CPU Errata Turn Security Vulnerabilities

btarunr · Jul 15, 2008

Security vulnerabilities have plagued the computing world ever since computing became a significant advance of mankind. As of today, the plethora of security software we use that gobble money, system resources and network bandwidth to keep our computers and networks safe, have done a good job and it's relatively 'peaceful' these days. And just when we thought so, enter Kris Kaspersky, eminent security researcher, comes up with the hypothesis that microcode errors, known errors and flaws in the design of CPUs could be exploited by malicious code to attack and compromise systems irrespective of which operating system (OS) and other software are running. Kaspersky claims that different errata of the CPU could be exploited differently.

Kaspersky plans to validate his claims by a demonstration during the Hack-in-the-box (HITB) event this October, where he will demonstrate different attacks specific to the errata of different processors. He told PC World, "I'm going to show real working code...and make it publicly available. Some bugs just crash the system; some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections."

For the know, even the most recent "Silverthrone" Atom processors have a list of errata, we all remember the Translation Look-aside Buffer erratum that AMD shipped its initial K10 processors with, which plagued sales of the Quad-core AMD Barcelona and Agena parts, and of how Intel delayed launch of Penryn to fix design flaws. That brings us to the burning question: why on earth would Kaspersky want to release the code to create such malware, and discover this vulnerability in the first place? Oh, it means business for Kapersky, a vendor of security software himself, and other security providers. Interestingly, such security patches come in the form of patches to the BIOS a-là the immediate fix for TLB-affected AMD processors. Fresh headache for BIOS coders of Motherboards, or maybe there's a business to that too? Perhaps 'Best security features' could be the next mantra for motherboard vendors, like 'best energy-saving features' is now.

View at TechPowerUp Main Site

wolf2009 · Jul 15, 2008

lol, this is going to provide real publicity to his soft "Kaspersky" .

Darkrealms · Jul 15, 2008

LoL, go figure. Now we have to pick our primary hardware based on virus problems. Wonder when he's going to find something for video cards. . .

candle_86 · Jul 15, 2008

meh most attacks can be stopped with a good hardware firewall and safe browsing, unless they put a virus on my paid porn sites or into wow im good

bubba_000 · Jul 15, 2008

Did you know..................

that a virus can copy itself to your DVD burner's buffer :eek:

And evade any antivirus and then copy istelf back to the HDD, while overcharging the drive's motor causing CDs to explode and posibly shred any living thing within 10 metres?

The solution?

GET A CERTIFIED SECURE DVD DRIVE WITH A SELF-DESTRUCT MECHANISM.NOW

panchoman · Jul 15, 2008

Darkrealms said:
LoL, go figure. Now we have to pick our primary hardware based on virus problems. Wonder when he's going to find something for video cards. . .

brute force hacks run over 50x faster on a gpu(tested with an x1950 i think) then a cpu.. making a password that could take months to brute force(hence the weekly, bi or tri weekly password changes that a lot of companies make you do etc), cracked in 2-3 days using an x1950(not sure)... now imagine it on the 800 stream processors on the R770.

i must say though :nutkick:

Kaspersky. you guys just introduced a whole new breed of viruses and trojans (unforutnantly, its not the rubber kind), and you fucking released the code? i hope your damn software can block the attacks that you've introduced!

also, this will definently become a factor in hardware choices. wonder when gigabyte starts saying.. "hey guys! quad protection against erotic exploits that the kaspersky idiots introduced."

time to buy a new revision errata-free phenom lol.

chron · Jul 15, 2008

candle_86 said:
meh most attacks can be stopped with a good hardware firewall and safe browsing, unless they put a virus on my paid porn sites or into wow im good

taking the free tour doesn't count as your "paid porn sites"

Katanai · Jul 15, 2008

So yeah this kinda answers the question: who makes those damn viruses? We have the leading expert right here...

Darkrealms · Jul 15, 2008

Katanai said:
So yeah this kinda answers the question: who makes those damn viruses? We have the leading expert right here...

Sadly he kinda makes it hard for me NOT to agree with you : (

yogurt_21 · Jul 15, 2008

old news, this happened with all the old cpu's then the athlon 64's hit the picture and it became harder to do, I imagine if it starts to become a problem again, intel and amd will just release a product that blocks it. no biggie

eidairaman1 · Jul 15, 2008

this guy is just trying to exploit another region to make more money is all, it takes malicious code for these companies to be around, so i wouldnt be surprised if they release malicious code themselves every so often.

