2019-05-15

Xiaomist Inc.

Did you buy the processor after 2011? You probably have a problem. A huge gap in Intel s systems

hole-in-processors-Intel

Intel does not have a very good run. The group of computer security experts found four further security gaps in the company's processors.

Four new gaps were discovered last year. However, only now has Intel decided to disclose their full documentation. Their CVE designations and working names are as follows:

  • CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - ZombieLoad
  • CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS) - Fallout
  • CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS) - Store-to-Leak Forwarding
  • CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS) - RIDL (Rogue In-Flight Data Load)

New gaps in Intel processors - what do they allow?

https://www.youtube.com/watch?v=ewe3-mUku94

The above cases are slightly different from Meltdown and Specter vulnerabilities, which allowed unauthorized reading of information from the CPU cache. New bugs allow you to perform attacks on processor buffers and on a Microarchitectural Data Sampling (MDS) attack.

The latter method can be used to extract selected information, for example through a properly prepared website, which without our knowledge may, for example, extract information about our passwords from the computer. Theoretically, this should work on all Intel Core processors manufactured before 2018. If any of you have an Intel Core 8th generation or newer processor, you can sleep well. Servers equipped with Xeon Cascade Lake also remain secure.

Intel promises that it will solve this problem soon

The solution will of course be the release of new BIOS versions with the update of microcodes in the processors. Updates for operating systems and software will also come to that. Unfortunately, as a result of these activities, the performance of the processors will be slightly lower. In internal tests carried out by Intel, this drop was about 3 percent.

It is possible, however, that an additional drop in power will be caused by disabling the Hyper-Threading function - the manufacturer is currently considering putting this scenario into effect. It will not be an easy decision - the greater the decrease in performance, the more dissatisfied customers who will start to think about the choice of equipment from the competition. AMD has already issued an official statement, in which it states that their processors are not prone to any of the above-mentioned threats.



Did you buy the processor after 2011? You probably have a problem. A huge gap in Intel's systems

No comments:

Post a Comment