News Intel Reveals TAA Vulnerabilities in Cascade Lake Chips and a New JCC Bug

Blitz Hacker

Distinguished
Jul 17, 2015
60
19
18,565
Wow.. Rip Intel share holders for Q4 of 2019. Intels financial reports are starting to closely resemble mine irl :p Pretty sure this isn't response intel wanted to the 3950x /2960tr/2070tr AMD release. What a year for cpu's
 
tbh I need to build a new PC (system is showing its age now)

I have always been Intel for CPU (gpu i a few times went amd).

But idk if I am going to stay with them as it just seems they have unfixable (and no disabling HT is NOT fixing..thats literally tossing reason you buy a HT cpu out window) stuff liek this pop up frequently (enough).

AMD does have issues with their CPU's, but they seem to actually make it a priority 1 and fix it...where as intel is "we'll get around to it sometime"
 
Most likely, they had the fixes ready a year ago, but didn't make them publicly available so that interested parties could get a year's worth of use out of them first. They probably don't need this one anymore though, as they have another to replace it with that won't get patched for another year. >_>
 

Olle P

Distinguished
Apr 7, 2010
720
61
19,090
... Intels financial reports are starting to closely resemble mine irl :p ...
Your income goes up too?
Vulnerabilities with fixes that reduce the performance are mitigated by buying more CPUs to make up for the loss in processing power. Intel will thus sell more high end Xeons as a result of this!

Over time more companies will switch to AMD though, but it will take a couple of years to do that transfer.
 

jgraham11

Distinguished
Jan 15, 2010
54
21
18,535
They knew about it in September of 2018... So Intel again released the recent Cascade Lake CPUs and Coffee Lake CPUs with full knowledge of this vulnerability. Class action lawsuit anyone???

We've got to come up with a catchy name: I'm thinking "Kiss Intel bug" pronounced "Kiss 'n Tell bug". Any other thoughts?
 
  • Like
Reactions: bit_user

bit_user

Polypheme
Ambassador
They knew about it in September of 2018... So Intel again released the recent Cascade Lake CPUs and Coffee Lake CPUs with full knowledge of this vulnerability. Class action lawsuit anyone???
This is an interesting point. If you have a CPU you're about to release, and you make claims about its performance, knowing those claims will soon be invalidated when people start running with the mitigation they'll need for an undisclosed security vulnerability, what's the legal exposure?

It seems like being caught between a rock and a hard place, since the vulnerability announcement was presumably being delayed so their partners could get the BIOS and other software ready with the mitigation. So, I guess you'd either have to hold back the launch (but what if there are yet more vulnerabilities in the pipeline?), not make any performance claims, or just quote the performance with mitigations for "all known vulnerabilities", including undisclosed ones.
 
  • Like
Reactions: TJ Hooker

Olle P

Distinguished
Apr 7, 2010
720
61
19,090
This is an interesting point. If you have a CPU you're about to release, and you make claims about its performance, knowing those claims will soon be invalidated... for an undisclosed security vulnerability, what's the legal exposure?
I don't think the computing performance is an issue at all, compared to the issue of releasing the CPU without disclosing the known vulnerability!

What if it was a car with a safety issue known to the manufacturer but undisclosed to the public?
 

bit_user

Polypheme
Ambassador
What if it was a car with a safety issue known to the manufacturer but undisclosed to the public?
Automotive "recalls" are fairly common. I doubt if they often hold the launch of a vehicle due to recalls, unless they're ones that would be very expensive to fix in the field. If it's a safety recall, then they would just ensure that dealers install the fix before any customers take delivery.
 
This is sad that new security vulnerabilities are almost a routine thing for Intel.

Also, Intel knowing about security vulnerabilities way, way, before announcing them isn't new.

It was only in May of 2019 Intel stated MDS was a flaw in their design, however before this many 8th and 9th gen Intels CPUs were manufacturered not vulnerable to MDS.

If Intel did not not know about MDS, how did they fix their recent CPUs from the bug? I doubt its a coincidence.