Stories
Slash Boxes
Comments

SoylentNews is people

Intel CPUs Afflicted With Simple Data-Spewing Spec-Exec Vulnerability

posted by chromas on Wednesday March 06 2019, @06:40AM   Printer-friendly
from the Intel-illness dept.

exec & upstart write:

Submitted via IRC for Bytram & AzumaHazuki

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

The researchers [...] have found that "a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

"We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."

The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges.

[...] "The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available," said Moghimi. "Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks."

[...] SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.

Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. Chip architecture fixes may work, they add, but at the cost of performance.

Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Intel CPUs Afflicted With Simple Data-Spewing Spec-Exec Vulnerability | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by bzipitidoo on Wednesday March 06 2019, @06:38PM (1 child)

    by bzipitidoo (4388) on Wednesday March 06 2019, @06:38PM (#810805) Journal

    Yes, good point. Whole lot of stuff in computing could use a reboot. Lot of legacy cruft. Segment registers weren't the only bad idea in x86 that needs to be permanently retired. I've mentioned much of this before. There's also the decimal arithmetic instructions, the stack based design of the floating point coprocessor, as well as complicated stack based instructions such as PUSH, POP, CALL, and RET. Major pipeline stall to use PUSH instructions to save several registers, because the stack pointer has to be updated for each PUSH instruction. Then there's the string instructions, REP with MOVSB, CMPSB, and friends. Okay for simple string comparison and such operations, garbage for string search. AMD and Intel have been resourceful at adding new layers and instructions to address many of the shortcomings. But they can't clear out the obsolete cruft.

    The CPU is not the only place that could do with a cleanup. XWindows has a lot of graphics capabilities, especially in xlib, that have been rendered obsolete by advances in GPUs. And how about ASCII? 33 control characters, and most are no longer used. BEL (ctrl-g), anyone? But UTF-8 just sucked them all up anyway.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by DannyB on Wednesday March 06 2019, @07:06PM

    by DannyB (5839) Subscriber Badge on Wednesday March 06 2019, @07:06PM (#810821) Journal

    But UTF-8 has emojis. Making it easier for Millennials to confusicate in thier own native tongue.

    Imagine how incomprehensible the following Usenet snippet would seem.

    "It is impossible to 0x1B once the 0x07 rings for you!"

    I'm holding out for UTF-512. Although it requires 512 bits per character, consider the possibilities! It is big enough to reserve an entire 2^64 character space to create character glyphs which are every possible 8x8 grid with some squares white and others black. In other words every possible pixel arrangement of an 8x8 block of pixels. (even though the font is vector based.) That includes various pixel arrangements that happen to look like upper/lower case letters, numerals, symbols, in different various 1980s fonts.

    Now some people won't like my proposal. But then, they should not like the Intel x86 either. For similar reasons.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.