• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

ÆPIC Leak is an Architectural CPU Bug Affecting 10th, 11th, and 12th Gen Intel Core Processors

Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
Yep, and herein lies the REAL problem, as a lot of IT departments today are manned by 1st time rookies and/or amateurs with little to no hands on experience, who were hired in at just above minimum wage and have neither the competence nor the ability/desire to actually do any REAL work, aside from sittin on their collective duffs playing on their phones, and pick up their paychecks on payday... yea they can help you reset your password or ask the holier than thou question of "did you try restarting your computer"... but beyond that it takes them a long time to figure out how to solve everyday issues, cause they have to "look into it".. ie search google for a fix !

On the other end are the "IT Managers" or "SVP of Technology & Infrastructure", who get paid ALOT of money to sit around in meetings with the other execs, dreaming up IT budgets for the upcoming fiscal year while minimizing costs and expenditures, and push out memos about how up to date the company is and how the "forward thinking plans" they are developing will "keep the company on the cutting edge" of technology.... most of which sound as bad or worse than the marketing garbaggio that is dreamed up the press releases we see posted here.
lol i'm in a 20+ year IT career and this sums it up nicely. Its why I prefer to work alone!!
 
Joined
Mar 10, 2010
Messages
11,878 (2.20/day)
Location
Manchester uk
System Name RyzenGtEvo/ Asus strix scar II
Processor Amd R5 5900X/ Intel 8750H
Motherboard Crosshair hero8 impact/Asus
Cooling 360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s) Powercolour RX7900XT Reference/Rtx 2060
Storage Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s) Samsung UAE28"850R 4k freesync.dell shiter
Case Lianli 011 dynamic/strix scar2
Audio Device(s) Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply corsair 1200Hxi/Asus stock
Mouse Roccat Kova/ Logitech G wireless
Keyboard Roccat Aimo 120
VR HMD Oculus rift
Software Win 10 Pro
Benchmark Scores 8726 vega 3dmark timespy/ laptop Timespy 6506
lol i'm in a 20+ year IT career and this sums it up nicely. Its why I prefer to work alone!!
He didn't have it quite right though did he, he didn't mention cloud or web based tools, our IT team and most others are only reachable through a request in a web app, just like HR, health and safety, higher management, all in the cloud's on there mobiles.
 
Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
He didn't have it quite right though did he, he didn't mention cloud or web based tools, our IT team and most others are only reachable through a request in a web app, just like HR, health and safety, higher management, all in the cloud's on there mobiles.
It will depend on environment. When I was at a large organization your example was more the normal.At the current place i'm at which is more small to medium size there isn't too much cloud based stuff except for external client projects for the most part. And there are both positives and negative to each size, but I won't go to far on this as its abit off topic for this thread but interesting topic still.
 
Joined
Oct 27, 2009
Messages
1,194 (0.22/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
P4-630 is right SGX was removed from Alder Lake and so would be unaffected by this bug. In fact there was a lot of coverage that it would not be supporting 4K Bluray playback.
Nope this is a new one, the new SGX vulnerability was last week, this is not a side channel... kinda.
 
Joined
Oct 27, 2013
Messages
3 (0.00/day)
Nope this is a new one, the new SGX vulnerability was last week, this is not a side channel... kinda.
I think you missed what I was saying here Alder Lake which is 12th Gen doesn't even have SGX so it would not be affected by this issue.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
27,095 (3.83/day)
Location
Alabama
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) 49" Philips Evnia OLED (49M2C8900)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on schitt Gunnr
Power Supply Seasonic Prime TX-1600
Mouse Razer Viper mini signature edition (mercury white)
Keyboard Monsgeek M3 Lavender, Moondrop Luna lights
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
SGX so it would not be affected by this issue.

