News Posts matching #Spectre

Return to Keyword Browsing

"Indirector" is Intel's Latest Branch Predictor Vulnerability, But Patch is Already Out

Researchers from the University of California, San Diego, have unveiled a significant security vulnerability affecting Intel Raptor Lake and Alder Lake processors. The newly discovered flaw, dubbed "Indirector," exposes weaknesses in the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB), potentially allowing attackers to execute precise Branch Target Injection (BTI) attacks. The published study provides a detailed look into the intricate structures of the IBP and BTB within recent Intel processors, showcasing Spectre-style attach. For the first time, researchers have mapped out the size, structure, and precise functions governing index and tag hashing in these critical components. Particularly concerning is the discovery of previously unknown gaps in Intel's hardware defenses, including IBPB, IBRS, and STIBP. These findings suggest that even the latest security measures may be insufficient to protect against sophisticated attacks.

The research team developed a tool called "iBranch Locator," which can efficiently identify and manipulate specific branches within the IBP. This tool enables highly precise BTI attacks, potentially compromising security across various scenarios, including cross-process and cross-privilege environments. One of the most alarming implications of this vulnerability is its ability to bypass Address Space Layout Randomization (ASLR), a crucial security feature in modern operating systems. By exploiting the IBP and BTB, attackers could potentially break ASLR protections, exposing systems to a wide range of security threats. Experts recommend several mitigation strategies, including more aggressive use of Intel's IBPB (Indirect Branch Prediction Barrier) feature. However, the performance impact of this solution—up to 50% in some cases—makes it impractical for frequent domain transitions, such as those in browsers and sandboxes. In a statement for Tom's Hardware, Intel noted the following: "Intel reviewed the report submitted by academic researchers and determined previous mitigation guidance provided for issues such as IBRS, eIBRS and BHI are effective against this new research and no new mitigations or guidance is required."

HP Unveils New Spectre x360 Laptops, Peripherals and Series 5 Monitors

Today at CES 2024, HP Inc. ushered in a new era of computing with its latest portfolio of PCs, monitors, and peripherals designed to reimagine how we interact and live with technology.

"We believe that the best innovations are also the most personal ones," said Samuel Chang, Senior Vice President & Division President of Personal Systems Consumer Solutions, HP Inc. "New technologies from HP deliver solutions that allow us to be more personalized than ever, taking advantage of game-changing innovations like AI that will alter the way that technology moves us forward."

HP Unveils the HP Spectre Foldable Laptop, Starting at US$5,000

Today HP Inc. redefined versatility with the HP Spectre Foldable PC, a remarkable 3-in-1 device with a foldable screen that seamlessly integrates the best features of a laptop, tablet, and desktop for the ultimate hybrid experience.

"Consumers are demanding greater flexibility to connect, work, and play for their hybrid lives beyond what the traditional laptop can provide," said Jo Tan, Senior Vice President & Division President of Personal Systems Consumer Solutions, HP Inc. "We are excited to introduce the HP Spectre Foldable PC, designed to seamlessly adapt to the various ways you want to work with its unique, durable form factor that pushes the boundaries of design and technology."

HP Unveils the New HP Spectre Foldable PC

Today HP Inc. redefined versatility with the HP Spectre Foldable PC, a remarkable 3-in-1 device with a foldable screen that seamlessly integrates the best features of a laptop, tablet, and desktop for the ultimate hybrid experience. "Consumers are demanding greater flexibility to connect, work, and play for their hybrid lives beyond what the traditional laptop can provide," said Jo Tan, Senior Vice President & Division President of Personal Systems Consumer Solutions, HP Inc. "We are excited to introduce the HP Spectre Foldable PC, designed to seamlessly adapt to the various ways you want to work with its unique, durable form factor that pushes the boundaries of design and technology."

Designed for Tomorrow's Hybrid Flexibility
The Spectre Fold easily transitions between the three distinct form factors for a frictionless user experience. Effortlessly switch from a traditional laptop to a slim tablet with a continuous 17-inch screen, then to a powerful desktop with a sleek built-in kickstand. This is made possible with a foldable panel and integrated hinge, designed for durability and tested with the same requirements as traditional HP laptops.

