Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Raevenlord · Mar 5, 2019

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.

View at TechPowerUp Main Site

Trompochi · Mar 5, 2019

Holy batman....

trparky · Mar 5, 2019

Oh crap... :shadedshu:

eidairaman1 · Mar 5, 2019

Thank @HTC

GoldenX · Mar 5, 2019

Well... Sh#t...

Deleted member 67555 · Mar 5, 2019

So in other words they discovered the NSA's back door.

juiseman · Mar 5, 2019

I think Intel found the flaws themselves....That way they have an excuse to sell more of the same CPU's they have been selling since 2010.

"scare ware tactic" to sell more over priced CPU's...

If it ain't broke don't fix...well guess what? its broke again; "now we have to upgrade 1000's of our severs again""We just bought them last quarter!!"....lol...

This is most likely not accurate what I just wrote, but I can believe in market manipulation on almost any level....this would just be an extreme case of that.

I'm sure then, the next post will be "Why would Intel call foul on their own product? Because people will buy from them anyways because they are Intel....
Ever heard the phrase "All press is good press" its almost free advertisement in a way; though one might think it would hurt sales. The opposite effect
is most of the time observed....

jmcslob said:
So in other words they discovered the NSA's back door.

lol...that was my next thought....hahahhah
funney; and really kind of scary, but most likely true.

HTC · Mar 5, 2019

eidairaman1 said:
Thank @HTC

Nope: i "found" it in this Anandtech forum post.

GloryToYou · Mar 5, 2019

jmcslob said:
So in other words they discovered the NSA's back door.

Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine

Blinken · Mar 5, 2019

in all reality, it was probably just negligence in the pursuit of more profit. I'm sure in the coming years there'll be an internal memo leak where someone expressed a concern but was ignored and then there'll be a groundbreaking 20/20 story on some Sunday night about it, all while the general populace goes on computing in ignorant bliss.

Steevo · Mar 5, 2019

GloryToYou said:
Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine

Called it.

sam_86314 · Mar 5, 2019

Good thing I switched to AMD recently...

...except my laptop and all of my other computers have Intel chips :banghead:

ArbitraryAffection · Mar 5, 2019

laughs in Ryzen

Only thing left with an Intel processor in the house is mum's old Toshiba P750 laptop with a i5 2410M from 2011. I'm waiting for it to die so I can get her a Raven Ridge machine like my Envy x360, Super happy with it, especially now the drivers from the main stack can be used on the 2500U.

lexluthermiester · Mar 5, 2019

Wow, this is literally deep core logic problems. Pun intended. This has the potential to be a little worse than the S&M thing of last year, if I'm understnding it correctly. Ouch. My poor Xeon's...

Darmok N Jalad · Mar 5, 2019

Curious what sort of solutions we will get if it’s not software patchable as the reasearcher claims.

Deleted member 67555 · Mar 5, 2019

lexluthermiester said:
Wow, this is literally deep core logic problems. Pun intended. This has the potential to be a little worse than the S&M thing of last year, if I'm understnding it correctly. Ouch. My poor Xeon's...

I just went from Ryzen to an I7 and I just put my kids on Ryzen and it looks like I'm going back that way too.
I'm not worried about S/M or this but I'm starting to get a bad feel for Intel again.

phanbuey · Mar 5, 2019

So you would have to have code running on the machine that sits there looking for the moment when it can intercept a full address to a page in memory, and then grab that out of memory, in the hopes that it has sensitive data in there.

And after I grab that sensitive data and figure out how to use it, I will clean my house with a toothpick.

mcraygsx · Mar 5, 2019

INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC :eek:

.

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

GoldenX · Mar 5, 2019

mcraygsx said:
INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC .

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

But but, best CPUs on the world, but but mah FPS, but but I can't go to "are you poor?" AMD.

HTC · Mar 5, 2019

To be fair, while Meltdown and Spoiler don't affect AMD's CPUs, Spectre does so speculative execution needs to be addressed @ silicon level in order for speculative execution based vulnerabilities to "go away".

Spectre based vulnerabilities do have software mitigations which come @ a performance cost. @ least that's better than Spoiler which, supposedly, can't be mitigated by software:

The attack exploits the fact that when there is a load instruction after a number ofstore instructions, the physical address conflict causes a high timing behavior. This happens because of the speculatively executed load before all the stores are finished executing. There is no software mitigation that can completely erase this problem.

Darmok N Jalad · Mar 5, 2019

mcraygsx said:
INTEL should've stopped selling any CPU built around core architecture as soon as first set of vulnerabilities were discovered. Especially to the Enterprise Market altogether. But its amazing to see over priced CPU and related motherboard on shelves at my local MC .

On the other hand I suppose if consumers are okay with IME then we should be okay with another vulnerability. Thank you for reporting this.

So what should they do for the next 2-4 years while they engineer a solution to a problem that wasn’t even detected for over a decade? Companies as big as Intel can’t just stop selling their products for that long. There would probably not be an Intel anymore by the time they resolved this problem, redesigned their CPUs, performed a bunch of validation and testing, retooled their FABs, worked out yields, manufactured millions of chips, and refilled the huge vacuum they left behind. They no doubt have to fix the problem, but stopping the presses would cause major damage to the economy and affect many, many people’s livelihoods. AMD can’t even come close to picking up Intel’s level of supply, so there would be a mass shortage of CPUs for years. 9th gen Core doesn’t fix all the issues at a hardware level—we are still a few generations from that.

CounterZeus · Mar 5, 2019

The tested AMD CPU was one bulldozer chip (AMD A6-4455M). So no confirmation if Zen is affected or not.

biffzinker · Mar 5, 2019

HTC said:
Spectre based vulnerabilities do have software mitigations which come @ a performance cost.

Microsoft Update KB4482887 on March 1st the company will be rolling out and enabling the Google-developed Retpoline performance optimizations that reduce the performance impact of security mitigations put in place to combat Spectre Variant 2 (CVE-2017-5715). Windows 10 users running 64-bit versions of Windows 10 Build 1809 and newer will have the Retpoline optimizations installed with the KB4482887 and other updates turned on via cloud configuration in a phased rollout.

https://www.pcper.com/news/General-...izations-Update-Reduce-Performance-Impact-Spe

moproblems99 · Mar 5, 2019

ArbitraryAffection said:
Zen didn't get the memo?

Zen is not immune from speculative execution flaws.

yeeeeman · Mar 5, 2019

The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	LongBoi
Processor	Ryzen 5950X
Motherboard	Gigabyte X570S Aorus Master
Cooling	EK 360mm AIO D-RGB
Memory	2x32gb G.Skill Trident Z NEO (F4-3600C16D-64GTZN)
Video Card(s)	Asus TUF 7900 GRE
Storage	SN850X 2TB(OS), SN770 2TB, 2x Seagate HDDs (2TB+3TB)
Display(s)	Asus TUF VG27AQ
Case	Lian Li O11 Dynamic Evo
Audio Device(s)	Nani!?
Power Supply	EVGA Supernova P6 1000w
Mouse	Logitech G502 Hero
Keyboard	Redragon K556
VR HMD	VR is BS.
Software	Windows 11 Pro (2H23)

System Name	My Ryzen 7 7700X Super Computer
Processor	AMD Ryzen 7 7700X
Motherboard	Gigabyte B650 Aorus Elite AX
Cooling	DeepCool AK620 with Arctic Silver 5
Memory	2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s)	XFX AMD Radeon RX 7900 GRE
Storage	Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s)	Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case	Lian Li LANCOOL II MESH C
Audio Device(s)	On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply	MSI A850GF
Mouse	Logitech M705
Keyboard	Steelseries
Software	Windows 11 Pro 64-bit
Benchmark Scores	https://valid.x86.fr/liwjs3

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	Ciel / Akane
Processor	AMD Ryzen R5 5600X / Intel Core i3 12100F
Motherboard	Asus Tuf Gaming B550 Plus / Biostar H610MHP
Cooling	ID-Cooling 224-XT Basic / Stock
Memory	2x 16GB Kingston Fury 3600MHz / 2x 8GB Patriot 3200MHz
Video Card(s)	Gainward Ghost RTX 3060 Ti / Dell GTX 1660 SUPER
Storage	NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB / NVMe WD Blue SN550 512GB
Display(s)	AOC Q27G3XMN / Samsung S22F350
Case	Cougar MX410 Mesh-G / Generic
Audio Device(s)	Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply	Aerocool KCAS-500W / Gigabyte P450B
Mouse	EVGA X15 / Logitech G203
Keyboard	VSG Alnilam / Dell
Software	Windows 11

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Raevenlord

News Editor

Trompochi

trparky

eidairaman1

The Exiled Airman

GoldenX

Deleted member 67555

Guest

juiseman

HTC

GloryToYou

New Member

Blinken

Steevo

sam_86314

ArbitraryAffection

lexluthermiester

Darmok N Jalad

Deleted member 67555

Guest

phanbuey

mcraygsx

GoldenX

HTC

Darmok N Jalad

CounterZeus

biffzinker

moproblems99

yeeeeman

System Name	HTC's System
Processor	Ryzen 5 5800X3D
Motherboard	Asrock Taichi X370
Cooling	NH-C14, with the AM4 mounting kit
Memory	G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s)	Sapphire Pulse 6600 8 GB
Storage	1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s)	LG 27UD58
Case	Fractal Design Define R6 USB-C
Audio Device(s)	Onboard
Power Supply	Corsair TX 850M 80+ Gold
Mouse	Razer Deathadder Elite
Software	Ubuntu 20.04.6 LTS

Processor	i7-4770k
Motherboard	ASUS
Cooling	Noctua
Memory	Corsair
Video Card(s)	Nvidia
Storage	Samsung
Case	Fractal Design

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.

