• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Root is nothing more than Administrator functionality. Works the exact same way in Windows.
And yet people still run as admin on Windows. I at least have the common sense to run with UAC enabled.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.

Neither of them are that great unless you are doing a smash and grab or get your discrete alley way entry setup.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Root is more powerful than Windows admin. Windows admin is like being president of the USA. Linux Root is like being the dictator of the world.
That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.
 
Joined
Aug 20, 2007
Messages
21,541 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Root is nothing more than Administrator functionality. Works the exact same way in Windows. Calling it "game over" is making a mountain out of an ant-hill.

No, it's SYSTEM-account level functionality. Even Windows doesn't give you that. Administrator is a high privilege account. Root is a god account and it does not privilege check. If the compute can do it, it will be done. Root even ignores fs permissions.

That's an interesting perspective, however it's not the most accurate. There isn't a thing that can be done with root in Linux/Unix/BSD/Android that can not be done in Windows with Admin.

delete the SYSTEM account. Formatting C:\ in a running OS. Things you do not want to do and Windows knows that. ;)
 
Joined
Oct 28, 2010
Messages
251 (0.05/day)
They should learn to stop bypassing things with such dirty tricks only to show-off in benchmarks.

This is something like checking parity of a file instead of its SHA to see if it's valid (a little exaggerated example, but that's the logic: let's cheat on any possible calculations).

@R-T-B 'Administrator' of Windows OS is the equivalent of SU in Linux.

So yes, the more exact equivalent of root would be the system account in Windows, of which privileges you can assimilate and use if you want.
 
Joined
Mar 23, 2005
Messages
4,092 (0.57/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseZEN Gaming PC
Processor AMD Ryzen 7 5800X @ Auto
Motherboard Asus ROG Strix X570-E Gaming ATX Motherboard
Cooling Corsair H115i Elite Capellix AIO, 280mm Radiator, Dual RGB 140mm ML Series PWM Fans
Memory G.Skill TridentZ 64GB (4 x 16GB) DDR4 3200
Video Card(s) ASUS DUAL RX 6700 XT DUAL-RX6700XT-12G
Storage Corsair Force MP500 480GB M.2 & MP510 480GB M.2 - 2 x WD_BLACK 1TB SN850X NVMe 1TB
Display(s) ASUS ROG Strix 34” XG349C 144Hz 1440p + Asus ROG 27" MG278Q 144Hz WQHD 1440p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ Sound Blaster Z SE
Power Supply Corsair RM750x Power Supply
Mouse Razer Death-Adder + Viper 8K HZ Ambidextrous Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G910 Orion Spectrum RGB Gaming Keyboard
Software Windows 11 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor, Doctor Who. The Definition of Gaming is PC Gaming...
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
AMD nor ARM are affected by this.
They looked for the same weakness in ARM and AMD processor cores but didn't find the same behaviour that is present in Intel chips. Spoiler depends on "a novel microarchitectural leakage, which reveals critical information about physical page mappings to userspace processes".
"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments."

Oh crap... :shadedshu::banghead:
Good news for AMD, Bad news for Intel :D
 
Last edited:
  • Like
Reactions: HTC

HTC

Joined
Apr 1, 2008
Messages
4,664 (0.76/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
This security issue is a hardware issue that cannot be fixed by software. Pretty much needs a re-design. Wow,
Now we know how Intel chips seem to score well in Benchmarks LOL

AMD nor ARM are affected by this.

Good news for AMD, Bad news for Intel:D

No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,747 (3.29/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
 

HTC

Joined
Apr 1, 2008
Messages
4,664 (0.76/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.

Depends on the "cost" of that speed.

I agree that spec - ex is a "key feature" in current CPU's performance but if indeed it turns out that it's performance enhancement comes with too big security risks, than i'd rather have the companies that are most susceptible to be the target of these kinds of exploits (banks, and the like) to have slower CPUs.

