New "Plundervolt" Intel CPU Vulnerability Exploits vCore to Fault SGX and Steal Protected Data

[TheGuruStud]

I already addressed this. They literally pay people to find vulnerabilities, that's why vulnerabilities keep getting found. I believe the bounty can be as much as $100,000.

No, if they pay you, then you cannot talk about it.
How many have been found that we don't know about is the question. That also means Intel doesn't have to fix it...

 

[Deleted member 158293]

Running Intel servers is getting riskier and riskier by the day apparently.

... Or just that the general public is being made more aware of it and it was always risky.

 

[lexluthermiester]

There seems to be a simple, yet very effective way to defeat this; Disable C-States. If the OS can not regulate clock speed and voltage, there is no attack vector. This assumes the user is dumb enough to download the package and run it.

 

[Minus Infinity]

It seems Intel R&D department took extraordinary steps to make the CPU’s as insecure as possible. This is beyond a joke. Talk about needing a ground-up rebuild.

 

[lexluthermiester]

It seems Intel R&D department took extraordinary steps to make the CPU’s as insecure as possible. This is beyond a joke. Talk about needing a ground-up rebuild.

And if you really believe that, I have a bridge in Brooklyn I'd like to sell you.

In all seriousness, NO ONE engineers vulnerabilities into their technology because everyone knows hackers/researchers have and will find them.

 

[TheGuruStud]

And if you really believe that, I have a bridge in Brooklyn I'd like to sell you.

In all seriousness, NO ONE engineers vulnerabilities into their technology because everyone knows hackers/researchers have and will find them.

But they ignore them for increased performance.

 

[johnspack]

Since linux doesn't allow root access by default, what is the risk assessment of linux versus windows?

 

[londiste]

But they ignore them for increased performance.

Intel is fixing the issues as they are discovered and when fixed in hardware there is no performance drop. This argument - that keeps being spouted - is bullshit.

 

[R0H1T]

when fixed in hardware there is no performance drop

Needs citation, heck more than just citation. Hardware mitigation doesn't imply there's no performance penalty, likely a lesser hit to performance but to say that hardware mitigation have no effect is highly disingenuous.

 

[ratirt]

Intel is fixing the issues as they are discovered and when fixed in hardware there is no performance drop. This argument - that keeps being spouted - is bullshit.

This is not entirely correct. Intel has been informed about the vulnerabilities and can release a fix. That is, if the vulnerability can be fixed by a software or patch of some sort. Some of these vulnerabilities can only be fixed by hardware changes. For example, switching off the SMT for instance is not a fix it's a workaround. Mitigation also doesn't fix it but instead reduces the severity of the vulnerability.
So switching off SMT is a mitigation and it does reduce performance.

 

[londiste]

This is not entirely correct. Intel has been informed about the vulnerabilities and can release a fix. That is if the vulnerability can be fixed by a software or patch of some sort. Some of these vulnerabilities can only be fixed by hardware changes. For example, switching off the SMT for instance is not a fix it's a workaround.

Stuff done in software (including firmware) almost in all of these recent vulnerabilities is called mitigations for a reason. These are not intended to be fixes and in many cases their primary intent is to limit attack surface to a point where exploiting it is not feasible. Switching off SMT, DDIO or TSX is clearly a workaround.

The point is, these vulnerabilities are being fixed by hardware changes. No, existing CPUs will not be fixed for obvious reasons but newer revisions of CPUs have (some of the the) issues fixed in hardware. On these CPUs with fixes, mitigations are no longer needed and there is no performance penalty compared to pre-mitigation state.

Needs citation, heck more than just citation. Hardware mitigation doesn't imply there's no performance penalty, likely a lesser hit to performance but to say that hardware mitigation have no effect is highly disingenuous.

Changes in hardware are mitigations for some of the overarching issues like Spectre (1/2) but the way other issues are addressed seem to be straight-up fixes. Phoronix' mitigation articles for Cascade Lake or newer should be a reputable enough source? Keep an eye on software mitigations that are enabled or disabled in these.

