Subject: Processors | March 18, 2019 - 08:38 AM | Jim Tanous
Tagged: spoiler, speculation, spectre, rowhammer, meltdown, amd
AMD has issued a support article stating that its CPUs are not susceptible to the recently disclosed SPOILER vulnerability. Support Article PA-240 confirms initial beliefs that AMD processors were immune from this specific issue due to the different ways that AMD and Intel processors store and access data:
We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.
SPOILER, one of the latest in the line of speculative execution vulnerabilities that have called into question years of processor architecture design, describes a process that can expose the mappings between virtual and physical memory. That's not a complete issue in and of itself, but it allows other attacks such as Rowhammer to be executed much more quickly and easily.
The research paper that initially disclosed SPOILER earlier this month states that Intel CPUs dating as far back as the first generation Core-series processors are affected. Intel, however, has stated that the vulnerabilities described in the paper can be avoided. The company provided a statement to PC Perspective following our initial SPOILER reporting:
Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.
Subject: General Tech | March 5, 2019 - 06:29 PM | Jeremy Hellstrom
Tagged: spoiler, spectre, security, meltdown, Intel
A spokesperson from Intel reached out to provide a statement for us.
“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”
This is good news as the original report suggested a sofware mitigation might not be possible.
********** End Update ***********
If Tim's post earlier today was bright spot on an otherwise dismal day, then get ready for the clouds to roll back in. The performance drop experience from protecting yourself against Spectre and it's variants may have been mitigated to a point, however researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lubeck have discovered Intel chips are still vulnerable to a newly discovered vulnerability dubbed Spoiler.
Like the previous vulnerabilities it exploits speculative execution however unlike Spectre, Meltdown and their variants, it attacks via the Memory Order Buffer, using the timing behaviour it exposes. If there is one bit of good news in this discovery, it is that only Intel processors are affected and not AMD nor ARM.
"Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache."
Here is some more Tech News from around the web:
- Microsoft Edge running on Chromium has more than a hint of Chrome about it @ The Inquirer
- Structural supercapacitors prepare for take-off @ PhysicsWorld
- iPhone 11 release date, specs and price: 2019 iPhones might offer waterproof display tech @ The Inquirer
- 3D Print Your Own Electric Screwdriver @ Hackaday
- Armor Games admits all its users' deets slurped in database mega-hack as site moves to repair chink @ The Register
- Microsoft Will Launch Disc-Less, 'All Digital' Xbox One S Next Month, Report Says @ Slashdot
- Blender 2.80 (Beta) Viewport & Rendering Performance @ Techgage
- Dealmaster: A whole bunch of Anker charging gear is on sale today @ Ars Technica