Article Intel Recommends Disabling Hyper-Threading as it Reveals New Spectre Attack

Toggle sidebar Toggle sidebar
jankerson

jankerson

Judicious
BANNED
Sep 10, 2006
7,884
140
35,640
jeremyj_83 said:
Not unless you have a Whiskey Lake CPU, which is only on laptops, Atom, or Knights Landing based CPUs.
Click to expand...

Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
 
jeremyj_83

jeremyj_83

Glorious
Aug 23, 2017
5,303
1,849
44,440
jankerson said:
Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
Click to expand...
Affected Processors

Virtually all of Intel’s chips starting with the Nehalem architecture (launched in 2008, 11 years ago) and newer, with the exception of the Whiskey Lake (ULT refresh), Whiskey Lake (desktop), as well as the Atom and Knights architectures, are affected by the MDS vulnerabilities.

Coffee Lake and Coffee Lake R are NOT in those lines. Whiskey Lake is an 8th & 9th gen CPU same as Coffee Lake and Coffee Lake R. This is where things are confusing as Intel decided to have things based on different cores all in the same generation line.
 
J

JimJamJamie

May 14, 2019
3
1
15
There's an error in the article:
The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
Click to expand...


From https://mdsattacks.com/
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Click to expand...
 
gggplaya

gggplaya

Splendid
Jan 27, 2011
2,767
466
28,890
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
 
  • Like
Reactions: alextheblue
jeremyj_83

jeremyj_83

Glorious
Aug 23, 2017
5,303
1,849
44,440
gggplaya said:
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
Click to expand...
While someone could put malicious code on your computer that would follow through with this vulnerability, an individual is far less likely to be affected than AWS, Azure, etc... For your cloud providers you now have to double your hosts since your vCPUs are cut in half.
 
  • Like
Reactions: TJ Hooker
J

JimJamJamie

May 14, 2019
3
1
15
jankerson said:
AMD is effected too...

Anyhow the new Intel CPU's are fine starting with the 8th Generation CPU's.
Click to expand...

From the https://mdsattacks.com/ website:
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Click to expand...

Please stop spreading misinformation.
 
  • Like
Reactions: alextheblue
H

hotaru251

Splendid
Oct 30, 2014
1,970
1,738
23,240
"just disable HT" - intel

"gonna give me a refund for difference between my cpu and its lower version since im losing the benefit of purchasing a cpu to use HT?" - me


for real thoguh I wont turn it off and i will avoid the "patches" as i'd rather use my cpu at full power.

Unless your a business/creator/data storage there is no real issue as you can easily make a backup and then just wipe pc if/when you get hit w/o losing much except a few hours to get it all restored.


Hoping Intel gets rid of HT tbh thoguh as its proving it is a massively damaging vulnerability.
 
NightHawkRMX

NightHawkRMX

Titan
Ambassador
Jan 1, 2018
18,489
3,974
73,540
Illl stay back here with my Ryzen 3 CPU and just laugh every time this stuff happens. Im immune to the majority of these attacks, however not all unfortunately...
Spoiler, meltdown, spectre, when will it stop?
 
J

JimJamJamie

May 14, 2019
3
1
15
jankerson said:
It's pretty much across the board according to Microsoft.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

So more updates will be coming.
Click to expand...

From your link:
This advisory addresses the following vulnerabilities:
  • CVE-2017-5753 - Bounds check bypass
  • CVE-2017-5715 - Branch target injection
  • CVE-2017-5754 - Rogue data cache load
Click to expand...

These CVEs do not match the ones on the MDS website:
The following is the fine-grained vulnerability classification adopted by Intel, together with their CVSS score (their rating of the severity of the bug):
CVE-2018-12126: "Microarchitectural Store Buffer Data Sampling (MSBDS)" (CVSS score 6.5: Medium). See the Fallout paper for more information.
CVE-2018-12127: "Microarchitectural Load Port Data Sampling (MLPDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2018-12130: "Microarchitectural Fill Buffer Data Sampling (MFBDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2019-11091: "Microarchitectural Data Sampling Uncacheable Memory (MDSUM)" (CVSS score 3.8: Low). See the RIDL paper for more information.
Click to expand...
And are thus not relevant.
 
jankerson

jankerson

Judicious
BANNED
Sep 10, 2006
7,884
140
35,640
Rogue Leader said:
No its not. That is from January 2018 regarding spectre and meltdown.

If you're going to try and cite information it is best if you actually read it before linking it.
Click to expand...


Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.

Should be some Windows updates coming soon.

Can always check your system to make sure:

https://www.grc.com/inspectre.htm
 
Last edited:
Rogue Leader

Rogue Leader

It's a trap!
Moderator
Dec 22, 2014
33,007
3,020
116,640
jankerson said:
Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.
Click to expand...

Yes thats the correct link, updated April 9th. And still again has nothing to do with this current exploit. Its all info from 2018 Regarding Spectre and Meltdown

The April 2019 Update was this specifically:

To provide protection against the Spectre Variant 2 (CVE-2017-5175) and Meltdown (CVE-2017-5754) vulnerabilities for systems running VIA processors, Microsoft has released the following security updates: 1. Security update 4493472 (monthly rollup) or 4493448 (security only) for Windows 7, Windows Server 2008 R2, or Windows Server 2008 R2 for x64-based Systems (Server Core installation) - see https://support.microsoft.com/en-us/help/4493472/ or https://support.microsoft.com/en-us/help/4493448/ for more information. 2. Security update 4493446 (monthly rollup) for Windows RT 8.1; Security update 4493446 (monthly rollup) or 4493467 (security only) for Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 R2 (Server Core installation) - see https://support.microsoft.com/en-us/help/4493446/ or https://support.microsoft.com/en-us/help/4493467/ for more information. 3. Cumulative update 4493464 for Windows 10 Version 1803 or Windows Server, version 1803 (Server Core Installation) - see https://support.microsoft.com/en-us/help/4493464/ for more information. Please note that these updates are for VIA processors only. For further Windows Client (IT Pro) guidance, see https://support.microsoft.com/en-us/help/4073119/. For Windows Server guidance, see https://support.microsoft.com/en-us/help/4072698/.

So no, stop with the misinformartion please. This was easy enough to find by just scrolling.
 
  • Like
Reactions: alextheblue
sonichedgehog360

sonichedgehog360

Distinguished
Dec 11, 2008
27
25
18,560
AMD – In 2019, we’re bringing you 32 threads to Ryzen and 128 threads to EPYC. Intel – Remember those 16 threads we gave you on desktop? Now, they’re only 8.

Note: To clarify, only Whiskey Lake and a meager handful of others have the necessary hardware mitigations. Coffee Lake, while it is technically 8th Gen, does not. So the i9-9900K, which is a Coffee Lake-based product, is most definitely susceptible to this form of attack.
 
  • Like
Reactions: Finstar and svan71
S

svan71

Distinguished
Dec 31, 2007
323
63
18,940
Hey this ain't so bad I'll just drop an 8th or 9th gen chip in my 1151 socket z270. Oh wait Intel decided to require a new motherboard / chipset with the exact same socket for me to do that. I'm sure it was just yet another mistake / oversight on their part that causes me to spend even more money.
 
  • Like
Reactions: artk2219
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom