'

Intel reveals four new Microarchitectural vulnerabilities that impact Hyper-Threading

One of Intel's proposed solutions is to turn HT off!

Intel reveals four new Microarchitectural vulnerabilities that impact Hyper-Threading

Intel reveals four new Microarchitectural vulnerabilities that impact Hyper-Threading

Intel has revealed a collection of four new speculative execution vulnerabilities that specifically target the company's processors, affecting the bulk of the company's CPUs. 

While a selection of 8th Generation and 9th Generation processors are safe from the exploit, the majority of Intel CPUs from 2011 or later are impacted, affecting millions of consumer PCs and servers. 

The name of this new collection of exploits is "Microarchitectural Data Sampling" (MDS), with the flaw being discovered by Intel alongside several independent groups. These exploits target Intel's data buffers, coming with titles such as ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. 

Intel hopes to address these issues with future OS updates and microcode mitigations, though it is worth noting that many of their latest processors already contain hardware level fixes for these issues. Sadly these fixes are likely to come at a performance cost. 
  
 

    Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today.

We've provided more information on our website and continue to encourage everyone to keep their systems up to date, as it's one of the best ways to stay protected. We'd like to extend our thanks to the researchers who worked with us and our industry partners for their contributions to the coordinated disclosure of these issues.

Intel reveals four new Microarchitectural vulnerabilities that impact Hyper-Threading

To address these new vulnerabilities, OS makers need to make significant changes to how Hyperthreading functions, giving each thread an extra layer of isolation when programs with different security domains are running. Simply put, these exploits can allow one thread to peak at what the other is doing, and while observable data will, for the most part, be useless it is nonetheless a big concern for cloud systems with multiple VMs or other high-security environments.  

Intel proposes a solution called Group Scheduling, which will prevent processes from a separate trust domain from running on the same thread. The downside here is that this will undoubtedly prevent full thread utilisation within systems, reducing performance levels. If several programs don't trust one another it is likely that there will be threads that sit at idle, impacting load balancing and performance. 

Another solution from Intel is to simply turn off hyperthreading, which will prevent attackers from inferring data through MDS. This is a surefire mitigation for affected systems, but undoubtedly one that will impact system performance.   
  
Intel reveals four new Microarchitectural vulnerabilities that impact Hyper-Threading   

Fixing these speculative execution issues isn't an easy process and there is no doubt that more vulnerabilities will be discovered over the next few years. It will likely take several years for Intel to fully address the risk of Speculative Execution attacks within their processors, and even then there is always the possibility that another exploit is waiting to be discovered.

More information about this new MDS class of vulnerabilities is available on Intel's website. An in-depth explanation of the issue is available at Red Hat Videos

AMD and ARM processors are unaffected by these MDA-class vulnerabilities. 

You can join the discussion on Intel's Microarchitectural Data Sampling vulnerabilities on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

14-05-2019, 16:31:10

dazbobaby
And Intel again give AMD more momentum, and no doubt still don't drop the prices of their CPU's.


Someone give intel a gun and just let them finish themselves off.Quote

14-05-2019, 17:58:04

NeverBackDown
ChromeOS has actually already pushed an update that disabled HT automatically. Good on Google for being so quick.Quote

14-05-2019, 18:15:27

Dawelio
Is it just me or is there no reason to be worried about all of these vulnerabilities that are discovered on Intel CPUS? Considering that the majority of users on this forum are on Intels platforms (I assume atleast?)...
Would it maybe be better off going with 3rd gen Ryzen when it launches or is there not really any reason to panic regarding all of this? As again, considering that the majority of PC in the world is on an Intel plarform.Quote

15-05-2019, 04:52:59

demonking
Who cares about security, price or upgradability right? So long as you get 4 frames a second more on a game and your synthetic benchmarks show your the fastest.
If apple and Microsoft decide that ht needs to be disabled Intel had better hold on, I don't know if this roller-coaster has restraints, it certainly has bodged the other security checks.
AMD ceos must be having a party right nowQuote

15-05-2019, 05:27:58

robbiec
Would love it if someone researched performance showing total IPC loss of these vulnerability fixes and then retested CPU's like for like over the past decade. Bulldozer may even grab a couple of wins (posthumously )Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.