That's not true, only that it can also be leaked via SGX which would need a patch. All of these systems are affected by APIC MMIO.
 

johnspack

Here For Good!
Joined
Oct 6, 2007
Messages
6,038 (0.96/day)
Location
Nelson B.C. Canada
System Name System2 Blacknet , System1 Blacknet2
Processor System2 Threadripper 1920x, System1 2699 v3
Motherboard System2 Asrock Fatality x399 Professional Gaming, System1 Asus X99-A
Cooling System2 Noctua NH-U14 TR4-SP3 Dual 140mm fans, System1 AIO
Memory System2 64GBS DDR4 3000, System1 32gbs DDR4 2400
Video Card(s) System2 GTX 980Ti System1 GTX 970
Storage System2 4x SSDs + NVme= 2.250TB 2xStorage Drives=8TB System1 3x SSDs=2TB
Display(s) 1x27" 1440 display 1x 24" 1080 display
Case System2 Some Nzxt case with soundproofing...
Audio Device(s) Asus Xonar U7 MKII
Power Supply System2 EVGA 750 Watt, System1 XFX XTR 750 Watt
Mouse Logitech G900 Chaos Spectrum
Keyboard Ducky
Software Archlinux, Manjaro, Win11 Ent 24h2
Benchmark Scores It's linux baby!
Chances of the average user to ever be a victim of any of these exploits..... zero. Unless you actually want to sabotage your own computer. Most won't .
These are all exploits that someone would have to use on a company network where they are trusted and have admin access.
 
Joined
Oct 27, 2009
Messages
1,194 (0.22/day)
Location
Republic of Texas
System Name [H]arbringer
Processor 4x 61XX ES @3.5Ghz (48cores)
Motherboard SM GL
Cooling 3x xspc rx360, rx240, 4x DT G34 snipers, D5 pump.
Memory 16x gskill DDR3 1600 cas6 2gb
Video Card(s) blah bigadv folder no gfx needed
Storage 32GB Sammy SSD
Display(s) headless
Case Xigmatek Elysium (whats left of it)
Audio Device(s) yawn
Power Supply Antec 1200w HCP
Software Ubuntu 10.10
Benchmark Scores http://valid.canardpc.com/show_oc.php?id=1780855 http://www.hwbot.org/submission/2158678 http://ww
I think you missed what I was saying here Alder Lake which is 12th Gen doesn't even have SGX so it would not be affected by this issue.
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.
This requires root OR SGX So bad actor ON network... so non-issue on 12th gen, returning issue on 13th gen with SGX coming back... lol.

This is not an SGX side channel, this is an APIC direct attack. However, on systems with SGX present root can be gained as a pivot point...
 
Joined
Jun 16, 2013
Messages
1,457 (0.35/day)
Location
Australia
Yep, and herein lies the REAL problem, as a lot of IT departments today are manned by 1st time rookies and/or amateurs with little to no hands on experience, who were hired in at just above minimum wage and have neither the competence nor the ability/desire to actually do any REAL work, aside from sittin on their collective duffs playing on their phones, and pick up their paychecks on payday... yea they can help you reset your password or ask the holier than thou question of "did you try restarting your computer"... but beyond that it takes them a long time to figure out how to solve everyday issues, cause they have to "look into it".. ie search google for a fix !

On the other end are the "IT Managers" or "SVP of Technology & Infrastructure", who get paid ALOT of money to sit around in meetings with the other execs, dreaming up IT budgets for the upcoming fiscal year while minimizing costs and expenditures, and push out memos about how up to date the company is and how the "forward thinking plans" they are developing will "keep the company on the cutting edge" of technology.... most of which sound as bad or worse than the marketing garbaggio that is dreamed up the press releases we see posted here.
You nailed it there! that's why I bailed out of the industry over a decade ago.
 
Joined
Jan 5, 2006
Messages
18,584 (2.68/day)
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Last edited:
Joined
Aug 12, 2020
Messages
1,207 (0.76/day)
There is so much FUD potential in news like this tbh.

In my opinion any piece regarding this should clearly state early on whether it requires physical access or can be exploited remotely, which is exactly the piece of information vast majority of us needs to know to evaluate how concerning it is.
 