Mussels · Jul 16, 2008

i thought the xD bit (or whatever it was) was meant to counter this?

candle_86 · Jul 16, 2008

chron said:
taking the free tour doesn't count as your "paid porn sites"

hey who said free tour, i spend about 60 a month on my porn tyvm

btarunr · Jul 16, 2008

Mussels said:
i thought the xD bit (or whatever it was) was meant to counter this?

Processors still have errata which Intel/AMD found insignificant and did not patch. Such flaws are now turning to vulnerabilities. Kaspersky wants to prove that.

Black Hades · Jul 16, 2008

candle_86 said:
hey who said free tour, i spend about 60 a month on my porn tyvm

Too much info...

Back on topic:
It's better he releases such info, if this kind of thing is kept in the shadows for too long it actually causes more damage.
A good example of this happening is the firewire design flaw:
Endgadget Article
Technical info

tkpenalty · Jul 16, 2008

E Terrorist much?

spud107 · Jul 16, 2008

so he's going to make virus code/program/whatever, show it off and make it availiable to people who really shoudn't see it?
am i missing something or is he an arsehole?

Assimilator · Jul 16, 2008

This is hardly new news. The original Pentium suffered from the so-called "f00f" bug way back in 1997, and considering that processors have become so much more complex since then, it's very likely that there are a number of undiscovered, but potentially serious vulnerabilities in todays CPUs.

Unfortunately, drawing attention to these issues is the only way they'll get fixed, so I have to say I think Kaspersky is in the right.

System Name	RBMK-1000
Processor	AMD Ryzen 7 5700G
Motherboard	Gigabyte B550 AORUS Elite V2
Cooling	DeepCool Gammax L240 V2
Memory	2x 16GB DDR4-3200
Video Card(s)	Galax RTX 4070 Ti EX
Storage	Samsung 990 1TB
Display(s)	BenQ 1440p 60 Hz 27-inch
Case	Corsair Carbide 100R
Audio Device(s)	ASUS SupremeFX S1220A
Power Supply	Cooler Master MWE Gold 650W
Mouse	ASUS ROG Strix Impact
Keyboard	Gamdias Hermes E2
Software	Windows 11 Pro

System Name	The86
Processor	Ryzen 5 3600
Motherboard	ASROCKS B450 Steel Legend
Cooling	AMD Stealth
Memory	2x8gb DDR4 3200 Corsair
Video Card(s)	EVGA RTX 3060 Ti
Storage	WD Black 512gb, WD Blue 1TB
Display(s)	AOC 24in
Case	Raidmax Alpha Prime
Power Supply	700W Thermaltake Smart
Mouse	Logitech Mx510
Keyboard	Razer BlackWidow 2012
Software	Windows 10 Professional

System Name	Packard Bell MV86-003
Processor	Core 2 Duo T5500
Motherboard	MV86
Memory	2 GB DDR2 667
Video Card(s)	Mobility Radeon X1700 64 bits 128 MB DDR2
Storage	100GB @ 5400 RPM
Audio Device(s)	Realtek HD Audio
Software	Windows Vista Ultimate SP1

Processor	Amd Athlon X2 4600+ Windsor(90nm) EE(65W) @2.9-3.0 @1.45
Motherboard	Biostar Tforce [Nvidia] 550
Cooling	Thermaltake Blue Orb-- bunch of other fans here and there....
Memory	2 gigs (2x1gb) of patriot ddr2 800 @ 4-4-4-12-2t
Video Card(s)	Sapphire X1950pro Pci-E x16 @stock@stock on stock
Storage	Seagate 7200.11 250gb Drive, WD raptors (30/40) in Raid 0
Display(s)	ANCIENT 15" sony lcd, bought it when it was like 500 bucks
Case	Apevia X-plorer blue/black
Audio Device(s)	Onboard- Why get an sound card when you can hum??
Power Supply	Antec NeoHe 550-manufactured by seasonic -replacement to the discontinued smart power series
Software	Windows XP pro SP2 -- vista is still crap

System Name	Thought I'd be done with this by now
Processor	i7 11700k 8/16
Motherboard	MSI Z590 Pro Wifi
Cooling	Be Quiet Dark Rock Pro 4, 9x aigo AR12
Memory	32GB GSkill TridentZ Neo DDR4-4000 CL18-22-22-42
Video Card(s)	MSI Ventus 2x Geforce RTX 3070
Storage	1TB MX300 M.2 OS + Games, + cloud mostly
Display(s)	Samsung 40" 4k (TV)
Case	Lian Li PC-011 Dynamic EVO Black
Audio Device(s)	onboard HD -> Yamaha 5.1
Power Supply	EVGA 850 GQ
Mouse	Logitech wireless
Keyboard	same
VR HMD	nah
Software	Windows 10
Benchmark Scores	no one cares anymore lols

CPU Errata Turn Security Vulnerabilities

btarunr

Editor & Senior Moderator

wolf2009

Guest

Darkrealms

candle_86

bubba_000

New Member

panchoman

Sold my stars!

chron

New Member

Katanai

Darkrealms

yogurt_21

eidairaman1

The Exiled Airman

Mussels

Freshwater Moderator

candle_86

btarunr

Editor & Senior Moderator

Black Hades

tkpenalty

spud107

Assimilator

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64

System Name	Rainbow Sparkles (Power efficient, <350W gaming load)
Processor	Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard	Asus x570-F (BIOS Modded)
Cooling	Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory	2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s)	Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage	2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s)	Phillips 32 32M1N5800A (4k144), LG 32" (4K60) \| Gigabyte G32QC (2k165) \| Phillips 328m6fjrmb (2K144)
Case	Fractal Design R6
Audio Device(s)	Logitech G560 \| Corsair Void pro RGB \|Blue Yeti mic
Power Supply	Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse	Logitech G Pro wireless + Steelseries Prisma XL
Keyboard	Razer Huntsman TE ( Sexy white keycaps)
VR HMD	Oculus Rift S + Quest 2
Software	Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores	Nyooom.

Processor	Intel i5 12600KF
Motherboard	MSI PRO Z690-P DDR4, Socket 1700
Cooling	MSI Ventus AIO
Memory	Corsair Vengeance LPX Black 32GB, DDR4, 3200MHz
Video Card(s)	MSI VentusRTX 3060 12Gb
Storage	XPS 1TB \| 2x Kingston 2TB Sata \| Sinology 4TB (Raid1) \|
Display(s)	24" Dell U2417H
Case	Msi Mpg Odin
Audio Device(s)	Realtek ALC887 + Microlab Solo 6C
Power Supply	Seasonic PRIME TX-750, 80
Mouse	Razer
Keyboard	Razer
Software	Windows 10 x64

System Name	spuds K8-X2
Processor	amd athlon X2 4200+ toledo s939 2794mhz 254x11 1.4 vcore
Motherboard	MSI K8N Neo4-F v1.0 (MS-7125) nforce4 sata2 mod, laptop cpu heatpipe copper nb cooler
Cooling	akasa evo "blue" + 90mm fan, 2x120mm front, 250mm side, 120mm rear, 120mm in psu, pci slot exhaust.
Memory	OCZ Platinum XTC DDR PC3200 4GB(4x1024) @254mhz 3-3-3-8 2T
Video Card(s)	sapphire HD3870 512mb GDDR4 vf900cu, several ramsinks on components / nvidia 7300gt 256mb secondary
Storage	hitachi 160gb (slightly fried) / hitachi 120gb ATA / Seagate 160gb / 2x ps3 seagate 60gb
Display(s)	CTX EX1300F 20" flat CRT, 1280x1024@100hz / 19" benq FP91G X / 19" hanns-g (all free)
Case	mesh server/gaming black case, 9x 5.25' drive bays, silvestone auto fan controller
Audio Device(s)	onboard realtek alc850 7.1/soundblaster LIVE! ct4780 + kxaudio - sony home theatre surround
Power Supply	winpower 650w, system draws around 470-500w under load(+all screens)
Software	win7 64bit
Benchmark Scores	~16m trips/sec using mty trip generator. triple monitor gaming using SoftTH. 3840x1024

System Name	Firelance.
Processor	Threadripper 3960X
Motherboard	ROG Strix TRX40-E Gaming
Cooling	IceGem 360 + 6x Arctic Cooling P12
Memory	8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s)	MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage	2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s)	Dell S3221QS(A) (32" 38x21 60Hz) + 2x AOC Q32E2N (32" 25x14 75Hz)
Case	Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply	Fractal Design Ion+ 2 Platinum 760W
Mouse	Logitech G604
Keyboard	Razer Pro Type Ultra
Software	Windows 10 Professional x64