[SOLVED] Question about the ZombieLoad in Intel CPUs

[ch33r]

I am looking to build a new gaming PC with an i9 9900K and I don't want to disable hyperthreading. I want to know: Are people avoiding HT chips like the plague.... like... I guess what I want to know is.... Is this vulnerability thing really that big of a deal or are people just being wussies about it. Also, do new intel 9900K's have that issue patched?

 

[digitalgriffin]

The 8 and 9 seties do have spectre mitigations in them. However we dont have word if these new variants affect these new processors or not. (As far as i read)

However even I am disabling hyper threading at this point till i know for sure. The exploit is pretty severe.

 

[InvalidError]

IMO, the severity of most of those exploits are grossly exaggerated: first they require some sort of local access to run attack code which means the machine already needs to have some OS/software compromise in it to allow that unless it is open to running user code. Second, those exploits have only been proven feasible under conditions that maximize the attacks' chance of success but not necessarily exploitable in the real world where CPUs are running hundreds of different things at any given time that will add tons of noise these attacks have to sift through to get any data.

I wouldn't worry about them unless dealing with top-secret stuff. Unless your PC is setup to be this secure, there likely are hundreds of much easier ways to get data out of it.

 

[TCA_ChinChin]

These exploits are pretty severe from a purely security based perspective. This means that users that rely on their computers and networks being as secure as possible are the most impacted. Normal users can decide themselves based on how much they value that security. There hasn't been any known exploits from the previous Spectre and Meltdown vulnerabilities for some time and there hasn't been anything from the current ones.

 

[mdd1963]

The latest hooplah over Intel hyperthreading and assorted predictive branching/memory access vulnerabilities makes it sound just like everyone has an open Ammy Admin account into their systems with hard coded password of 'hacked', with everyone's system being ripe for picking....; yet, there is not one known example of even the various Intel vulnerabilities of 8 months ago occurring anywhere....

I'd say the latest hysteria is overblown, and I am most certainly not disabling hyperthreading....

 

[Finstar]

While you probably don't need to worry about the exploits... I'd hold off the purchase until the mitigations are released and their impact on performance can be tested.

 

[InvalidError]

There hasn't been any known exploits from the previous Spectre and Meltdown vulnerabilities for some time and there hasn't been anything from the current ones.

And there probably never will be.

Side-channel attacks require statistical analysis of thousands of samples under controlled (repeatable) lab conditions to demonstrate, In the real-world where there is an infinite number of variables, a side-channel exploit would need millions of samples to filter out the noise.