Chinese Loongson 3D5000 Features 32 Cores and is 4x Faster Than the Average Arm Chip

Amid the push for technology independence, Chinese companies are pushing out more products to satisfy the need for the rapidly soaring demand for domestic data processing silicon. Today, we have information that Chinese Loongson has launched a 3D5000 CPU with as many as 32 cores. Utilizing chiplet technology, the 3D5000 represents a combination of two 16-core 3C5000 processors based on LA464 cores, based on LoongArch ISA that follows the combination of RISC and MIPS ISA design principles. The new chip features 64 MB of L3 cache, supports eight-channel DDR4-3200 ECC memory achieving 50 GB/s, and has five HyperTransport (HT) 3.0 interfaces. The TDP configuration of the chip is officially 300 Watts; however, normal operation is usually at around 150 Watts, with LA464 cores running at 2 GHz.

Scaling of the new chip goes beyond the chiplet, and pours over into system, as 3D5000 supports 2P and 4P configurations, where a single motherboard can become a system of up to 128 cores. To connect them, Loongson uses a 7A2000 bridge chip that is reportedly 400% faster than the previous solution, although we have no information about the last chip bridge. Based on the LGA-4129 package, the chip size is 75.4x58.5×6.5 mm. Regarding performance, Loongson compares it to the average Arm chip that goes into smartphones and claims that its designs are up to four times faster. In SPEC2006, performance reaches 425 points, while maintaining a single TeraFLOP at dual-precision 64-bit format. On the other hand, the processor was built for security, as the chip has a custom hardware-baked security to prevent Spectre and Meltdown, has an on-package Trusted Platform Module (TPM), and has a secret China-made security algorithm with an embedded custom security module that does encryption and decryption at 5 Gbps.

ÆPIC Leak is an Architectural CPU Bug Affecting 10th, 11th, and 12th Gen Intel Core Processors

The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ÆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors.
ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.

A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.

"Hertzbleed" Exploits Intel and AMD Boost Frequencies to Steal Crypto Keys

In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.

New Spectre Vulnerability Version Beats All Mitigations, Performance to Badly Degrade After the Fix

Researches from the University of Virginia and University of California San Diego have published their latest case study. The two universities have worked hard to discover a new Spectre vulnerability variant that can pass all of the existing Spectre mitigations and exploit all of the existing processors coming from Intel and AMD. The vulnerability exploits all of the existing x86 processors, and as it is new, there are not implementations of hardware mitigation. The whitepaper called "I see dead μops" takes the implementation of exploiting micro-op caches that could lead to a potential data leak in the processor, which is leading to a Spectre-type exploit.

Modern x86 processors break down complex instructions into smaller RISC-like units called micro-ops, in the frontend, where it makes the design of the backend part much simpler. The micro-ops are stored in the micro-ops cache. The paper is describing micro-op cache-based timing channel exploits in three primary settings: "a) across code regions within the same thread, but operating at different privilege levels, (b) across different co-located threads running simultaneously on different SMT contexts (logical cores) within the same physical core, and (c) two transient execution attack variants that leverage the micro-op cache to leak transiently accessed secrets, bypassing several existing hardware and software-based mitigations, including Intel's recommended LFENCE."

AMD Ryzen 5000 Series CPUs with Zen 3 Cores Could be Vulnerable to Spectre-Like Exploit

AMD Ryzen 5000 series of processors feature the new Zen 3 core design, which uses many techniques to deliver the best possible performance. One of those techniques is called Predictive Store Forwarding (PSF). According to AMD, "PSF is a hardware-based micro-architectural optimization designed to improve the performance of code execution by predicting dependencies between loads and stores." That means that PSF is another "prediction" feature put in a microprocessor that could be exploited. Just like Spectre, the feature could be exploited and it could result in a vulnerability in the new processors. Speculative execution has been a part of much bigger problems in CPU microarchitecture design, showing that each design choice has its flaws.