Joined
Jun 2, 2022
Messages
349 (0.37/day)
System Name HP EliteBook 725 G3
Processor AMD PRO A10-8700B (1.8 GHz CMT dual module with 3.2 GHz boost)
Motherboard HP proprietary
Cooling pretty good
Memory 8 GB SK Hynix DDR3 SODIMM
Video Card(s) Radeon R6 (Carrizo/GCNv3)
Storage internal Kioxia XG6 1 TB NVMe SSD (aftermarket)
Display(s) HP P22h G4 21.5" 1080p (& 768p internal LCD)
Case HP proprietary metal case
Audio Device(s) built-in Conexant CX20724 HDA chipset -> Roland RH-200S
Power Supply HP-branded AC adapter
Mouse Steelseries Rival 310
Keyboard Cherry G84-5200
Software Alma Linux 9.1
Benchmark Scores Broadcom BCM94356 11ac M.2 WiFi card (aftermarket)
Joined
Feb 21, 2006
Messages
2,240 (0.33/day)
Location
Toronto, Ontario
System Name The Expanse
Processor AMD Ryzen 7 5800X3D
Motherboard Asus Prime X570-Pro BIOS 5013 AM4 AGESA V2 PI 1.2.0.Cc.
Cooling Corsair H150i Pro
Memory 32GB GSkill Trident RGB DDR4-3200 14-14-14-34-1T (B-Die)
Video Card(s) XFX Radeon RX 7900 XTX Magnetic Air (24.12.1)
Storage WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s) LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case Fractal Design Meshify S2
Audio Device(s) Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply Corsair AX850 Titanium
Mouse Corsair Dark Core RGB SE
Keyboard Corsair K100
Software Windows 10 Pro x64 22H2
Benchmark Scores 3800X https://valid.x86.fr/1zr4a5 5800X https://valid.x86.fr/2dey9c 5800X3D https://valid.x86.fr/b7d
Glad I disabled that a long time ago. I don't mind my 2600 lite being a reborn Phenom II X6 at all. Just happy I was actually able to buy a hexacore CPU.
This is not an exploit you would see being used on a home pc. Its would affect servers and cloud environments.
 
Joined
Jun 16, 2013
Messages
1,457 (0.35/day)
Location
Australia
Glad I disabled that a long time ago. I don't mind my 2600 lite being a reborn Phenom II X6 at all. Just happy I was actually able to buy a hexacore CPU.
You mean a 2600 hexacore with significant improvement in clock cycle efficiency compared to Phenom II X6 right ? :)
 
Joined
Jun 2, 2022
Messages
349 (0.37/day)
System Name HP EliteBook 725 G3
Processor AMD PRO A10-8700B (1.8 GHz CMT dual module with 3.2 GHz boost)
Motherboard HP proprietary
Cooling pretty good
Memory 8 GB SK Hynix DDR3 SODIMM
Video Card(s) Radeon R6 (Carrizo/GCNv3)
Storage internal Kioxia XG6 1 TB NVMe SSD (aftermarket)
Display(s) HP P22h G4 21.5" 1080p (& 768p internal LCD)
Case HP proprietary metal case
Audio Device(s) built-in Conexant CX20724 HDA chipset -> Roland RH-200S
Power Supply HP-branded AC adapter
Mouse Steelseries Rival 310
Keyboard Cherry G84-5200
Software Alma Linux 9.1
Benchmark Scores Broadcom BCM94356 11ac M.2 WiFi card (aftermarket)
You mean a 2600 hexacore with significant improvement in clock cycle efficiency compared to Phenom II X6 right ? :)
I mean 1600 AF (which is Zen+-based and basically a 200 MHz (300 MHz boost) slower 2600, hence "2600 lite") with SMT disabled. So, yes, basically a much more efficient Phenom II X6. During the Phenom II era, I was using a T2370 (low-end Core 2 Duo based CPU with Intel GMA X3100 IGP) laptop LOL.
 
Joined
Feb 18, 2005
Messages
5,847 (0.81/day)
Location
Ikenai borderline!
System Name Firelance.
Processor Threadripper 3960X
Motherboard ROG Strix TRX40-E Gaming
Cooling IceGem 360 + 6x Arctic Cooling P12
Memory 8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s) MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage 2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s) 3x AOC Q32E2N (32" 2560x1440 75Hz)
Case Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply Fractal Design Ion+ 2 Platinum 760W
Mouse Logitech G602
Keyboard Razer Pro Type Ultra
Software Windows 10 Professional x64
There is so much FUD potential in news like this tbh.

In my opinion any piece regarding this should clearly state early on whether it requires physical access or can be exploited remotely, which is exactly the piece of information vast majority of us needs to know to evaluate how concerning it is.
The vast majority of these cleverly-named attacks are mostly FUD. But security researchers have figured out the easy way to get themselves noticed is to find one of these vulnerabilities, give it a cool name, then spam it EVERYWHERE - with the result that the public becomes consequently ever-less-interested (the "boy who cried wolf" scenario).
 

Mussels

Freshwater Moderator
Joined
Oct 6, 2004
Messages
58,413 (7.91/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Nyah


Hope theres a firmware fix, that sounds even worse than the typical side channel attacks - and some of those had mitigtations that royally sucked

There is so much FUD potential in news like this tbh.

In my opinion any piece regarding this should clearly state early on whether it requires physical access or can be exploited remotely, which is exactly the piece of information vast majority of us needs to know to evaluate how concerning it is.
Good thing TPU's article does, without a misleading title ;)


Right on the front page too
A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched


Like most of these risks it requires local admin access, the risk here is that SGX is bypassed and it's not a side channel attack - one disclosed for ryzen recently had to run the attack on a real core, to access data from the attached SMT thread - that's not just admin/root access but also screwing with running processes and locking them to specific cores and threads to work

Getting stale data seems risky, as an attack could potentially harvest a lot over time
 
Joined
Jan 21, 2021
Messages
67 (0.05/day)
Yes, when a vulnerability needs to have root access to work, the attacker already owns the system.
The only concern would be if this can be executed across VMs, which really only applies to cloud services, but sensitive/critical services should never run in the cloud anyways. Anyone in the industry knows security is done in layers; If there is a bug in hardware, firmware or the OS, usually the higher levels will protect until the problem is resolved/mitigated. In the public cloud, if there is a hardware or hypervisor bug, then all the other security measures can be bypassed.


It's hard to measure competence in IT, which is probably contributing to a lot of unqualified staff, and this is even a problem for "experienced" staff, some people just never know what they're doing or don't care.
I once saw a company wanting to ramp up their security hire a team of "security experts", which were so incompetent in introducing "well established security principles" like two-factor authentication and using a service from a "tried and tested" third-party, they managed to make it worse than not having it, as there were fundamental flaws in the setup resulting in several attack vectors.

Incompetence is rampant - it's unfortunate. Things can so easily look right to management when they're wrong, too. It's a problem. For IT security, maybe if there was a regulated body that trained and employed people (and kept them current) to consult with companies before/after they've had major changes made to their IT infrastructure - things would be better. As long as the regulated body did a good job keeping current.
For those willing to pay, security could be almost guaranteed. Companies wanting to "do it cheap", it would obviously not be

Absolutely not. 9th gen is still Skylake+*n (aka garbage lake) and therefore vulnerable to many transient execution attacks. Personally, I will keep running this Zen+ system (with SMT disabled) for many, many years, not just because I cannot afford to upgrade but also because it is clear to me that all these new generations have new security vulnerabilities of their own, so there is no sense upgrading to a newer gen with supposed hardware "mitigations". When the time comes, I will probably upgrade to a RISC-V/ARM-based system with in-order cores (i.MX10 with A510 would be interesting as they are supposed to have performance equivalent to that of the old A73), which is immune to all these issues afflicting highly complex OoO designs. That system may have less raw CPU power (certainly single-thread) but at least it would be highly secure and have low power consumption, two attributes that are highly attractive considering the future that we are currently facing. I don't strictly need tons of performance for home use anyway.

I don't have the knowledge or tools to make my own. It's important to remember though - you don't know for sure the features any one chip supports unless you crack it open and get it under a microscope. And have someone very familiar with microprocessor design take a look at things. Even then, it's not 100%.

So you're saying 9th gen security is worse than 10th/11th/12th gen overall, but it doesn't have this specific vulnerability.
Do you know of a resource that lists all the vulnerabilities/defects of modern CPUs? Preferably back to the introduction of i3/i5/i7, but if one less complete exists I'm not opposed
 
