• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Spectre Vulnerability Version Beats All Mitigations, Performance to Badly Degrade After the Fix

Joined
Apr 15, 2021
Messages
881 (0.67/day)
Hence why computers with sensitive data and/or that are critical to infrastructure have no reason to be jacked into the internet or accessible via Wi-Fi other than out of "convenience" for the users. "Convenience" and security never mix. With that said, one comes to understand the futility of it all and realize the hole we've managed to dig ourselves into given the fact that the internet itself has become THE critical piece of infrastructure.

If you want to bring down a country with a powerful military, this is the way to do it. As Sun Tzu said, to defeat the rider, kill his horse.
 
Joined
Feb 20, 2020
Messages
9,340 (5.36/day)
Location
Louisiana
System Name Ghetto Rigs z490|x99|Acer 17 Nitro 7840hs/ 5600c40-2x16/ 4060/ 1tb acer stock m.2/ 4tb sn850x
Processor 10900k w/Optimus Foundation | 5930k w/Black Noctua D15
Motherboard z490 Maximus XII Apex | x99 Sabertooth
Cooling oCool D5 res-combo/280 GTX/ Optimus Foundation/ gpu water block | Blk D15
Memory Trident-Z Royal 4000c16 2x16gb | Trident-Z 3200c14 4x8gb
Video Card(s) Titan Xp-water | evga 980ti gaming-w/ air
Storage 970evo+500gb & sn850x 4tb | 860 pro 256gb | Acer m.2 1tb/ sn850x 4tb| Many2.5" sata's ssd 3.5hdd's
Display(s) 1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
Case D450 | Cherry Entertainment center on Test bench
Audio Device(s) Built in Realtek x2 with 2-Insignia 2.0 sound bars & 1-LG sound bar
Power Supply EVGA 1000P2 with APC AX1500 | 850P2 with CyberPower-GX1325U
Mouse Redragon 901 Perdition x3
Keyboard G710+x3
Software Win-7 pro x3 and win-10 & 11pro x3
Benchmark Scores Are in the benchmark section
Hi,
This is why Inspectre exists to disabe these hyped threats.
GRC | InSpectre
 
Joined
Jan 3, 2021
Messages
3,500 (2.46/day)
Location
Slovenia
Processor i5-6600K
Motherboard Asus Z170A
Cooling some cheap Cooler Master Hyper 103 or similar
Memory 16GB DDR4-2400
Video Card(s) IGP
Storage Samsung 850 EVO 250GB
Display(s) 2x Oldell 24" 1920x1200
Case Bitfenix Nova white windowless non-mesh
Audio Device(s) E-mu 1212m PCI
Power Supply Seasonic G-360
Mouse Logitech Marble trackball, never had a mouse
Keyboard Key Tronic KT2000, no Win key because 1994
Software Oldwin
Using my wrists in the up, or down, position, plus my 10 fingers, gives me the ability to count to 2^12 = 4096.
Left middle finger up, is that one hundred and twenty-eight rather grave Windows issues?
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
And that only works given a TON of assumptions and perfect circumstances, none of which are real world possibilities. That supposed "proof of concept" was only barely so and had zero practical application.
Oh I'm not disagreeing. I'm just a stickler for the details. If it can be done in JavaScript, it can be done "remotely" however "remote" the possibility, lol.
 
Low quality post by Bones
Joined
Dec 14, 2013
Messages
2,724 (0.68/day)
Location
Alabama
Processor Ryzen 2600
Motherboard X470 Tachi Ultimate
Cooling AM3+ Wraith CPU cooler
Memory C.R.S.
Video Card(s) GTX 970
Software Linux Peppermint 10
Benchmark Scores Never high enough
Not again :mad:
nope.gif
 
Joined
May 3, 2018
Messages
2,881 (1.20/day)
I will never install any updates that try to address this. We better have a choice and not have it slipped into a windows update or fw update tied to other essential things.
 
Joined
Jul 16, 2014
Messages
8,198 (2.16/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Microsoft's enterprise products have Q&A testers. They just aren't who you think.

Hint: They are... you guys!
Hamsters. I am not wrong.

Using my wrists in the up, or down, position, plus my 10 fingers, gives me the ability to count to 2^12 = 4096.
unless you have 11 fingers...

10, 9, 8,7,6, and 5 are 11.
 
Joined
Dec 16, 2017
Messages
2,918 (1.15/day)
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / ST10000VN0008 / ST8000VN004 / SA400S37960G / SNV21000G / NM620 2TB
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Software Whatever build of Windows 11 is being served in Canary channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
I will never install any updates that try to address this. We better have a choice and not have it slipped into a windows update or fw update tied to other essential things.

Then force disable Windows update and leave it off.

Eh, it's likely you'll get the mitigation forced on you at some point if you upgrade to whatever newer Windows version comes later. Though by then you might have migrated to a processor that already ships with hardware mitigations or enough architecture changes that render the vulnerability even more of a non-issue than it already is.

