'

Three new Speculative Execution Side Channel Attacks found on Intel processors

AMD's processors are reportedly unaffected

Three new Speculative Execution Side Channel Attacks found on Intel processors

Three new Speculative Execution Side Channel Attacks found on Intel processors

Three new Spectre/Meltdown-like Speculative Execution faults have been found in Intel processors, opening them up to potential side channel attacks. These attacks are defined by the CVE numbers CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646 and make up a new vulnerability category known as L1 Terminal Fault (L1TF) and Foreshadow. 

To simplify things, these faults allow attackers to read the information on a processor's L1 cache, a small pool of memory that is only accessible by the processing core (and its associated threads for SMT enabled CPUs). Accessing this normally restricted information can allow attackers to potentially steal information such as passwords and encryption keys, with the scary thing being that this attack can be conducted from one virtual machine to another within a virtualised server environment. 

Thankfully, these issues can be addressed by a combination of firmware, software and Hypervisor updates, with Microsoft reporting that their software updates have a negligible" performance impact in a blog post called "Hyper-V HyperClear Mitigation for L1 Terminal Fault", which goes into a lot of detail regarding Microsoft's fixes and other potential mitigations. 

AMD has released a statement which states that the company believes that their "processors are not susceptible to the new speculative execution attack variants called Foreshadow or Foreshadow-NG due to our hardware paging architecture protections". AMD also recommends that their datacenter users do not implement Foreshadow-related mitigations on their platforms. 

The best way to avoid these new speculative execution vulnerabilities to make sure that your system's OS and firmware are up to date, though the primary risks of these speculative execution attacks are to users of virtualisation. Below is a video from Intel that explains Foreshadow and potential mitigations.  




L1TF adds three new vulnerabilities to a growing list of Speculative Execution attacks, many of which are exclusive to Intel processors. Thankfully, no known malware uses speculative execution-style attacks, as there are much easier ways to hack systems. The L1 cache inside most modern processors is tiny, making it extremely difficult for attackers to get data of any value or quantity. Stealing data Kilobytes at a time is a slow process. 

You can join the discussion on Intel's latest Speculative Execution faults on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

14-08-2018, 18:28:17

Dicehunter
Think next year I'm switching over to AMD's 3700X or whatever their top end AM4 chip is called, The amount of performance sucking problems Intel seems to have lately is beyond a joke.Quote

14-08-2018, 18:30:43

g0ggles1994
Just when you thought all of Intel CPU vulnerabilities were found..


https://i.imgur.com/KYrrHop.pngQuote

14-08-2018, 18:38:49

Dark NighT
Quote:
Originally Posted by Dicehunter View Post
Think next year I'm switching over to AMD's 3700X or whatever their top end AM4 chip is called, The amount of performance sucking problems Intel seems to have lately is beyond a joke.

This is why i'm not updating my X99 motherboard, its super stable with a nice 1.2v on a 4ghz 6800k, i don't want it changing because of a security update that may or may not have an impact on how the overclock handles and for what, a security thing that most hackers dont care about if its a single system.Quote

14-08-2018, 19:19:32

Dawelio
Quote:
Originally Posted by Dicehunter View Post
Think next year I'm switching over to AMD's 3700X or whatever their top end AM4 chip is called, The amount of performance sucking problems Intel seems to have lately is beyond a joke.
Quote:
Originally Posted by g0ggles1994 View Post
Just when you thought all of Intel CPU vulnerabilities were found..


https://i.imgur.com/KYrrHop.png
And yet people on here gave me crap for going on Intel when the previous vulnerbilites were found...Quote

14-08-2018, 19:44:32

FTLN
I reckon 0.001% of forum members here are at risk of getting hacked (on there home PC's) by any of these vulnerabilities. Microsoft and Intel should have left the microcode updates optional for the average Joe and only forced the updates on the pro range of processors (Xeon, vPro etc).Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.