Three new critical security design flaws have been discovered in all Intel CPUs since 2011. Newer processors are even more vulnerable than older ones. AMD and ARM processors are not affected, according to the researchers.
1. ZombieLoad allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments. 2. RIDL allows unprivileged code (such as in a shared cloud environment or JavaScript on a browser) to steal data from other programs across any security boundary: other applications, the kernel, other VMs (e.g. in the cloud), or even secure (SGX) enclaves. 3. Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer. Ironically, the recent hardware countermeasures introduced by Intel in recent Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware.
They all were simultaneously discovered by many independent researchers and teams all over the globe, so it's likely bad actors have known about them for some time too.
Intel says the mitigations would decrease performance by 3-9%.
Cooper Evans
1. They are not bugs. They are 'features' to allow security agencies unrestricted access.
2. None of these exploits are in the wild. Chances of anyone being affected is 0.1%
3. It is perfect strategy to release this sort of information because it drives revenue - so all the fat /g incel slobs upgrade their 3k super gaymig rigs cause 'muh security'.
4. /thread
Caleb Parker
I don't think this is a good strategy for Intel since Zen 2 is being released soon, and these news just show that Intel CPUs have terrible security. I mean, even their recent hardware mitigations against Meltdown were actually counterproductive. Who could trust Intel at this point?
Jose Young
>Security flaws draws revenue Are you fucking retarded? Don't you think people will just switch out of intel because of their nth security flaw?
Cameron Perry
enterprise customers already are >None of these exploits are in the wild. Chances of anyone being affected is 0.1% Yet, if you think malware ransomware and actual hackers are not looking to exploit a flaw found on 90% hardware you must be more retarded than intel
Angel Diaz
The sort of retarded post you'd expect from a retarded faggot who /thread's their own post. Kill yourself.
Intel has released (performance-degrading) microcode updates but, as always, motherboard vendors are required to ship them. Since every chipset since 2011 is affected, it's unlikely most of them will receive patches.
>Google has disabled Intel hyperthreading on ChromeOS THIS CAN'T BE HAPPENING
Hudson Perez
>Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family.
Not an issue at all with modern Intel CPUs, but if you use Sandy Cuck you get what you deserve
Julian Taylor
My chip is Coffee Lake, will I be fine?
Evan Kelly
How is it addressed at hardware level if the researchers say that 9th generation processors are more vulnerable?
Kayden Howard
Researchers are retarded, it's already fixed since Coffee Lake
Christian Rivera
Lol, of course not
Ian Adams
>Not an issue at all with modern Intel CPUs >anything more than 1 year old is not modern
You literally have no concept of reality if you think corporations business or consumers run out and buy a new PC every two years
Matthew Wright
mdsattacks.com/ Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
They are looking for exploits but spectre and similar are not the ones they are looking for or would find useful The vast majority of these exploits are very hard to leverage outside of pre-planned demos or labs
Liam Hughes
intoddlers
BTFO T F O
Liam Gonzalez
>tfw CPU from 2010
Luke Walker
TFW your exploits are higher than your framerates
Connor Turner
My only defense is that I'm irrelevant.
Julian Garcia
kek
Nathaniel Carter
Fake news. That's not the Intel site.
Elijah Parker
>Intel says the mitigations would decrease performance by 3-9%. oof
Tyler Evans
In a Dutch article (nos.nl/artikel/2284630-nederlanders-vinden-beveiligingslekken-in-intel-chips.html), one of the researchers says "het aantal mensen bij bedrijven als Intel die zich op dit niveau met beveiliging bezighoudt, is echt op de vingers van twee handen te tellen." = "There are fewer than 10 people working on security at this level at Intel."
Aaron Flores
>so all the fat /g incel slobs upgrade their 3k super gaymig rigs cause 'muh security'. or just buy a 1k ryzen rig like an enlightened individual
>Intel has released (performance-degrading) microcode updates but, as always, motherboard vendors are required to ship them. Since every chipset since 2011 is affected, it's unlikely most of them will receive patches. I've been using updated microcode for a week or so, but haven't noticed any performance regression. But I've only tested it with Cinebench after update (got the same 2.1k points on Broadwell). Maybe it's affecting something more specific tho.
Christian Robinson
Any other normal company would've crashed and burned by now. How they manage to keep going.
James Mitchell
How have you been using it for a week if Intel released it today?
Jayden Wood
>1. They are not bugs. They are 'features' this is true but to allow better yields
Justin Gomez
Excellent another 20% performance drop incoming.