 

[Berfs1]

So this adds to the already 250+ CPU Vulnerabilities. And those that did get patched need repatching which still don't work, because the issue is a design flaw.
And why are people still buying Intel CPU's? When AMD has the best processors on the planet. lol

Intel Core i9 9900K @ 5400 MHz - CPU-Z VALIDATOR

[zc5ym6] Validated Dump by Anonymous (2018-10-18 14:57:21) - MB: Asus ROG MAXIMUS XI HERO - RAM: 32768 MB

valid.x86.fr

Just look at the single threaded performance. 630. its a 5400 MHz i9-9900K w/o HT. By far would be the best gaming chip. Intel wasn't lying when they said their CPUs are better than AMD's for gaming *when overclocked*, and here is why. For comparison, a 4300 MHz 3600X only hits 522 on single threaded. So yes, Intel's CPUs are still the fastest for gaming. And that's it. Everything else, AMD wins. More cores, more efficiency, more IPC (not enough to make up for an overclocked Intel chip unfortunately), cheaper *decent* motherboards, you name it, AMD is better. But for gaming specifically, Intel is faster. Yes more expensive, but in competitive esports, it can make all the difference.

 

[londiste]

@Berfs1, it's a skewed comparison. On one hand, 5.4GHz is a very (very) good result for 9900K (although no HT undoubtedly helps) and 3600X should boost to 4.4GHz, ideally. On the other hand Intel CPUs are showing better comparative performance in gaming compared even to Zen2 than Cinebench comparison would imply.

 

[ratirt]

Stuff done in software (including firmware) almost in all of these recent vulnerabilities is called mitigations for a reason. These are not intended to be fixes and in many cases their primary intent is to limit attack surface to a point where exploiting it is not feasible. Switching off SMT, DDIO or TSX is clearly a workaround.

The point is, these vulnerabilities are being fixed by hardware changes. No, existing CPUs will not be fixed for obvious reasons but newer revisions of CPUs have (some of the the) issues fixed in hardware. On these CPUs with fixes, mitigations are no longer needed and there is no performance penalty compared to pre-mitigation state.

10 gen is out and even if Intel had know about the vulnerabilities not all of them been fixed. I think the vulnerabilities and fixes can cause performance penalty. Maybe that depends what the vulnerability concerns exactly. Intel chose what vulnerabilities will be fixed and seeing that AMD is really competitive now Intel's decision, not to fix all of them, might be due to the fact Intel want's to stay competitive against AMD because some vulnerabilities are lowering the CPU performance . Could that be correct?
This is as correct as your statement that the fixes don't impact the performance.

 

[Deleted member 158293]

Broken Silicon interview with a network engineer on what is happening with all the Intel vulnerabilities and their repercussions on data center servers.

 

[londiste]

10 gen is out and even if Intel had know about the vulnerabilities not all of them been fixed. I think the vulnerabilities and fixes can cause performance penalty. Maybe that depends what the vulnerability concerns exactly. Intel chose what vulnerabilities will be fixed and seeing that AMD is really competitive now Intel's decision, not to fix all of them, might be due to the fact Intel want's to stay competitive against AMD because some vulnerabilities are lowering the CPU performance . Could that be correct?
This is as correct as your statement that the fixes don't impact the performance.

10th gen (only on mobile at this point though) is an interesting point. 14nm models of 10th gen is Comet Lake, descendant of Whiskey Lake and kind of on par with Cascade Lake on Xeon side of things. These are in the same boat as Cascade Lake, basically remaining vulnerabilities are SWAPGS and Zombieload V2 (in addition to Spectre V1/2 that are more generic problems).

Ice Lake, the 10nm models of 10th gen are a bit of unknown. These do not seem to have the same vulnerabilities but the information on these is not very easily found. For example the latest Zombieload V2 list of affected CPUs includes Comet Lake 10th gen but not Ice Lake 10th gen. According to what mitigations are enabled by OSs (based on various screenshots and details from the net) as well as Phoronix' mitigation testing articles Ice Lakes do not seem to have most of the speculative execution vulnerabilities.

Again, performance penalty comes largely or entirely due to how mitigations work - these are done is software or firmware to avoid certain vulnerable microarchitectural states as much as possible. When this is ensured to not happen with changes in hardware, software mitigations (and their performance penalty) will not be applied. So far, there does not appear to be a discernible performance difference from fixed vulnerabilities when the fix is in hardware.

When we talk about performance and leave other aspects aside it is very much in Intel's interests to fix as many of these issues as quickly as possible. This does appear to be exactly what they are doing with caveat that the timeframe in question is a year or more. A vulnerability is reported, usually put under embargo for 6 months, then it is published along with some type of mitigations (software, firmware) and next model or revision of CPUs will include a fix for the vulnerability in hardware. In broad strokes this is how all of the issues since Spectre/Meltdown have been handled.

