More Intel CPU Speculative Bugs

Official website: https://mdsattacks.com/

News story:

Two attacks dubbed RIDL and Fallout exploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say.

An attacker running unprivileged code on a vulnerable machine could use MDS security flaws to extract information from the operating system kernel, processes, the Software Guard eXtensions (SGX) enclave, and CPU-internal operations.

Both RIDL and Fallout can be used in real-life scenarios where an adversary can point the victim to a webpage with malicious JavaScript to steal sensitive information on the system, like passwords and cryptographic keys.

The researchers say that only Intel CPUs are affected.

Fallout also impacts all modern Intel processors, including those of the 9th generation, which include in-silicon mitigations for Meltdown.
This protection, however, "makes them more vulnerable to Fallout, compared to older generation hardware," say the developers of the attack.


I am buying an FPGA, and rocking homebrew 8bit CPU

5 Likes

Lmao this makes me giggle their entire frame work is just pandoras box waiting to be fully opened

1 Like

Speculative Execution was a mistake? :wink:

We should’ve stick with Z80 or 6502.

2 Likes

Speculative execution was a mistake absolutely. The performance benefits do not out weight the consequences of being wrong. Not to mention it wastes useless extra power when wrong

well it saves much more when it’s correct, and it’s stupid good at being correct.

Hence why in their vid they needed 24 hours to get /etc/shadow

that said, the security risks are fucking insane lol

2 Likes

2 Likes

I wonder if it would be possible to get an FPGA board with a PCIe slot and stick another FPGA in there.
Then one could emulate CPU and GPU.

Yes, there PCI boards with FPGAs.

only as co-processor for non-custom MBs.

yeah.

thats a long list of products who get microcode updates and not so many products without microcode update.

BUT THE CLOCKS AND THE FPS BROOOO

intel intensifies™

1 Like

Maybe something power9 based then?
Shame the Xilinx Alveo U250 costs $14000

1 Like

they too use speculative execution, but they do have less bugs than intal afaik :wink:

just straight arm at this point.

arm is vulnerable to SE based bugs too.

1 Like

okay, after your os is done you gotta do cpus.

1 Like

An 8086 isn’t.
I wonder how many of those can be made to work together…

might as well go with RISC-V implementation without SE.

2 Likes

I will do and then port my OS on it :wink:

1 Like

Apparently the fix is to disable a major feature

3 Likes

why did I buy the Xeon then? The only reason was 4C8T. Should I go back to my 4C4T i5? :joy:

cries in Sandy Bridge

1 Like

im asking a friend of mine who works in a hosting company how much fuck that is causing. when the last two dropped and intel fucked up their own patch rhel got a good patch going, im interested in the wild west of patches will go on in the next couple days.

DevOps intensifies

3 Likes