AMD's CPU architects have discovered that the software that relies upon isolation aka "sandboxing", is highly at risk. PSF predictions can sometimes miss, and it is exactly these applications that are at risk. It is reported that a mispredicted dependency between load and store can lead to a vulnerability similar to Spectre v4. So what a solution to it would be? You could simply turn it off and be safe. Phoronix conducted a suite of tests on Linux and concluded that turning the feature off is taking between half a percent to one percent hit, which is very low. You can see more of that testing here, and read AMD's whitepaper describing PSF.

CrossTalk is Another Intel-exclusive Security Vulnerability

Intel has had quite a lot of work trying to patch all vulnerabilities discovered in the past two years. Starting from Spectre and Meltdown which exploited speculative execution of the processor to execute malicious code. The entire process of speculative execution relies on the microarchitectural technique for adding more performance called speculative branch prediction. This technique predicts branch paths and prepared them for execution, so the processor spends less time figuring out where and how will instructions flow through the CPU. So far, lots of these bugs have been ironed out with software, but a lot of older CPUs are vulnerable.

However, an attacker has always thought about doing malicious code execution on a CPU core shared with the victim, and never on multiple cores. This is where the new CrossTalk vulnerability comes in. Dubbed Special Register Buffer Data Sampling (SRBDS) by Intel, it is labeled as CVE-2020-0543 in the vulnerability identifier system. The CrossTalk is bypassing all intra-core patches against Spectre and Meltdown so it can attack any CPU core on the processor. It enables attacker-controlled code execution on one CPU core to leak sensitive data from victim software executing on a different core. This technique is quite dangerous for users of shared systems like in the cloud. Often, one instance is shared across multiple customers and until now they were safe from each other. The vulnerability uses Intel's SGX security enclave against the processor so it can be executed. To read about CrossTalk in detail, please visit the page here.
Intel Meltdown and Spectre

Arm CPUs Impacted by Straight-Line Speculation (SLS) Vulnerability

When Spectre and Meltdown were discovered, the whole industry got on its legs and started to question CPU security more seriously. There are a plethora of attacks that exploit the CPU function called branch prediction, which predicts paths of code execution so it can ready them and execute them faster. This approach is one part of the microarchitectural techniques used to add performance to the CPU design. However, nothing comes without a cost. Despite adding more performance, the branch prediction had taken a toll on the security of CPUs, making them vulnerable to side-channel attacks. Spectre and Meltdown where both discovered in 2018 and they impact millions of CPUs around the world.

Today, a new side-channel vulnerability was discovered, and on Arm CPUs. Called the Straight-Line Speculation (SLS), the speculation bug is haunting all of Arm Armv-A based processors. This represents a wide range of devices being powered by these CPUs, so Arm is taking action to prevent it. The way SLS works is that whenever there is a change in instruction flow, the CPU just starts processing instructions found linearly in memory, instead of changing the path of flow. This action is resulting in a new SLS vulnerability marked as CVE-2020-13844. The vulnerability was discovered by Google SafeSide project last year and they have reported it to Arm. In the meantime, Arm was working on a fix and they already send them upstream to important operating systems and firmware suppliers so it can be resolved. Arm says that the chances of this attack are low, however, they can not be dismissed.
Arm CPU

Intel's STORM Presents SAPM Paper on Hardware-Based Protection Against Side-Channel Execution Flaws

Intel's STrategic Offensive Research & Mitigations (STORM) department, which the company set up back in 2017 when it learned of side-channel attack vulnerabilities in its CPUs, have penned a paper detailing a proposed solution to the problem. Intel's offensive security research team counts with around 60 workers who focus on proactive security testing and in-depth investigations. Of that group, STORM is a subset of around 12 individuals who specifically work on prototyping exploits to show their practical impact. The solution proposed by this group is essentially a new memory-based hardware fix, going by the name of SAPM (Speculative-Access Protected Memory). The new solution would implement a resistant hardware fix in the CPU's memory that essentially includes blocks for known speculative-access hacks, such as the ones that hit Intel CPUs hard such as Meltdown, Foreshadow, MDS, SpectreRSB and Spoiler.