 

[Ravenmaster]

I hate SGX with a passion. It has been the downfall of 4K blu ray players on PC. Basically if you have 4K optical drive, a 4K monitor and components powerful enough to run the content + cyberlink powerdvd software, you are still not allowed to watch 4K blu ray discs on your PC unless you have an Intel iGPU that supports the SGX DRM handover. What is even more retarded is that only Intel’s mainstream processors support this DRM. Their flagship X299 chips do not...

 

[lexluthermiester]

But they ignore them for increased performance.

No they don't. IC engineers look for ways to do computing work with maximum efficiently, they don't create or ignore problems.

Since linux doesn't allow root access by default, what is the risk assessment of linux versus windows?

Exactly the same. There seems to be a misunderstanding about how this vulnerability works. Once the software package is onboard the target system, whether Windows Admin account or Linux account root status, the package can render it's attack. The key to prevention, is removing the ability of the OS control of the system clocks and voltage levels.

 

[R-T-B]

Well, even though none of use are cloud service providers with dumb customer policies, those exploits still get OS and microcode patches that hamper the performance of ordinary things like web-browsing, gaming, photo-editing.

It doesn't matter what the vulnerability is, only whether it needs patching. If it needs patching, everyone suffers the performance hit whether the vulnerability is relevant to them or not.

We don't even know the impact of the fix yet, so let's not borrow trouble.

 

[Tartaros]

Is quite astounding people still keep falling from these headers but not reading the actual pieces. Basically you have to hand down the computer to let the attacker do the exploit xD.

As for why companies do still buy Intel, it's not only about market and agreements, it's the complete package. Intel offers the entire platform since the centrino days and have been unmatched since opteron fell behind, it's not like companies will switch to a different platform in the first vulnerability found, things cost money. Reading comments here is like when someone laughs when they find out lots of goverment or big company equipment run on windows xp, like things like hardening or exclusive special contracts with microsoft to keep patching vulnerabilities doesn't exist. Come on guys.

 

[Berfs1]

Is quite astounding people still keep falling from these headers but not reading the actual pieces. Basically you have to hand down the computer to let the attacker do the exploit xD.

As for why companies do still buy Intel, it's not only about market and agreements, it's the complete package. Intel offers the entire platform since the centrino days and have been unmatched since opteron fell behind, it's not like companies will switch to a different platform in the first vulnerability found, things cost money. Reading comments here is like when someone laughs when they find out lots of goverment or big company equipment run on windows xp, like things like hardening or exclusive special contracts with microsoft to keep patching vulnerabilities doesn't exist. Come on guys.

Like I said, if these vulnerabilities require you to have physical access, I could do something really cool to a computer if I have physical access to it. It is called STEALING the computer. Wow, takes much less effort than hacking. Oh and money comes from the hardware. ez pz.

 

[londiste]

The deal with vulnerability requiring root/ring0 (not physical) access is similar to the what was mentioned in the video @yakk posted above with regards to NetCAT. For the security oriented specialists it is not the described attack itself that makes the hair stand up on the back of their necks. Both Plundervolt and NetCAT are quite useless in what you can do with the particular attack. It is the attack vector or attack surface that is concerning - researchers or attackers are bound to come up with new methods and likely enough some of these may apply to this vulnerability.

 

[CityCultivator]

Like I said, if these vulnerabilities require you to have physical access, I could do something really cool to a computer if I have physical access to it. It is called STEALING the computer. Wow, takes much less effort than hacking. Oh and money comes from the hardware. ez pz.

This is a cloud problem, where sensitive cloud client information may be affected by industrial espionage.
10 years ago that might be as dumb as you described, but today's tech is not the same.

 

[Chrispy_]

This is a cloud problem, where sensitive cloud client information may be affected by industrial espionage.
10 years ago that might be as dumb as you described, but today's tech is not the same.

Exactly. Someone gets it.

I wouldn't be surprised if everyone on these forums has been affected by at least one data breach (haveibeenpwned.com). Yes, some of those breaches will be careless handing of data, but there are plenty of data breaches where the data holder has done everything right but been hit by an unpatched exploit.

These exploits need to be patched. They will be patched, eventually. There will almost certainly be a small performance penalty and on its own the impact will be negligible, but there have been so many of these patches for the ancient Intel architecture that they're cumulatively a significant performance penalty.

 

[yoyo2004]

I already addressed this. They literally pay people to find vulnerabilities, that's why vulnerabilities keep getting found. I believe the bounty can be as much as $100,000.

But again, for every vulnerability discovered, they also test to check on AMD's. So it is a moot point