Article Intel Recommends Disabling Hyper-Threading as it Reveals New Spectre Attack

Toggle sidebar Toggle sidebar
jeremyj_83 said:
Not unless you have a Whiskey Lake CPU, which is only on laptops, Atom, or Knights Landing based CPUs.
Click to expand...

Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
 
jankerson said:
Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
Click to expand...
Affected Processors

Virtually all of Intel’s chips starting with the Nehalem architecture (launched in 2008, 11 years ago) and newer, with the exception of the Whiskey Lake (ULT refresh), Whiskey Lake (desktop), as well as the Atom and Knights architectures, are affected by the MDS vulnerabilities.

Coffee Lake and Coffee Lake R are NOT in those lines. Whiskey Lake is an 8th & 9th gen CPU same as Coffee Lake and Coffee Lake R. This is where things are confusing as Intel decided to have things based on different cores all in the same generation line.
 
There's an error in the article:
The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.
Click to expand...


From https://mdsattacks.com/
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Click to expand...
 
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
 
  • Like
Reactions: alextheblue
gggplaya said:
Wow, core i7 people will now have core i5's and core i5's on older laptops will now have dual core i3 computers since they were dual core hyperthreaded parts. OUCH!!!!! However, most people aren't going to care, and just keep on keepin on without worrying about security.
Click to expand...
While someone could put malicious code on your computer that would follow through with this vulnerability, an individual is far less likely to be affected than AWS, Azure, etc... For your cloud providers you now have to double your hosts since your vCPUs are cut in half.
 
  • Like
Reactions: TJ Hooker
jankerson said:
AMD is effected too...

Anyhow the new Intel CPU's are fine starting with the 8th Generation CPU's.
Click to expand...

From the https://mdsattacks.com/ website:
Am I affected?
Very likely. Our attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.
Click to expand...

Please stop spreading misinformation.
 
  • Like
Reactions: alextheblue
"just disable HT" - intel

"gonna give me a refund for difference between my cpu and its lower version since im losing the benefit of purchasing a cpu to use HT?" - me


for real thoguh I wont turn it off and i will avoid the "patches" as i'd rather use my cpu at full power.

Unless your a business/creator/data storage there is no real issue as you can easily make a backup and then just wipe pc if/when you get hit w/o losing much except a few hours to get it all restored.


Hoping Intel gets rid of HT tbh thoguh as its proving it is a massively damaging vulnerability.
 
jankerson said:
It's pretty much across the board according to Microsoft.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

So more updates will be coming.
Click to expand...

From your link:
This advisory addresses the following vulnerabilities:
  • CVE-2017-5753 - Bounds check bypass
  • CVE-2017-5715 - Branch target injection
  • CVE-2017-5754 - Rogue data cache load
Click to expand...

These CVEs do not match the ones on the MDS website:
The following is the fine-grained vulnerability classification adopted by Intel, together with their CVSS score (their rating of the severity of the bug):
CVE-2018-12126: "Microarchitectural Store Buffer Data Sampling (MSBDS)" (CVSS score 6.5: Medium). See the Fallout paper for more information.
CVE-2018-12127: "Microarchitectural Load Port Data Sampling (MLPDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2018-12130: "Microarchitectural Fill Buffer Data Sampling (MFBDS)" (CVSS score 6.5: Medium). See the RIDL paper for more information.
CVE-2019-11091: "Microarchitectural Data Sampling Uncacheable Memory (MDSUM)" (CVSS score 3.8: Low). See the RIDL paper for more information.
Click to expand...
And are thus not relevant.
 
Rogue Leader said:
No its not. That is from January 2018 regarding spectre and meltdown.

If you're going to try and cite information it is best if you actually read it before linking it.
Click to expand...


Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.

Should be some Windows updates coming soon.

Can always check your system to make sure:

https://www.grc.com/inspectre.htm
 
Last edited:
jankerson said:
Not sure what happened to the link, it's not right.

Was updated in April 9th 2019.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

MS seems to be all over it currently.
Click to expand...

Yes thats the correct link, updated April 9th. And still again has nothing to do with this current exploit. Its all info from 2018 Regarding Spectre and Meltdown

The April 2019 Update was this specifically:

To provide protection against the Spectre Variant 2 (CVE-2017-5175) and Meltdown (CVE-2017-5754) vulnerabilities for systems running VIA processors, Microsoft has released the following security updates: 1. Security update 4493472 (monthly rollup) or 4493448 (security only) for Windows 7, Windows Server 2008 R2, or Windows Server 2008 R2 for x64-based Systems (Server Core installation) - see https://support.microsoft.com/en-us/help/4493472/ or https://support.microsoft.com/en-us/help/4493448/ for more information. 2. Security update 4493446 (monthly rollup) for Windows RT 8.1; Security update 4493446 (monthly rollup) or 4493467 (security only) for Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 R2 (Server Core installation) - see https://support.microsoft.com/en-us/help/4493446/ or https://support.microsoft.com/en-us/help/4493467/ for more information. 3. Cumulative update 4493464 for Windows 10 Version 1803 or Windows Server, version 1803 (Server Core Installation) - see https://support.microsoft.com/en-us/help/4493464/ for more information. Please note that these updates are for VIA processors only. For further Windows Client (IT Pro) guidance, see https://support.microsoft.com/en-us/help/4073119/. For Windows Server guidance, see https://support.microsoft.com/en-us/help/4072698/.

So no, stop with the misinformartion please. This was easy enough to find by just scrolling.
 
  • Like
Reactions: alextheblue
AMD – In 2019, we’re bringing you 32 threads to Ryzen and 128 threads to EPYC. Intel – Remember those 16 threads we gave you on desktop? Now, they’re only 8.

Note: To clarify, only Whiskey Lake and a meager handful of others have the necessary hardware mitigations. Coffee Lake, while it is technically 8th Gen, does not. So the i9-9900K, which is a Coffee Lake-based product, is most definitely susceptible to this form of attack.
 
  • Like
Reactions: Finstar and svan71
Hey this ain't so bad I'll just drop an 8th or 9th gen chip in my 1151 socket z270. Oh wait Intel decided to require a new motherboard / chipset with the exact same socket for me to do that. I'm sure it was just yet another mistake / oversight on their part that causes me to spend even more money.
 
  • Like
Reactions: artk2219
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom