score:3, Interesting)

      slow down, cowboy!

      I bought (and had to return!) an amd 1700 system due to a glaring bug that was a show stopper. any high load work (make -j16) would cause either silent corruption or seg faults during gcc.

      I bought this JUST as a build server. 100% untrustable ;(

      its not all amd cpus (threadripper is ok, it seems) but you have to be careful with WHICH amd you buy, now. I won't go back again, it was a horrible experience and I wasted 2 weeks trying to get that build server reliable. no fix in sight. amd

      • by amorsen ( 7485 )

        While it IS possible that you hit a buggy CPU, faulty RAM is vastly more likely. That affects Intel and AMD equally.

        You should be complaining to your server vendor, not to AMD.

        • no, it was not ram.

          if you search enough, you'll find lots of articles on the cpu series the 1700 was from. it was a 65w 16 thread cpu, and my interest was to run it fanless with heatpipes (my current 65w i7 needs replacing, as I would have preferred -j16 to -j4 or -j8).

          nothing to do with chipset or mobo or video or nvme ssd.

          it was all about the cpu.

          as was posted, if you returned your cpu, amd would send you another but some users still had issues. I could not afford that much time to sort this out.

          • It sounds like you bought a crap motherboard and were overheating something and it didn't notice.

            CPU returning inconsistent results would be a major headline, there is no fucking way that happened and that you actually traced your problem to that. You can search "AMD 1700 bug" and you do find a compiler bug where Rizen 1700 CPUs from the first 25 weeks of production caused segfaults on some compiler jobs. So if you really did hit a CPU bug, this is more likely what it was, and your build system had some lef

          • amd would send you another but some users still had issues.

            Are you saying ryzentest would fail on the replacements? That's the first I've heard of this.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        There was an issue with AMD cpu's when they first launched where high cpu load while compiling the linux kernel would cause errors. These CPU's can be RMA'd to get a fixed one and since then the original issue has been resolved.

        I tried to look up a supporting article but all I can find are the ones complaining about the issue, sorry.

      • Re:AMD FTW! (Score:4, Insightful)

        by jon3k ( 691256 ) on Tuesday May 14, 2019 @02:00PM (#58591852)

        I bought (and had to return!) an amd 1700 system due to a glaring bug that was a show stopper. any high load work (make -j16) would cause either silent corruption or seg faults during gcc.

        I had the same bug and AMD replaced CPU for free. Got a brand new CPU shipped to me with advanced replacement and returned mine after installing it. No issues since.

      • by rv6502 ( 5793142 )

        From what I heard it was only an early production that had the flaw. They've fixed it since.
        But your point stands. AMD can't throw the first stone.
        Still took them quite a few months to publicly accept that their early batch had a big flaw.

        And I got burnt by buying a first generation dual Opteron 2xx system (that was a bit before Athlon64x2 existed) which didn't work properly in dual sockets. They were supposed to work but there was an inter-cpu cache coherency bug that randomly corrupted memory.
        This time ar

    • Define "better". Slower single threaded performance. Lack of vPro management features, and given the complete non-issue these side channel attacks present you're not going to win over the corporate world.

  • Back to 6502s (Score:5, Interesting)

    by xack ( 5304745 ) on Tuesday May 14, 2019 @12:42PM (#58591294)
    All modern processors are vulnerable.
    • The 6502 is vulnerable to fixed address stack space attack between $0100 and $01FF.

      Lets go back to Zilog Z80 instead!

      • by ebvwfbw ( 864834 )

        Mmmmm. Z80. I have one around here someplace hooked up to a 1 MHz clock chip and I think 64K worth of memory. Wire wrap computer.

        Probably still works with whatever I had on the eeprom last.

    • false, Ultrasparc, Itanium, Some ARM Cortex, Risc-V are not.

      • Comment removed based on user account deletion
        • the last generation just came out (which had nothing different than prior generation other than clock speed improvement) and orders for machines will be taken on Jan 2020

          so, yeah, it's almost dead

      • false, Ultrasparc, Itanium, Some ARM Cortex, Risc-V are not.

        False. Ultrasparc is vulnerable to SPECTRE.

        • it's the the oracle T4 and newer that has vulnerability if firmware update not applied. The older CPU don't have the speculative architecture to exploit.

  • 1) There seems to be a near-endless stream of serious vulnerabilities affecting the vast majority of CPUs.
    2) Many of these are fundamental flaws, where best-effort patches can only mitigate, not fix.
    3) If you are on a cloud server, there is no way to tell from within the virtual environment how vulnerable the system is, short of trying to find exploits yourself, which would be a felony.
    4) We are years away from seeing CPUs that don't have these vulnerabilities coming into the market.
    5) Hordes of companies a

    • Most of these vulnerabilities don't matter for typical computer use. Nobody wants to go through the trouble of exploiting these flaws on your computer to how much ammo you have left for your SG553 in Counterstrike, or to peek at your browsing history (despite what we like to think, we're not that important).

      For people doing tasks where this sort of security actually matters (probably mostly government and military), they can switch to hardware which doesn't have the vulnerability but is slower. Or run t
      • Comment removed based on user account deletion
        • Or the Russians. Or the Chinese. Or the Iranians. Or the French. (Just thought Iâ(TM)d throw them in there.) Or the [fill in the blank]. Then suddenly, you might just matter.

          Yeah, the whole "you're not important" argument has been bullshit essentially since the invention of the computer, and the adoption of computerized records and communications. Suddenly, it's become cheap to spy on everyone — and to attack everyone. Nobody is going to spend any money on plebs except when given a reason to do so, but now they don't have to spend any money to hack you and spy on you.

    • I find it all so tiresome. It's the endless search for ultimate security vs.the constant pressure to reduce costs.

      I also wonder -- let's say Intel really wanted to find these exploits -- how much would just finding them cost? I'm presuming that the super smart people who design CPUs actually don't want killer exploits, and actually give an E for Effort when designing CPUs in the hope of avoiding them, meaning that finding these bugs is hard, or at least hard until the first one is found.

      Since many of thes

  • by thereddaikon ( 5795246 ) on Tuesday May 14, 2019 @01:31PM (#58591596)
    Reading about this elsewhere it sounds like the software mitigation will involve clearing the buffers when the processor switches processes in most, but not all cases. This sounds familiar. Back in the early 2000's the major weakness of Netburst was that its pipeline was so long that if the branch predictor failed to see a branch coming then the entire 30+ stage pipeline would have to be drained which naturally would cause a massive performance hit. Its part of the reason why AMD's Hammer arch had higher IPC. While the technical reasons for this are massively different, we are talking about speculative execution buffers and not the branch predictor, I think the end result may be similar. Having to throw away a large chunk of in use data on a regular basis is going to hurt. The upside is unlike with the example this is predictable to a degree. The CPU knows when its going to context switch so hopefully something can be done to smooth the transition over a bit. The bad news is this is going to happen a lot, processors switch between processes nearly constantly.
    • It seems in this case clearing isn't necessary, there is incorrect behavior when a subsequent process submitted an invalid value.
  • The headline states that all Intel CPUs from the last 8 years are affected. This is incorrect... Coffee Lake Refresh, Whiskey Lake, and Cascade Lake all have hardware fixes for this problem with zero performance impact as reported by Ars [arstechnica.com]. The hardware fixes done in the latest chips for Spectre/Meltdown are also effective against this new exploit. Intel has also already released a microcode update which resolves the issue for Sandy Bridge and newer processors.

A physicist is an atom's way of knowing about atoms. -- George Wald

Working...