Joined
Jun 2, 2022
Messages
349 (0.37/day)
System Name HP EliteBook 725 G3
Processor AMD PRO A10-8700B (1.8 GHz CMT dual module with 3.2 GHz boost)
Motherboard HP proprietary
Cooling pretty good
Memory 8 GB SK Hynix DDR3 SODIMM
Video Card(s) Radeon R6 (Carrizo/GCNv3)
Storage internal Kioxia XG6 1 TB NVMe SSD (aftermarket)
Display(s) HP P22h G4 21.5" 1080p (& 768p internal LCD)
Case HP proprietary metal case
Audio Device(s) built-in Conexant CX20724 HDA chipset -> Roland RH-200S
Power Supply HP-branded AC adapter
Mouse Steelseries Rival 310
Keyboard Cherry G84-5200
Software Alma Linux 9.1
Benchmark Scores Broadcom BCM94356 11ac M.2 WiFi card (aftermarket)
Incompetence is rampant - it's unfortunate. Things can so easily look right to management when they're wrong, too. It's a problem. For IT security, maybe if there was a regulated body that trained and employed people (and kept them current) to consult with companies before/after they've had major changes made to their IT infrastructure - things would be better. As long as the regulated body did a good job keeping current.
For those willing to pay, security could be almost guaranteed. Companies wanting to "do it cheap", it would obviously not be



I don't have the knowledge or tools to make my own. It's important to remember though - you don't know for sure the features any one chip supports unless you crack it open and get it under a microscope. And have someone very familiar with microprocessor design take a look at things. Even then, it's not 100%.

So you're saying 9th gen security is worse than 10th/11th/12th gen overall, but it doesn't have this specific vulnerability.
Do you know of a resource that lists all the vulnerabilities/defects of modern CPUs? Preferably back to the introduction of i3/i5/i7, but if one less complete exists I'm not opposed
9th gen security without mitigations would certainly be worse, I think, yes. Because Sunny Cove and later derivative designs have lots of (partial) hardware mitigations built-in. There have been some new vulnerabilities that only affect Sunny Cove+ but they are less than all the old vulnerabilities affecting Skylake+n. I don't know that there is one comprehensive table for all CPUs. But Intel does have this for some of their CPUs: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html As for the old CPUs going back to the start of the Core i range: I think we will never really know, all those old CPUs (same with AMD) seem to have been abandoned. I have no idea exactly which vulnerabilities affect my Richland and K10 laptops and I doubt there are any microcode mitigations for them. But I don't really use the Richland laptop for web browsing except with Netsurf (no JavaScript) as it is only a dual core and I have my desktop anyway. I use uBlock Origin (like I do on my desktop) on the K10 (Llano quad core so it is still pretty fast with Linux) laptop so that should greatly reduce the risk (and that is without considering that K10 lacks SMT, which makes a huge difference).

I personally dislike Skylake (hence "garbage lake") and derivatives because they are affected by vulnerabilities that Haswell (and Broadwell, for laptops) are not (and they have that SGX crap that is used for DRM). If I were to buy an Intel computer, it would have to either have a *well CPU or Icelake+ (Sunny Cove+).
 
Joined
Jan 21, 2021
Messages
67 (0.05/day)
9th gen security without mitigations would certainly be worse, I think, yes. Because Sunny Cove and later derivative designs have lots of (partial) hardware mitigations built-in. There have been some new vulnerabilities that only affect Sunny Cove+ but they are less than all the old vulnerabilities affecting Skylake+n. I don't know that there is one comprehensive table for all CPUs. But Intel does have this for some of their CPUs: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html As for the old CPUs going back to the start of the Core i range: I think we will never really know, all those old CPUs (same with AMD) seem to have been abandoned. I have no idea exactly which vulnerabilities affect my Richland and K10 laptops and I doubt there are any microcode mitigations for them. But I don't really use the Richland laptop for web browsing except with Netsurf (no JavaScript) as it is only a dual core and I have my desktop anyway. I use uBlock Origin (like I do on my desktop) on the K10 (Llano quad core so it is still pretty fast with Linux) laptop so that should greatly reduce the risk (and that is without considering that K10 lacks SMT, which makes a huge difference).

I personally dislike Skylake (hence "garbage lake") and derivatives because they are affected by vulnerabilities that Haswell (and Broadwell, for laptops) are not (and they have that SGX crap that is used for DRM). If I were to buy an Intel computer, it would have to either have a *well CPU or Icelake+ (Sunny Cove+).

Didn't 9th gen fix the problems in hardware without large performance penalties that 8th/7th/6th/5th/4th etc gen processors needed microcode/software fixes for back in 2018 - some of which impacted performance by 30%+? I thought I heard they did, but I could be wrong. There are always new vulnerabilities being found lol, it's hard to keep up. Every once in a while I get lost (more lost than usual anyway) lol.