Sound like a planned strategy to force consumers into buying new hardware. As always, never trust anyone.
Pfft, we're buying new hardware anyways, these extremely low-risk vulnerabilities don't change anything...
 
Joined
Dec 29, 2010
Messages
3,809 (0.75/day)
Processor AMD 5900x
Motherboard Asus x570 Strix-E
Cooling Hardware Labs
Memory G.Skill 4000c17 2x16gb
Video Card(s) RTX 3090
Storage Sabrent
Display(s) Samsung G9
Case Phanteks 719
Audio Device(s) Fiio K5 Pro
Power Supply EVGA 1000 P2
Mouse Logitech G600
Keyboard Corsair K95
They mention the differences between zen and zen 2 and only test on Zen... but don't specify the chip, they specified Skylake refresh 8700t.
They are also intel funded, which might explain the vagueness of other chips used or just theoretically vulnerable.
In general, yet another poorly done "security piece" not learning from other groups stumbles or intentional misdirection's.
No CVE, no 90 days given to architecture owners, no credibility. I don't see any proof they tested against mitigated hardware.

View attachment 199059
Fucking Intel... some shit never changes.
 
Joined
Mar 31, 2014
Messages
1,533 (0.39/day)
Location
Grunn
System Name Indis the Fair (cursed edition)
Processor 11900k 5.1/4.9 undervolted.
Motherboard MSI Z590 Unify-X
Cooling Heatkiller VI Pro, VPP755 V.3, XSPC TX360 slim radiator, 3xA12x25, 4x Arctic P14 case fans
Memory G.Skill Ripjaws V 2x16GB 4000 16-19-19 (b-die@3600 14-14-14 1.45v)
Video Card(s) EVGA 2080 Super Hybrid (T30-120 fan)
Storage 970EVO 1TB, 660p 1TB, WD Blue 3D 1TB, Sandisk Ultra 3D 2TB
Display(s) BenQ XL2546K, Dell P2417H
Case FD Define 7
Audio Device(s) DT770 Pro, Topping A50, Focusrite Scarlett 2i2, Røde VXLR+, Modmic 5
Power Supply Seasonic 860w Platinum
Mouse Razer Viper Mini, Odin Infinity mousepad
Keyboard GMMK Fullsize v2 (Boba U4Ts)
Software Win10 x64/Win7 x64/Ubuntu
There should be no need. The CPU will know if the code is privileged to read a cache line, and once these enforcements are firmly in place, the Spectre class of bugs will go away
The attacker thread in a side channel attack is not directly reading the cache line. It merely probes the cache to determine the usage by the victim thread. You merely need access to a shared cache to carry out such an attack, and on the flip side the chance you get useful information out of such an attack is absurdly small.
The usefulness of SMT is decreasing with more efficient CPU architectures
The more resources a core has inside it, the more likely a thread does not have enough instruction level parallelism to suitably utilise all the resources in the core. Digging too hard for ILP results in bloated cores since increasing the out of order window exponentially drives up complexity of the core.

Back when SMT was introduced, it made a lot of sense since the pipelines were stalled much more and implementing SMT required very little die space
SMT no longer exists to cover stalling pipelines.

Itanium had many flaws, probably the biggest one was a very complex instruction scheme
VLIW has the fundamental flaw that it does not address runtime variance of certain latencies. Memory (cache level) latency is unpredictable and changes based on uarch and what other code is being run on the machine. Statically scheduled VLIW code can never be scheduled efficiently for every use case on general purpose processors.

I know my computer architecture quite well thank you.
 

d3vz3r0

New Member
Joined
May 4, 2021
Messages
1 (0.00/day)
Where can i download the papers, in which "people on the internet" are explaining their concers and proof the mentioned PoC paper is wrong?
 
Joined
Jun 10, 2014
Messages
2,987 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
The attacker thread in a side channel attack is not directly reading the cache line. It merely probes the cache to determine the usage by the victim thread. You merely need access to a shared cache to carry out such an attack, and on the flip side the chance you get useful information out of such an attack is absurdly small.
Unless you are talking about the extraction of meta information here, cached data is not a problem.
Even non-speculative execution have sensitive data in L1/L2/L3 all the time, as the CPU constantly do context switches without flushing caches.
The issue with speculative execution is when sensitive data is loaded into registers, etc. or even whole instructions are executed before this is discarded, but some of this data can be extracted before it's cleaned up (or overwritten). Implementing all instructions with proper safeguards in place will eliminate this problem (and all Specre class bugs). This will certainly create design constraints, but speculative execution as a whole is not principally flawed like many seems to think.

The more resources a core has inside it, the more likely a thread does not have enough instruction level parallelism to suitably utilise all the resources in the core. Digging too hard for ILP results in bloated cores since increasing the out of order window exponentially drives up complexity of the core.