Jacob James
top kek >The use of Symmetric Multi-Threading (SMT) – also known as Hyper-Threading – further complicates these issues since these buffers are shared between sibling Hyper-Threads.
So can we safely say Intel >Best day-one performance AMD >Best long-term performance
Isaiah Foster
I'm disheartened by the number of comments here who are taking the stance that Intel has idiot designers or that management doesn't care about security. These attacks are very clever and unexpected, nobody could have predicted this. Intel still the dominant and most trusted industry player and will remain so in the future.
Cooper Jackson
>all the denial itt by the intcels kys yourselves cringe and buyer's remorse
Jaxon Sanchez
Some were released 10 days ago (according to PDF they are the ones that fix the bugs). I was modding bios back then, so I've included updated MC as well.
Logan Gray
>Google has disabled Intel hyperthreading on ChromeOS: Oh shit I love google now
Levi Peterson
>(More is better)
Isaac Myers
I haven’t heard about AMD having this many problems with their CPUs. Fucking Kek
Levi Gomez
To all i9-9900K users: Hahahahaha yeah, fuck you baby!
maybe this is why intel hasn't released their new 10nm chips. they had to go back to the drawing board?
Nolan Harris
Intel will prevail in the end just as it always happened.
Cooper Nelson
you know what fuck you, you do this every time i have posted it, with a different new spin
Isaiah Adams
OS vendors also add them cuck
Isaac Thomas
sudo pacman -Sy intel-ucode
Christian Gray
Not a chance. Dumb normies and gaymers will continue buying Intel chips and not even know these vulnerabilities exist. At worst they'll just remove Hyperthreading from future Xeons.
Jackson Young
A.k.a. Intel recommends nobody buy a 9900K.
No way. They're fucked this time. Data centers are going to immediately lose up to 30% of their performance because they have to disable hyperthreading on anything that client code runs on. That's a big enough performance loss to start refreshing with EPYC.
Julian Foster
This has always been the case, Current gen Intel with all patches is now most certainly slower than AMD FX bulldozer
Liam Peterson
Except AMD and ARM who are not affected.
Juan Gonzalez
>At worst they'll just remove Hyperthreading from future Xeons. I don't think you have articulated the magnitude of that event even as a hypothetical.
Isaiah Johnson
Yeah boi
Except the Spectre/Meltdown microcode update fucked our CPUs up the worst in terms of performance.
Michael Green
These are extremely complex exploits that are even more limited thanks to mitigation that slow down the process of finding useful data from memory. In a world where people will run any .exe file they find online something like this will only be used against specific targets who are too dumb to protect themselves from these attacks. Make no mistake this is deadly for Intel corporate clients and will bleed this company even further but the majority of end users shouldn't be too concerned about this
Connor Thompson
>security flaws draw more revenue >implying muh gaymen matters in terms of sales over the enterprise market Are you fucking clinically brain dead? Look at Intel vs AMD sales in the server market. Even if every single gaymen on /v/ updated to an i9 that wouldn't begin to recoup the losses Intel is suffering due to the 6th millionth security flaw this week.
Liam Clark
not everything is conspiracy, you Jow Forumstard
Jeremiah Jenkins
>when you have a ryzen 3 >same number of threads as a 9700k >no security flaws tho
Hope your vindication isnt fleeting
Austin Gray
I bought it right after it launched because I needed a new PC at the time. I'd have rather had a Ryzen 3 but it wasn't possible.
It's like every 1-3 months there are new vulns, isn't it?
I've pointed out that this comes up like clockwork and I get called a lying shill for it. Whereas the real shills promise there will be no new vulns.
Kayden Gutierrez
How many intel vulnerabilities are there?
Sebastian Wright
Intel needs to rework their entire arch instead of just patching more things onto a pentium pro
Luis Barnes
They are but that shit takes 3-5 years.
It's going to be funny if AMD has patents for certain security features, though. Part of Intel's many security issues seems to be that they evaded IBM's SMT patents for their inferior hyperthreading.
Samuel Ortiz
Too many to count really
Carter Young
>nobody could have predicted this Well this certainly started happening because their cpus predicted lots of things
Lincoln Smith
rekt
Adrian Brown
who names this things
either way, another month another vuln, I'm pretty sure you can average 1 vuln per month since meltdown now
Kayden Fisher
>It's like every 1-3 months >I've pointed out that this comes up like clockwork A period of time that has a length three times longer than its minimum isn't "like clockwork" unless you're using something else to gauge it.