Can't SGX be disabled in the BIOS, and if you disable it, *lake processors behave the same as Haswell/Broadwell?

I don't like HT/SMT. I do work with audio sometimes and it can cause latency problems, especially when you're using real time monitoring of processed audio (eg singing with electric guitar when the "electric" part of "electric guitar" is being created in the PC from an input directly from the guitar). Every millisecond matters, especially to me because after a few, I'm thrown off.

My last two CPUs have been 9600K and 2500K - both non-HT. I think I read somewhere Intel will be including HT on all of their CPUs from now on, even their i3s. It'll probably stay that way as long as AMD is competitive at all levels (it was shortly after they began to be when Intel changed). In addition to the potential security problems brought by HT/SMT, it's nothing special: any performance brought to the table costs just as much power as if done on another core, and overclocks are reduced because of it (I especially like my single threaded performance). If non-HT/SMT CPUs are reintroduced in the next generations, I'll be sticking with them as long as they have enough cores. If not, I'll buy the amount I'd like, then disable HT/SMT, enjoying greater security, lower latency, and higher performance. in every program at all times except in rare occasions when loads are running which bring CPU usage up near 100%.
 

Mussels

Freshwater Moderator
Joined
Oct 6, 2004
Messages
58,413 (7.91/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
Didn't 9th gen fix the problems in hardware without large performance penalties that 8th/7th/6th/5th/4th etc gen processors needed microcode/software fixes for back in 2018 - some of which impacted performance by 30%+? I thought I heard they did, but I could be wrong. There are always new vulnerabilities being found lol, it's hard to keep up. Every once in a while I get lost (more lost than usual anyway) lol.

Can't SGX be disabled in the BIOS, and if you disable it, *lake processors behave the same as Haswell/Broadwell?

I don't like HT/SMT. I do work with audio sometimes and it can cause latency problems, especially when you're using real time monitoring of processed audio (eg singing with electric guitar when the "electric" part of "electric guitar" is being created in the PC from an input directly from the guitar). Every millisecond matters, especially to me because after a few, I'm thrown off.

My last two CPUs have been 9600K and 2500K - both non-HT. I think I read somewhere Intel will be including HT on all of their CPUs from now on, even their i3s. It'll probably stay that way as long as AMD is competitive at all levels (it was shortly after they began to be when Intel changed). In addition to the potential security problems brought by HT/SMT, it's nothing special: any performance brought to the table costs just as much power as if done on another core, and overclocks are reduced because of it (I especially like my single threaded performance). If non-HT/SMT CPUs are reintroduced in the next generations, I'll be sticking with them as long as they have enough cores. If not, I'll buy the amount I'd like, then disable HT/SMT, enjoying greater security, lower latency, and higher performance. in every program at all times except in rare occasions when loads are running which bring CPU usage up near 100%.
Look into HPET - from memory, the HPET issue is likely what you were facing and SMT just made it worse.
It was a big issue from 6th to 9?th gen intel
The HPET bug: What it is and what it isn't - overclockers.at
(Link is focused on games, but it also caused weird audio issues back in the day especially around the Vista era where networking and audio clashed, and networking taking priority would cause crackling and latency issues)
 
Joined
Jun 2, 2022
Messages
349 (0.37/day)
System Name HP EliteBook 725 G3
Processor AMD PRO A10-8700B (1.8 GHz CMT dual module with 3.2 GHz boost)
Motherboard HP proprietary
Cooling pretty good
Memory 8 GB SK Hynix DDR3 SODIMM
Video Card(s) Radeon R6 (Carrizo/GCNv3)
Storage internal Kioxia XG6 1 TB NVMe SSD (aftermarket)
Display(s) HP P22h G4 21.5" 1080p (& 768p internal LCD)
Case HP proprietary metal case
Audio Device(s) built-in Conexant CX20724 HDA chipset -> Roland RH-200S
Power Supply HP-branded AC adapter
Mouse Steelseries Rival 310
Keyboard Cherry G84-5200
Software Alma Linux 9.1
Benchmark Scores Broadcom BCM94356 11ac M.2 WiFi card (aftermarket)
Didn't 9th gen fix the problems in hardware without large performance penalties that 8th/7th/6th/5th/4th etc gen processors needed microcode/software fixes for back in 2018 - some of which impacted performance by 30%+? I thought I heard they did, but I could be wrong. There are always new vulnerabilities being found lol, it's hard to keep up. Every once in a while I get lost (more lost than usual anyway) lol.