Us individuals are much less prone to be the target of such attacks, but this fact doesn't rule it out: keep that in mind.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
Without speculative execution, chips will be really slow... I don't think anyone wants to take that step backwards.
It would literally drop processor performance by 35% to 40%. Granted, for what most people do it would not be so bad or even noticeable. However for any task that requires performance, the difference would be severe.
 
Joined
Oct 28, 2010
Messages
251 (0.05/day)
@HTC no, this specific issue will not affect the others ever since they didn't cheat on basic processing.

Other vulnerabilities may appear on all, but not this one.
 
Joined
Mar 23, 2005
Messages
4,092 (0.57/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseZEN Gaming PC
Processor AMD Ryzen 7 5800X @ Auto
Motherboard Asus ROG Strix X570-E Gaming ATX Motherboard
Cooling Corsair H115i Elite Capellix AIO, 280mm Radiator, Dual RGB 140mm ML Series PWM Fans
Memory G.Skill TridentZ 64GB (4 x 16GB) DDR4 3200
Video Card(s) ASUS DUAL RX 6700 XT DUAL-RX6700XT-12G
Storage Corsair Force MP500 480GB M.2 & MP510 480GB M.2 - 2 x WD_BLACK 1TB SN850X NVMe 1TB
Display(s) ASUS ROG Strix 34” XG349C 144Hz 1440p + Asus ROG 27" MG278Q 144Hz WQHD 1440p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ Sound Blaster Z SE
Power Supply Corsair RM750x Power Supply
Mouse Razer Death-Adder + Viper 8K HZ Ambidextrous Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G910 Orion Spectrum RGB Gaming Keyboard
Software Windows 11 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor, Doctor Who. The Definition of Gaming is PC Gaming...
No, dude. This means spec - ex based vulnerabilities are dangerous enough to warrant a hardware level re-design. Just because this Spoiler issue affects only Intel "today" doesn't mean another security issue won't affect AMD "tomorrow", as evidenced by Spectre, from "yesterday".

Not only Intel but AMD, ARM and every other CPU manufacturer out there should take steps to get rid of spec - ex from their CPUs.
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.
 
Joined
Jul 5, 2013
Messages
28,260 (6.75/day)
AMD doesn't have this issue, nor does ARM. As I stated above.
That has yet to be determined by further research.
The issue here is Intel cheating, where they finally got caught with there pants down.
Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
 

HTC

Joined
Apr 1, 2008
Messages
4,664 (0.76/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
AMD doesn't have this issue, nor does ARM. As I stated above.
The issue here is Intel cheating, where they finally got caught with there pants down.

Spoiler apparently not, but Spectre yes.

New spec - ex based exploits are being discovered and, for all we know, other exploits just as dangerous or even more so may have been reported to manufacturers already. Remember: this new Spoiler exploit was referred to Intel in December of 2018, but we only found out about it in March 2019.

That has yet to be determined by further research.

Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.

I'm 100% sure that was the case. However, and if it turns out someone @ design level stages pointed out the potential issues that could arise from it but was ignored in the persuit of performance, then that's a different matter entirely. I'm not talking about Intel only, since AMD and ARM also use spec - ex.
 
Joined
Mar 29, 2014
Messages
496 (0.13/day)
The people commenting here are just...out of this world. People still don't understand that these vulnerabilities don't have absolutely any importance to normal consumers. Who cares about your games and photos?
These attacks are important for datacenters, bank or government computers, etc.
If you have an Intel CPU, this doesn't mean that it is broken and you will be robbed if you still use it....
Also, discoveries like these give students and faculties some good press. Hey look, this is the place where that funky vulnerability was found. I see they got a habit of searching for bugs in CPUs, which is a good thing, sure, but CPUs are so complex machines that it is almost impossible to make them without some vulnerabilities. And don't worry, happy Ryzen users, AMD also has vulnerabilities, but they weren't discovered yet because nobody cares. Researches look at the market leader...

You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
 
Joined
Mar 23, 2005
Messages
4,092 (0.57/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseZEN Gaming PC
Processor AMD Ryzen 7 5800X @ Auto
Motherboard Asus ROG Strix X570-E Gaming ATX Motherboard
Cooling Corsair H115i Elite Capellix AIO, 280mm Radiator, Dual RGB 140mm ML Series PWM Fans
Memory G.Skill TridentZ 64GB (4 x 16GB) DDR4 3200
Video Card(s) ASUS DUAL RX 6700 XT DUAL-RX6700XT-12G
Storage Corsair Force MP500 480GB M.2 & MP510 480GB M.2 - 2 x WD_BLACK 1TB SN850X NVMe 1TB
Display(s) ASUS ROG Strix 34” XG349C 144Hz 1440p + Asus ROG 27" MG278Q 144Hz WQHD 1440p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ Sound Blaster Z SE
Power Supply Corsair RM750x Power Supply
Mouse Razer Death-Adder + Viper 8K HZ Ambidextrous Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G910 Orion Spectrum RGB Gaming Keyboard
Software Windows 11 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor, Doctor Who. The Definition of Gaming is PC Gaming...
You think AMD hasn't been checked? I guarantee you Intel themselves are trying to prove AMD is "vulnarable" too. We are talking about potentially billions of dollars in sales.
Both AMD and ARM have been checked again and again. Intel CPUs starting from its 1st generation Core design are affected. Based on the research that found this vulnerability.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
 
Joined
Mar 23, 2005
Messages
4,092 (0.57/day)
Location
Ancient Greece, Acropolis (Time Lord)
System Name RiseZEN Gaming PC
Processor AMD Ryzen 7 5800X @ Auto
Motherboard Asus ROG Strix X570-E Gaming ATX Motherboard
Cooling Corsair H115i Elite Capellix AIO, 280mm Radiator, Dual RGB 140mm ML Series PWM Fans
Memory G.Skill TridentZ 64GB (4 x 16GB) DDR4 3200
Video Card(s) ASUS DUAL RX 6700 XT DUAL-RX6700XT-12G
Storage Corsair Force MP500 480GB M.2 & MP510 480GB M.2 - 2 x WD_BLACK 1TB SN850X NVMe 1TB
Display(s) ASUS ROG Strix 34” XG349C 144Hz 1440p + Asus ROG 27" MG278Q 144Hz WQHD 1440p
Case Corsair Obsidian Series 450D Gaming Case
Audio Device(s) SteelSeries 5Hv2 w/ Sound Blaster Z SE
Power Supply Corsair RM750x Power Supply
Mouse Razer Death-Adder + Viper 8K HZ Ambidextrous Gaming Mouse - Ergonomic Left Hand Edition
Keyboard Logitech G910 Orion Spectrum RGB Gaming Keyboard
Software Windows 11 Pro - 64-Bit Edition
Benchmark Scores I'm the Doctor, Doctor Who. The Definition of Gaming is PC Gaming...
Don't worry, AMD and ARM will have their own special flavors of SpecEx flaws.
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

That has yet to be determined by further research.
The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.
They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.


Intel wasn't "cheating" at anything. The technology at issue was designed to make computing more efficient in an effort to compete. Nothing more. It wasn't sloppy, intentional or lacking in ingenuity. Enough with the "making a mountain out of a mole-hill" non-sense.
I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.
 
Joined
Mar 10, 2015
Messages
3,984 (1.11/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
So does Intel, not to mention litigation issues. Actually many stake holders are somewhat upset with all 3 CPU Manufacturers for not properly disclosing various security vulnerabilities, despite this particular "Spoiler" one only affects Intel CPUs. Intel was aware of this issue for years, as was AMD & ARM for the Spectre thingy, but they kept there mouths shut. Based on the report I read lol

As they should have. The only way this was getting fixed was with a new architecture. And it wasn't like they weren't working on one.

I read somewhere on Reddit that in pursuing IPC performance in Benchmarks, Intel exposed themselves, in particular to this Spoiler Attack. Whether this is true is a different story.

More like they were pursuing performance not benchmarks.
 
Top