"Downfall" Vulnerability in Intel Processors and AMD’s "Inception" Vulnerability

[wNotyarD]

That's pretty messed up. 8800x3d is now locked in 100% as my upgrade path, I was considering arrow lake next fall, but ehintel just seems to have one to many security issues over the years.

It isn't like AMD isn't hit with vulnerabilities of their own. Inception hits everything Zen 2 up.

 

[Space Lynx]

It isn't like AMD isn't hit with vulnerabilities of their own. Inception hits everything Zen 2 up.

I was speaking about the amount of security issues over the years.

 

[wNotyarD]

I was speaking about the amount of security issues over the years.

That's only because AMD only brought SMT with Ryzen. Intel has been using HT since what, Prescott?

 

[Space Lynx]

That's only because AMD only brought SMT with Ryzen. Intel has been using HT since what, Prescott?

I thought smt was virtual machines for Amd? Different than. Hyperthreading. I don't know though, but I looked smt up recently and it said it's amd equivalent to virtual machine. Maybe I read wrong

 

[R-T-B]

That's pretty messed up. 8800x3d is now locked in 100% as my upgrade path, I was considering arrow lake next fall, but ehintel just seems to have one to many security issues over the years.

It's a bit of a case of being the "one to target" for security researchers IMO but yeah, doesn't matter much to the end user does it?

It isn't like AMD isn't hit with vulnerabilities of their own. Inception hits everything Zen 2 up.

Inception is a spectre variant and pretty mild by comparison. Granted there is probably plenty to discover.

 

[wNotyarD]

I thought smt was virtual machines for Amd? Different than. Hyperthreading. I don't know though, but I looked smt up recently and it said it's amd equivalent to virtual machine. Maybe I read wrong

SMT is Simultaneous Multi-Threading.
And my knowledge on these vulnerabilities may be extremely shallow, but what I can make out of them attacks branch predicting used by the multi-threading (SMT/HT) shortcuts.

 

[Space Lynx]

SMT is Simultaneous Multi-Threading.
And my knowledge on these vulnerabilities may be extremely shallow, but what I can make out of them attacks branch predicting used by the multi-threading (SMT/HT) shortcuts.

Well fuck, I have to go back into my bios and make sure I didn't turn off wrong thing. Maybe it's called svm what I am thinking about. Too many bloody anagrams.

 

[Frag_Maniac]

It does but that still has absolutely nothing to do with this issue. Things can have telemetry and have no effect here.

You guys seem to be misunderstanding my meaning as to why I turn off telemetry. It's not the telemetry itself I worry about, it's that certain apps that use it are highly exploitable, such as RA. And the reason I turn it all off other than that, is because it literally frees up about 1GB of RAM for me. As well, I just have no use for telemetry the way I use my PC. Hope that clarifies it.

 

[Super Firm Tofu]

That was for the original vulnerability, which was meltdown.

This is a new variant of meltdown (called "Downfall") and it applies up and down the stack to nearly everything intel right now.

That's pretty messed up. 8800x3d is now locked in 100% as my upgrade path, I was considering arrow lake next fall, but ehintel just seems to have one to many security issues over the years.

But..... (I mean it's right in the first post of this thread)

 

[R-T-B]

But..... (I mean it's right in the first post of this thread)

View attachment 308619 View attachment 308620

Maybe I misunderstood, too much data coming out at once on these things. Gah, my head hurts.

 

[freeagent]

Gah, my head hurts.

Its a lot to keep up with.. no one will fault you my green backed brotha

 

[RJARRRPCGP]

Downfall attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.

The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not normally be accessible. I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution. To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques.



[Q] Which computing devices are affected?

[A] Computing devices based on Intel Core processors from the 6th Skylake to (including) the 11th Tiger Lake generation are affected. A more comprehensive list of affected processors will be available here.

Downfall

Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers.

downfall.page

Affected Processors: Transient Execution Attacks & Related Security...

Review the impact of transient execution attacks and select security issues on currently supported Intel products.

www.intel.com

Still not as bad as that CSME flaw, which was rated critical, where there's remote-code-execution, but the good news is that one doesn't affect Comet Lake. Only Coffee Lake and older.
Still a cause of concern, just not to the point of needing to possibly throw away hardware, unlike that CSME flaw that was discovered a good while ago now.

The current flaw, won't cause me to stop using Comet Lake.

Intel itself has released a microcode update that effectively disables the "Gather" instructions, but with a loss of system performance...

Let's hope it's not at the level of disabling FPU on early Pentiums with the "FDIV" bug! Which turned those Pentiums into glorified 486 SXes!

 

[R-T-B]

Let's hope it's not at the level of disabling FPU on early Pentiums with the "FDIV" bug! Which turned those Pentiums into glorified 486 SXes!

That's actually pretty much the incident that made reloadable-at-runtime microcode a feature.