System Name	Space Heater MKIV
Processor	AMD Ryzen 7 5800X
Motherboard	ASRock B550 Taichi
Cooling	Noctua NH-U14S, 3x Noctua NF-A14s
Memory	2x32GB Teamgroup T-Force Vulcan Z DDR4-3600 C18 1.35V
Video Card(s)	PowerColor RX 6800 XT Red Devil (2150MHz, 240W PL)
Storage	2TB WD SN850X, 4x1TB Crucial MX500 (striped array), LG WH16NS40 BD-RE
Display(s)	Dell S3422DWG (34" 3440x1440 144Hz)
Case	Phanteks Enthoo Pro M
Audio Device(s)	Edifier R1700BT, Samson SR850
Power Supply	Corsair RM850x, CyberPower CST135XLU
Mouse	Logitech MX Master 3
Keyboard	Glorious GMMK 2 96%
Software	Windows 10 LTSC 2021, Linux Mint

System Name	Budget Box
Processor	Xeon E5-2667v2
Motherboard	ASUS P9X79 Pro
Cooling	Some cheap tower cooler, I dunno
Memory	32GB 1866-DDR3 ECC
Video Card(s)	XFX RX 5600XT
Storage	WD NVME 1GB
Display(s)	ASUS Pro Art 27"
Case	Antec P7 Neo

System Name	stress-less
Processor	9800X3D @ 5.42GHZ
Motherboard	MSI PRO B650M-A Wifi
Cooling	Thermalright Phantom Spirit EVO
Memory	64GB DDR5 6400 1:1 CL30-36-36-76 FCLK 2200
Video Card(s)	RTX 4090 FE
Storage	2TB WD SN850, 4TB WD SN850X
Display(s)	Alienware 32" 4k 240hz OLED
Case	Jonsbo Z20
Audio Device(s)	Yes
Power Supply	Corsair SF750
Mouse	DeathadderV2 X Hyperspeed
Keyboard	65% HE Keyboard
Software	Windows 11
Benchmark Scores	They're pretty good, nothing crazy.

Processor	Intel 7700K 5.1Ghz (Intel advised me not to OC this CPU)
Motherboard	Asus Maximus IX Code
Cooling	Corsair Hydro H115i Platinum
Memory	48GB G.Skill TridentZ DDR4 3200 Dual Channel (2x16 & 2x8)
Video Card(s)	nVIDIA Titan XP (Overclocks like a champ but stock performance is enough)
Storage	Intel 760p 2280 2TB
Display(s)	MSI Optix MPG27CQ Black 27" 1ms 144hz
Case	Thermaltake View 71
Power Supply	EVGA SuperNova 1000 Platinum2
Mouse	Corsair M65 Pro (not recommded, I am on my second mouse with same defect)
Software	Windows 10 Enterprise 1803
Benchmark Scores	Yes I am Intel fanboy that is my benchmark score.

System Name	Illidan
Processor	AMD Ryzen 9 5900X
Motherboard	Gigabyte B550 Aorus Pro V2
Cooling	Scythe Mugen 4
Memory	G.Skill Trident Z 32GB DDR4 3000MHz 14CL
Video Card(s)	AMD Radeon RX 6900 XT
Storage	Crucial P1 1TB + Sandisk Ultra II 960GB + Samsung EVO Plus 970 2TB + F3 1TB + Toshiba X300 4TB
Display(s)	Iiyama G-MASTER G4380UHSU-B1
Case	Corsair 750D Airflow
Audio Device(s)	Sony WH1000-XM4
Power Supply	Seasonic Focus PX-850
Mouse	Logitech G604
Keyboard	Corsair Vengeance K70 (Cherry MX Red)
Software	Windows 11 Pro

Processor	Core i7-13700
Motherboard	MSI Z790 Gaming Plus WiFi
Cooling	Cooler Master RGB something
Memory	Corsair DDR5-6000 small OC to 6200
Video Card(s)	XFX Speedster SWFT309 AMD Radeon RX 6700 XT CORE Gaming
Storage	970 EVO NVMe M.2 500GB,,WD850N 2TB
Display(s)	Samsung 28” 4K monitor
Case	Phantek Eclipse P400S
Audio Device(s)	EVGA NU Audio
Power Supply	EVGA 850 BQ
Mouse	Logitech G502 Hero
Keyboard	Logitech G G413 Silver
Software	Windows 11 Professional v23H2

System Name	Wut?
Processor	3900X
Motherboard	ASRock Taichi X570
Cooling	Water
Memory	32GB GSkill CL16 3600mhz
Video Card(s)	Vega 56
Storage	2 x AData XPG 8200 Pro 1TB
Display(s)	3440 x 1440
Case	Thermaltake Tower 900
Power Supply	Seasonic Prime Ultra Platinum