Can't SGX be disabled in the BIOS, and if you disable it, *lake processors behave the same as Haswell/Broadwell?

I don't like HT/SMT. I do work with audio sometimes and it can cause latency problems, especially when you're using real time monitoring of processed audio (eg singing with electric guitar when the "electric" part of "electric guitar" is being created in the PC from an input directly from the guitar). Every millisecond matters, especially to me because after a few, I'm thrown off.

My last two CPUs have been 9600K and 2500K - both non-HT. I think I read somewhere Intel will be including HT on all of their CPUs from now on, even their i3s. It'll probably stay that way as long as AMD is competitive at all levels (it was shortly after they began to be when Intel changed). In addition to the potential security problems brought by HT/SMT, it's nothing special: any performance brought to the table costs just as much power as if done on another core, and overclocks are reduced because of it (I especially like my single threaded performance). If non-HT/SMT CPUs are reintroduced in the next generations, I'll be sticking with them as long as they have enough cores. If not, I'll buy the amount I'd like, then disable HT/SMT, enjoying greater security, lower latency, and higher performance. in every program at all times except in rare occasions when loads are running which bring CPU usage up near 100%.
I have to say this is still one of the nice things that Intel offers: CPUs without SMT. The other thing that I like is that they still offer T (35W) versions of their CPUs. AMD offered 45 W T versions with Richland and later 35 W "E" versions with some generations, although I think those are OEM only. I used to have an i5-2400 without SMT and liked it quite a bit (it was my first real quad core and desktop CPU).

9th gen does have some minor partial hardware mitigations but it is nothing compared to Ice Lake (Sunny Cove) and derivatives AFAIK. Ultimately it is still just Skylake+*n, whereas Sunny Cove is a clean sheet design (yet still massively OoO and speculative, so it will always be vulnerable to some transient execution vulnerabilities I believe but I am not an expert, just a lay observer).
 

Mussels

Freshwater Moderator
Joined
Oct 6, 2004
Messages
58,413 (7.91/day)
Location
Oystralia
System Name Rainbow Sparkles (Power efficient, <350W gaming load)
Processor Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard Asus x570-F (BIOS Modded)
Cooling Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory 2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s) Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage 2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s) Phillips 32 32M1N5800A (4k144), LG 32" (4K60) | Gigabyte G32QC (2k165) | Phillips 328m6fjrmb (2K144)
Case Fractal Design R6
Audio Device(s) Logitech G560 | Corsair Void pro RGB |Blue Yeti mic
Power Supply Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse Logitech G Pro wireless + Steelseries Prisma XL
Keyboard Razer Huntsman TE ( Sexy white keycaps)
VR HMD Oculus Rift S + Quest 2
Software Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores Nyooom.
I have to say this is still one of the nice things that Intel offers: CPUs without SMT. The other thing that I like is that they still offer T (35W) versions of their CPUs. AMD offered 45 W T versions with Richland and later 35 W "E" versions with some generations, although I think those are OEM only. I used to have an i5-2400 without SMT and liked it quite a bit (it was my first real quad core and desktop CPU).

9th gen does have some minor partial hardware mitigations but it is nothing compared to Ice Lake (Sunny Cove) and derivatives AFAIK. Ultimately it is still just Skylake+*n, whereas Sunny Cove is a clean sheet design (yet still massively OoO and speculative, so it will always be vulnerable to some transient execution vulnerabilities I believe but I am not an expert, just a lay observer).
I mean, you can simply disable SMT for both companies. It's not like you pay more for it, these days.
 
Joined
Jun 2, 2022
Messages
349 (0.37/day)
System Name HP EliteBook 725 G3
Processor AMD PRO A10-8700B (1.8 GHz CMT dual module with 3.2 GHz boost)
Motherboard HP proprietary
Cooling pretty good
Memory 8 GB SK Hynix DDR3 SODIMM
Video Card(s) Radeon R6 (Carrizo/GCNv3)
Storage internal Kioxia XG6 1 TB NVMe SSD (aftermarket)
Display(s) HP P22h G4 21.5" 1080p (& 768p internal LCD)
Case HP proprietary metal case
Audio Device(s) built-in Conexant CX20724 HDA chipset -> Roland RH-200S
Power Supply HP-branded AC adapter
Mouse Steelseries Rival 310
Keyboard Cherry G84-5200
Software Alma Linux 9.1
Benchmark Scores Broadcom BCM94356 11ac M.2 WiFi card (aftermarket)
I mean, you can simply disable SMT for both companies. It's not like you pay more for it, these days.
And that is what I currently have (although in Linux as if I disable it in the UEFI, suspend/S3 will no longer work on Ryzen...). But it is nicer to just have a "clean" CPU in the first place without that nonsense. And preferably I would have a CPU without ME/PSP and DRM garbage too.
 
Joined
Jan 21, 2021
Messages
67 (0.05/day)
I have to say this is still one of the nice things that Intel offers: CPUs without SMT. The other thing that I like is that they still offer T (35W) versions of their CPUs. AMD offered 45 W T versions with Richland and later 35 W "E" versions with some generations, although I think those are OEM only. I used to have an i5-2400 without SMT and liked it quite a bit (it was my first real quad core and desktop CPU).

9th gen does have some minor partial hardware mitigations but it is nothing compared to Ice Lake (Sunny Cove) and derivatives AFAIK. Ultimately it is still just Skylake+*n, whereas Sunny Cove is a clean sheet design (yet still massively OoO and speculative, so it will always be vulnerable to some transient execution vulnerabilities I believe but I am not an expert, just a lay observer).

I like the T offerings. I have a suspicion, though, that the more recent CPUs (starting around 9th gen) are more or less normal chips with lower power limits.

I explain in detail: The 9600T is said to have a base clock of 2.3GHz and a TDP of 35W, and the 9600K is said to have a base clock of 3.7GHz and TDP of 95W. If I'm remembering how things work correctly, and they still work the way they did when I learned things, this means: when at 100% utilization (probably non-AVX), the 9600T is able to run up to and including 2.3GHz without exceeding its TDP of 35W. The 9600K is able to run at 100% up to 3.7GHz using no more than 95W.

This means for heavily multithreaded tasks, the 9600T is 62% a 9600K.

Mr. T boosts to 3.9GHz, while K boosts to 4.6GHz.

This means when 9600T has a light workload, it's 85% of a 9600K.


To verify this, I would: first, take out my 9600K and put the 9600T in my motherboard. Then I'd enter the BIOS, load optimized defaults and boot into Windows. Then I'd load all CPU cores as much as I know how, sans (without) AVX. If it drops to 2.3GHz, we're done! If not, I'd download and install ThrottleStop, open it, and change the multiplier to whatever it is that makes 35 watts the value for CPU Package Power.

Then I'd pull out the 35 watt, stick in the 95 watt, and repeat the process outlined in Example.

If the T processor reaches a notably higher frequency than the K processor at 35W, then Intel is binning for higher performance at lower power.
If it doesn't, well then... they're not! lol
(personally I think 2.3GHz is a low base clock for 35W when 95W gives 3.7GHz. I'd think 35W would give you at the very least 2.6GHz- I'd expect 2.7-2.8GHz. Anyway... end of interruption). I'm pretty confident that Intel used to bin chips more extremely for low power consumption.

Another thing I find interesting - I've read mentioned casually from semi official sources, and heard this from people in conversation, that it's not always CPUs with lower VIDs which overclock best. You'd think so, but it's not so. My 2500K is a shining example of that. Its VID is 1.426V

1.426V

My 2500K's VID is higher than the voltage people say is safe to set the chip to lol. So this implies the 2500K is probably a bad example, right?

Wrong!

The thing is extremely stable at 4.9GHz with 1.43V. Rock solid stable. With 1.47V? it'll run almost everything you can think of at 5.2GHz. It can boot at 5.4GHz with 1.52V
AND REMEMBER: That VID is for the 2500K's maximum turbo boost frequency of 3.7GHz (3.3GHz base)
 
Top