For now, the proposed solution is only at a "theory and possible implementation options" level. It will take a long time for it to find its way inside working Intel CPUs - if it ever does, really, since for now, it's just a speculative solution. A multitude of tests have to be done in order for its implementation to be approved and finally etched into good old silicon. Intel's STORM says that the SAPM approach would carry a performance hit; however, the group also calculates it to be "potentially lesser" than the current impact of all released software mitigations. Since the solution doesn't address every discovered side-channel attack specifically, but addresses the type of back-end operations that concern these attacks, the team is confident this solution would harden Intel CPUs against (most of) both known and not-yet-known speculative execution hacks.

AMD Zen 2 has Hardware Mitigation for Spectre V4

AMD in its technical brief revealed that its Zen 2 microarchitecture has hardware mitigation against the Spectre V4 speculative store bypass vulnerability. The current generation "Zen" and "Zen+" microarchitectures have OS-level mitigation. A hardware mitigation typically has less of a performance overhead than a software mitigation deployed at the OS or firmware level. In addition, just like older generations of "Zen," the new "Zen 2" microarchitecture is inherently immune to Meltdown, Foreshadow, Spectre V3a, Lazy FPU, Spoiler, and the recently discovered MDS vulnerability. In comparison, the 9th generation Core "Coffee Lake Refresh" processors still rely on software or microcode-level mitigation for Spectre V4, Spectre V3a, MDS, and RIDL.

Intel Releases ModernFW as Open Source, minimal Firmware Replacement

Today Intel announced ModernFW - an experimental approach to building a minimum viable platform firmware for machines such as cloud server platforms. The reason for this software is that, while traditional PC Firmware has evolved over time and retained its backward compatibility, it has become very big and often inefficient.

So to meet the requirements of new platforms that need to be built quickly and adapted easily, Intel decided to offer a new software package that will help with that. The new firmware package targets x86_64 from ISA standpoint and Linux kernel based OSes.

Intel to Refresh its LGA2066 HEDT Platform This Summer?

Intel is rumored to refresh its high-end desktop (HEDT) platforms this Summer with new products based on the "Cascade Lake" microarchitecture. Intel now has two HEDT platforms, LGA2066 and LGA3647. The new "Cascade Lake-X" silicon will target the LGA2066 platform, and could see the light of the day by June, on the sidelines of Computex 2019. A higher core-count model with 6-channel memory, will be launched for the LGA3647 socket as early as April. So if you've very recently fronted $3,000 on a Xeon W-3175X, here's a bucket of remorse. Both chips will be built on existing 14 nm process, and will bring innovations such as Optane Persistent Memory support, Intel Deep Learning Boost (DLBOOST) extensions with VNNI instruction-set, and hardware mitigation against more variants of "Meltdown" and "Spectre."

Elsewhere in the industry, and sticking with Intel, we've known since November 2018 of the existence of "Comet Lake," which is a 10-core silicon for the LGA1151 platform, and which is yet another "Skylake" derivative built on existing 14 nm process. This chip is real, and will be Intel's last line of defense against AMD's first 7 nm "Zen 2" socket AM4 processors, with core-counts of 12-16.

Windows 10 1H-2019 Update to Reduce Performance Impact of Spectre V2 Mitigations

Microsoft is working to reduce the performance impact of "Spectre" V2 security vulnerability software mitigation with its next major update to Windows 10. The major update that's scheduled for the first half of 2019, will feature the "Retpoline" mitigation enabled on the operating system's kernel by default. Retpoline will be enabled in addition something Microsoft's OS kernel developer Mehmet Iyigun calls "import optimization." Together, the two reduce the impact of Spectre V2 software mitigation to "noise-level" (i.e. that which can be discounted for random variation, or minimal).

MIT Researches Find a New Way to Fix Spectre and Meltdown, Isolation Is Key

The Meltdown and Spectre vulnerabilities have been a real nightmare throughout this year. Those affected were quick (maybe too much) to mitigate the problems with different solutions, but months later even the most recent Intel chips aren't completely safe. Hardware fixes only work for certain Meltdown variants, while the rest are still mitigated with firmware and OS updates that have certain impact on performance.