SMT no longer exists to cover stalling pipelines.
You are forgetting that modern microarchitectures are using power gating quite heavily, and have multiple different execution units on a single execution port. If we are talking about computing in general (desktop usage, workstations, etc.), execution ports are usually quite well saturated when the CPU pipeline isn't stalled, so unless it's stalled, there rarely are many idle execution ports to delegate to other threads. This is why x86 SMT implementations only execute one thread at the time.
On the other hand, Power have an "impressive" 8-way SMT which can execute two threads simultaneously. These are intended for specific web server/enterprise workloads where performance of a single thread is less important than total throughput, and the threads are mostly stalled anyway. A such CPU design would result in a horrible user experience as a desktop CPU.

Statically scheduled VLIW code can never be scheduled efficiently for every use case on general purpose processors.
True, at least as far as we know. A new paradigm would be required to change this.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Where can i download the papers, in which "people on the internet" are explaining their concers and proof the mentioned PoC paper is wrong?
We can't prove it wrong per se. We're just saying this whitepaper needs work. It isn't really the best I've seen.
 
Joined
Oct 27, 2009
Messages
1,184 (0.21/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
Where can i download the papers, in which "people on the internet" are explaining their concers and proof the mentioned PoC paper is wrong?
You can't because they didn't follow the standard procedure and get it verified or give the allegedly effected architectures a head up. Instead they recklessly released a white paper making accusations to get their masters and moved on. This is just yet another CS department without ethical oversight.
Anyone of us can try to do what they have and perhaps not reproduce, but that isn't proof persay because they didn't exactly give enough details either way.
 
Joined
Jul 5, 2013
Messages
27,818 (6.68/day)
We're just saying this whitepaper needs work. It isn't really the best I've seen.
True. There's a lot unanswered. However, what it discloses clearly shows the level of difficulty of executing an exploit.
 
Last edited:
Joined
Feb 20, 2019
Messages
8,283 (3.93/day)
System Name Bragging Rights
Processor Atom Z3735F 1.33GHz
Motherboard It has no markings but it's green
Cooling No, it's a 2.2W processor
Memory 2GB DDR3L-1333
Video Card(s) Gen7 Intel HD (4EU @ 311MHz)
Storage 32GB eMMC and 128GB Sandisk Extreme U3
Display(s) 10" IPS 1280x800 60Hz
Case Veddha T2
Audio Device(s) Apparently, yes
Power Supply Samsung 18W 5V fast-charger
Mouse MX Anywhere 2
Keyboard Logitech MX Keys (not Cherry MX at all)
VR HMD Samsung Oddyssey, not that I'd plug it into this though....
Software W10 21H1, barely
Benchmark Scores I once clocked a Celeron-300A to 564MHz on an Abit BE6 and it scored over 9000.
Sound like a planned strategy to force consumers into buying new hardware. As always, never trust anyone.
If anything, these exploits prove that no matter what is added to the hardware, there's always a way around it.
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
If anything, these exploits prove that no matter what is added to the hardware, there's always a way around it.
It's why depending on the hardware for mission critical security is just dumb. It's good for non-critical security but if your mission depends on some barrier setup by the CPU you are doing it wrong.
 
Joined
Jul 5, 2013
Messages
27,818 (6.68/day)
It's why depending on the hardware for mission critical security is just dumb. It's good for non-critical security but if your mission depends on some barrier setup by the CPU you are doing it wrong.
While true, what choice do we have? Governments need to do government things, military's need to do military things and businesses need to do business things. Trying to build mission specific computers for every "mission critical" task would be prohibitively expensive, overly complicated and an overall untenable proposition..
 
Joined
Aug 20, 2007
Messages
21,469 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
While true, what choice do we have? Governments need to do government things, military's need to do military things and businesses need to do business things. Trying to build mission specific computers for every "mission critical" task would be prohibitively expensive, overly complicated and an overall untenable proposition..
Software security.

If it's mission critical, use hard software encryption. Don't trust the cpu to set up barriers, build your own with hard math.

It's a paradighm shift in many ways, but it's not impossible, and it is long overdue.
 
Joined
Jul 5, 2013
Messages
27,818 (6.68/day)
Software security.

If it's mission critical, use hard software encryption. Don't trust the cpu to set up barriers, build your own with hard math.

It's a paradighm shift in many ways, but it's not impossible, and it is long overdue.
Excellent points, and if done to rigorous and exacting requirements, such efforts would work.
 
Joined
Dec 28, 2006
Messages
4,378 (0.67/day)
Location
Hurst, Texas
System Name The86
Processor Ryzen 5 3600
Motherboard ASROCKS B450 Steel Legend
Cooling AMD Stealth
Memory 2x8gb DDR4 3200 Corsair
Video Card(s) EVGA RTX 3060 Ti
Storage WD Black 512gb, WD Blue 1TB
Display(s) AOC 24in
Case Raidmax Alpha Prime
Power Supply 700W Thermaltake Smart
Mouse Logitech Mx510
Keyboard Razer BlackWidow 2012
Software Windows 10 Professional
It requires physical access to the machine, and if the bad guy has physical access nothing is secure anyway. This is why data centers use physical security also.
 
Top