 

[P4-630]

but the good news is that one doesn't affect Comet Lake.

Comet Lake is 10th gen, so it does...

Affected Processors: Transient Execution Attacks & Related Security...

Review the impact of transient execution attacks and select security issues on currently supported Intel products.

www.intel.com

Computing devices based on Intel Core processors from the 6th Skylake to (including) the 11th Tiger Lake generation are affected. A more comprehensive list of affected processors will be available here.

 

[RJARRRPCGP]

Comet Lake is 10th gen, so it does...

Affected Processors: Transient Execution Attacks & Related Security...

Review the impact of transient execution attacks and select security issues on currently supported Intel products.

www.intel.com

View attachment 308653

I was talking about a past vulnerability, which was rated critical for remote-code-execution, for CSME, which didn't affect 10th-gen, but affected 9th-gen and earlier.

Not the current Spectre-esque and Meltdown-esque one, which does affect up to at least 13th-gen.

That's only because AMD only brought SMT with Ryzen. Intel has been using HT since what, Prescott?

Intel has been using SMT, since Northwood, TMK.

 

[Zyll Goliat]

THX GOD I am still on "Ivy".......

 

[RJARRRPCGP]

THX GOD I am still on "Ivy".......

Before Comet Lake, appears to be a much more severe flaw, which is related to a CSME bug, which is rated critical, for remote-code-execution, but does that really mean the chance of a user getting hacked via WAN and thus seconds after connecting to the internet, or is the CSME bug a LAN-only vector?

 

[P4-630]

I was talking about a past vulnerability, which was rated critical for remote-code-execution, for CSME, which didn't affect 10th-gen, but affected 9th-gen and earlier.

Not the current Spectre-esque and Meltdown-esque one, which does affect up to at least 13th-gen.


Intel has been using SMT, since Northwood, TMK.

About Downfall, you can see in the intel cpu list, 12th and 13th gen intel are not affected.

 

[Bill_Bright]

So remote assistance has no telemetry to it? I find that hard to believe. LOL

It does but that still has absolutely nothing to do with this issue. Things can have telemetry and have no effect here.

I think the problem is, these days the word "telemetry" is totally misunderstood by most "laypeople". And sadly, this is due to much misinformation - often spewed by tin-foil hat wearing conspiracy theorists who hate, among other things, Microsoft.

These nutters think their computers, Windows, or some other software running on it, is spying on them, collecting personal, detailed information about them, and sending that personal data back to bad guys, "Big Brother" or some greedy corporation. And, without any evidence, they are trying to convince the world this is happening everywhere, everyday.

In the vast majority of cases, however, that just is not the case. In the vast majority of scenarios, telemetry information is totally anonymous, non-personally identifiable data about the connection between the two nodes. The information is then used to improve speeds, bandwidth and reliability of that connection. That's it.

So yes, remote assistance uses telemetry, but it is to optimize the connection - not to spy on the client.

 

[R-T-B]

I think the problem is, these days the word "telemetry" is totally misunderstood by most "laypeople". And sadly, this is due to much misinformation - often spewed by tin-foil hat wearing conspiracy theorists who hate, among other things, Microsoft.

These nutters think their computers, Windows, or some other software running on it, is spying on them, collecting personal, detailed information about them, and sending that personal data back to bad guys, "Big Brother" or some greedy corporation. And, without any evidence, they are trying to convince the world this is happening everywhere, everyday.

In the vast majority of cases, however, that just is not the case. In the vast majority of scenarios, telemetry information is totally anonymous, non-personally identifiable data about the connection between the two nodes. The information is then used to improve speeds, bandwidth and reliability of that connection. That's it.

So yes, remote assistance uses telemetry, but it is to optimize the connection - not to spy on the client.

I mean the first time I heard the word telemetry was for voyager, which isn't exactly spying on people, so you are right its really misunderstood lol.

Before Comet Lake, appears to be a much more severe flaw, which is related to a CSME bug, which is rated critical, for remote-code-execution, but does that really mean the chance of a user getting hacked via WAN and thus seconds after connecting to the internet, or is the CSME bug a LAN-only vector?

depends a lot on whether you have a hardware firewall or not. Intel doesn't run it's stack in ipv6 mode, thankfully.

 

[RJARRRPCGP]

depends a lot on whether you have a hardware firewall or not. Intel doesn't run it's stack in ipv6 mode, thankfully.

Sadly, IP version 4 is still required for even the ISP I'm with. Also, Halo 1x can't take advantage of IP version 6. I wonder if tons of more recent games also can't talk to other servers with IP version 6?

 

[R-T-B]

Sadly, IP version 4 is still required for even the ISP I'm with. Also, Halo 1x can't take advantage of IP version 6. I wonder if tons of more recent games also can't talk to other servers with IP version 6?

IP version 6 support is still spotty yeah, but my point was if it exists its a major PITA to firewall.