• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

The Saga Continues: Intel Addresses New Research for Side-Channel Variant 4 Attacks

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.24/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
Following Google Project Zero's (GPZ) disclosure of speculative execution-based side-channel analysis methods in January, Intel has continued working with researchers across the industry to understand whether similar methods could be used in other areas. We know that new categories of security exploits often follow a predictable lifecycle, which can include new derivatives of the original exploit.

Expecting that this category of side-channel exploits would be no different, one of the steps we took earlier this year was expanding our bug bounty program to support and accelerate the identification of new methods. The response to that program has been encouraging, and we are thankful for the continued partnership we have with the research community. As part of this ongoing work, today Intel and other industry partners are providing details and mitigation information for a new derivative of the original vulnerabilities impacting us and other chipmakers. This new derivative is called Variant 4, and it's being disclosed jointly by GPZ and Microsoft's Security Response Center (MSRC).





In the spirit of Intel's security first pledge, I want to explain what this new variant is and how customers can protect themselves. As I do this, let me start by saying that we have not seen any reports of this method being used in real-world exploits. Moreover, there are multiple ways for consumers and IT professionals to safeguard their systems against potential exploits, including browser-based mitigations that have already been deployed and are available for use today.

About Variant 4
Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

Starting in January, most leading browser providers deployed mitigations for Variant 1 in their managed runtimes - mitigations that substantially increase the difficulty of exploiting side channels in a web browser. These mitigations are also applicable to Variant 4 and available for consumers to use today. However, to ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.

We've already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks. This mitigation will be set to off-by-default, providing customers the choice of whether to enable it. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we've observed a performance impact of approximately 2 to 8 percent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test systems.

This same update also includes microcode that addresses Variant 3 (Rogue System Register Read), which was previously documented publicly by Arm in January. We have not observed any meaningful performance impact on client or server benchmarks with the Variant 3 mitigation. We've bundled these two microcode updates together to streamline the process for our industry partners and customers. This is something you will see us continue, as we recognize that a more predictable and consolidated update process will be helpful to the entire ecosystem.

We've provided more information regarding the Intel products that are potentially affected on our product security center page, along with white papers and other resources that provide guidance to help IT professionals assess the risk level in their environment. In addition, we've updated our security first web site with a list of new Frequently Asked Questions to help anyone who needs more information. As before, I continue to encourage everyone to keep their systems up-to-date, as it's one of the easiest ways to ensure you always have the latest protections.

Protecting our customers' data and ensuring the security of our products remain critical priorities for me and everyone at Intel. Research into side-channel security methods will continue and likewise, we will continue to collaborate with industry partners to provide customers the protections they need. Indeed, we are confident that we will be able to develop mitigations for Intel products for any future side-channel issues.

On behalf of the entire Intel team, I thank our industry partners and customers for their ongoing support.

View at TechPowerUp Main Site
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,189 (6.64/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
There goes their stocks again, they should of nipped it all in the rear in the past. They need to separate IME from the cpu and allow Average joes to disable it with a jumper that don't need it, just like the TPM.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
There goes their stocks again, they should of nipped it all in the rear in the past. They need to separate IME from the cpu and allow Average joes to disable it with a jumper that don't need it, just like the TPM.

These side channel attacks are spectre variants, which have nothing to do with the IME, and really could apply to several processors, AMD included.
 
Joined
Apr 15, 2009
Messages
1,034 (0.18/day)
Processor Ryzen 9 5900X
Motherboard Gigabyte X570 Aorus Master
Cooling ARCTIC Liquid Freezer III 360 A-RGB
Memory 32 GB Ballistix Elite DDR4-3600 CL16
Video Card(s) XFX 6800 XT Speedster Merc 319 Black
Storage Sabrent Rocket NVMe 4.0 1TB
Display(s) LG 27GL850B x 2 / ASUS MG278Q
Case be quiet! Silent Base 802
Audio Device(s) Sound Blaster AE-7 / Sennheiser HD 660S
Power Supply Seasonic Vertex PX-1200
Software Windows 11 Pro 64
Top