Intel will have to redesign certain features on their future processors to finally forget Meltdown and Spectre, but meanwhile others have jumped to give some options. MIT researchers have developed a way to partition and isolate memory caches with 'protection domains'. Unlike Intel's Cache Allocation Technology (CAT), MIT's technology, called DAWG (Dynamically Allocated Way Guard) disallows hits across those protection domains. This is important, because attackers targeting this vulnerabilities take advantage of 'cache timing attacks' and can get access to sensible, private data.

Intel Fixes Spectre & Meltdown on New Desktop Processors, Core-X Will Have to Wait

The new 9th generation Intel Core processors arrived yesterday with a series of improvements made to entice gamers and content creators. These improvements, however, join others that go beyond pure performance. Intel has introduced several architectural changes to fix the infamous Spectre & Meltdown vulnerabilities, and the new processors mitigate most of the variants of these attacks through a combination of hardware, firmware and OS fixes.

The big changes come to two of the six variants of those vulnerabilities. In both "Rogue Data Cache Load" (Meltdown, variant 3) and "L1 Terminal Fault" (Meltdown, Variant 5) vulnerabilities these new processors have hardware fixes that are new and not present on the rest of the current portfolio of Intel chips. This includes the new Xeon W-3175X (Core-X Skylake-X Refresh), which still depend on firmware fixes to mitigate those problems.

Intel Explains Key Difference Between "Coffee Lake" and "Whiskey Lake"

Intel "Whiskey Lake" CPU microarchitecture recently made its debut with "Whiskey Lake-U," an SoC designed for Ultrabooks and 2-in-1 laptops. Since it's the 4th refinement of Intel's 2015 "Skylake" architecture, we wondered what set a "Whiskey Lake" core apart from "Coffee Lake." Silicon fabrication node seemed like the first place to start, with rumors of a "14 nm+++" node for this architecture, which should help it feed up to 8 cores better in a compact LGA115x MSDT environment. Turns out, the process hasn't changed, and that "Whiskey Lake" is being built on the same 14 nm++ node as "Coffee Lake."

In a statement to AnandTech, Intel explained that the key difference between "Whiskey Lake" and "Coffee Lake" is silicon-level hardening against "Meltdown" variants 3 and 5. This isn't just a software-level mitigation part of the microcode, but a hardware fix that reduces the performance impact of the mitigation, compared to a software fix implemented via patched microcode. "Cascade Lake" will pack the most important hardware-level fixes, including "Spectre" variant 2 (aka branch target injection). Software-level fixes reduce performance by 3-10 percent, but a hardware-level fix is expected to impact performance "a lot less."

Intel Updates Microcode License Deleting "No-Benchmarks" Clause

A huge controversy erupted earlier this week as the license governing Intel's latest CPU microcode updates redistribution inserted a legally-binding clause that gagged its customers from publishing benchmarks or comparative testing that showed the performance impact of microcode updates that mitigate security vulnerabilities in Intel processors. Intel has since started reaching out to media sites. "We are updating the license now to address this and will have a new version available soon. As an active member of the open source community, we continue to welcome all feedback," the opening remarks from the Intel spokesperson read. Not long after, Intel updated the license terms to have just three conditions:
Redistribution and use in binary form, without modification, are permitted, provided that the following conditions are met:
  • Redistributions must reproduce the above copyright notice and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Intel Corporation nor the names of its suppliers may be used to endorse or promote products derived from this software without specific prior written permission.
  • No reverse engineering, decompilation, or disassembly of this software is permitted.
"Binary form" includes any format that is commonly used for electronic conveyance that is a reversible, bit-exact translation of binary representation to ASCII or ISO text, for example "uuencode."

Insidious New "NetSpectre" Vulnerability Can Be Exploited Over Network

The "Spectre" family of vulnerability, an exploitation of the speculative execution features of modern processors (mostly Intel), was scary enough. Up until now, running malware that implements Spectre needed one to run the program on a local machine. Running it remotely was limited to well-crafted JavaScript executed on the victim's machine, or cloud hosts made to process infected files. This is about to change. Security researchers from Graz University of Technology, including one of the discoverers of the "Meltdown" vulnerability, Daniel Gruss; have discovered NetSpectre, a fully network-based exploit that can let attackers read the memory of a remote machine without executing any program on that machine.

NetSpectre works by deriving bits and bytes from the memory based on measurements of the time the processor to succeed or recover from failure in speculative execution. As a processor is executing code, it speculates what the next instruction or data is, and stores their outcomes beforehand. A successful "guess" is rewarded with tangible performance benefits, while an unsuccessful guess is penalized with having to repeat the step. By measuring the precise time it takes for the processor to perform either (respond to success or failure in speculative execution), the contents of the memory can be inferred.

Custom BIOSes Harden Intel X58 Motherboards Against Meltdown and Spectre

Legendary soft-modder Regeneration released a vast collection of motherboard BIOS updates for socket LGA1366 motherboards based on Intel X58 Express chipset, because motherboard manufacturers have abandoned the 10-year old platform (yeah, it's been a decade since "Nehalem"!). The BIOSes have been made by transplanting the latest micro-code updates by Intel, which run all the way back to the 1st generation Core micro-architecture.

These are unofficial BIOSes which you use at your own risk, but they've been made by a person with more than two decades of fanfare in the PC enthusiast community, famous for unofficial, performance-enhancing NGO VGA drivers from his now defunct blog NGOHQ.com. Find the links to the BIOS of your X58 motherboard in this thread on TechPowerUp Forums (hosted externally).

Intel Z370 Chipset Motherboards Get 8-core CPU Compatibility BIOS Updates

A variety of motherboards based on Intel Z370 Express chipset began receiving the first BIOS updates that add compatibility with upcoming Intel 8-core processors. The updates are flagged "beta" by the manufacturers. Given that only Z370 (and not other 300-series chipset models) have such updates, it's possible that Intel could restrict the first socket LGA1151 8-core processor SKUs (which could be unlocked "K" variants with higher TDP) to Z370 chipset, as the chipset has stronger VRM requirements than other chipset models that don't support CPU overclocking.

To support the upcoming processors, the BIOS needs to include the latest 06EC microcode revision. Various motherboard manufacturers, such as ASUS, ASRock, and MSI, have released beta BIOS updates with this microcode, as confirmed in AMI Aptio inspection tool screenshots. The 06EC microcode, detailed in this slide-deck from Intel, hardens the machine against newer variants of the "Spectre" vulnerability. Older revisions of this document also mentioned support for Intel Core "9000 series" processors, before Intel scampered to redact it.

New "Spectre" Variant Hits Intel CPUs, Company Promises Quarterly Microcode Updates

A new variant of the "Spectre" CPU vulnerability was discovered affecting Intel processors, by security researchers Vladimir Kiriansky and Carl Waldspurger, who are eligible to bag a USD $100,000 bounty by Intel, inviting researchers to sniff out vulnerabilities from its processors. This discovery, chronicled under CVE-2018-3693, is among 12 new CVEs Intel will publish later this week. The company is also expected to announce quarterly CPU microcode updates to allay fears of its enterprise customers.

The new vulnerability, like most other "Spectre" variants, targets the speculative execution engine of the processor, in a bounds-check bypass store attack. A malicious program already running on the affected machine can alter function pointers and return addresses in the speculative execution engine, thereby redirecting the flow of data out of protected memory address-spaces, making it visible to malware. This data could be anything, including cryptographic keys, passwords, and other sensitive information, according to "The Register." Intel chronicled this vulnerability in section 2.2.1 of its revised speculative execution side-channel attacks whitepaper. You can also catch a more detailed whitepaper from the researchers themselves.

Intel Releases "Spectre" Hardening Microcode Updates for "Ivy Bridge" thru "Westmere" Architectures

Intel today released the latest round of CPU micro-code updates for its processors, which expand support for Intel processor microarchitectures ranging all the way back to 1st generation Core "Westmere," and "Lynnfield," and including "Sandy Bridge" and "Ivy Bridge" along the way, at various stages of roll-out (beta, pre-production, and production). This update probably features hardening against "Spectre" variant 4, and perhaps even RSRR (rogue system register read) variant 3A, chronicled in CVE-2018-3640.
Return to Keyword Browsing
Dec 18th, 2024 05:36 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts