After Spectre and Meltdown, a brand new security vulnerability – called Spoiler – has been discovered. This vulnerability was discovered by the Worcester Polytechnic Institute and the University of Lübeck and affects all Intel CPUs (from 1st generation Core CPUs to the latest ones).
According to the report, Worcester Polytechnic Institute and the University of Lübeck have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes.
“The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.
The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available,” said Moghimi. “Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks.”
What’s really important here is that according to the researchers, and unlike Spectre, a solution via a software update is virtually impossible. As such, Intel will have to adjust its CPU architecture in order to prevent this new security vulnerability.
Last but not least, Spoiler affects only Intel’s CPUs and not AMD’s CPUs. All of AMD’s CPUs are safe and are not affected by this new security vulneratiblity.
Kudos to our reader “Metal Messiah” for bringing this to our attention!
UPDATE:
An Intel spokesperson got in touch with us and shared the following statement about Spoiler.
“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email
Makes me feel all the better in waiting for Ryzen 3.
I am happy that AMD isn’t affected by it. They are on a roll when it comes to CPUs and that will put Intel under pressure to improve on almost everything in their CPU architecture approach
They did with the Athlon and then Intel demolished them with the Core series and Core2. Intel just need to get their head out out their a*s and make a Ryzen killer but at the moment they’re just making incremental updates.
They can since Ryzen isn’t killing anything. Which sucks. Maybe in the future
I thought the first gen Phenom also have hardware based issue. The second phenom they start to catch up with intel core (and back then they did offer better value to combat intel) but then the hammer called nahelem land. Things get harder once first i5 hit the market. I still remember the marketing from AMD “our six or their four”. But even in productivity work the i5 able to match or beat 6 core phenom because of pure IPC advsntage.
“…that will put Intel under pressure to improve on almost everything in their CPU architecture approach.”
Not a moment too soon either. Intel has been on “cruise control”, for far too long.
Hahahaha, yet ANOTHER security flaw.
Let me guess, takes another -15% performance update to fix it? 😀
From the article,
“unlike Spectre, a solution via a software update is virtually impossible”
What irks me with the fixes thus far is that, for the typical gamer, they’re largely unnecessary because the nature of their PC use doesn’t really expose them to such threats, as best I understand it. So we’re getting downgraded performance via updates we don’t really need. I understand why it has to be this way but…
There is a utility that i used when i was on my old ivy bridge,it disabled spectre spectre and meltdown protections but needed a system restart on enable/disable it helped a bit in some cpu intensive games like battlefield 1 and mitigated micro stuttering related to the cpu.
I dont use it anymore on my 9700k after testing this fix, the 9700k seems to be barely affected by meltdown and spectre fixes
I’d like to think that with each update over time the performance hit is lessened and maybe also that games are now coded with these things somehow factored in.
“Spoiler is a brand new security vulnerability affecting all Intel CPUs, AMD’s CPUs safe from this thread”
I think you mean threat.
I’m starting to think that Intel might have knowingly made the decision to trade off security for performance since all of these vulnerabilities took years to be found… Or maybe for the same reason they missed them back then.
Good for Intel..
Good for AMD more like..
Yeah but good for Intel in a sense too… (if you see what I mean)
Every year I want to buy a brand new Intel/Nvidia build, every year I thank god I didn’t.
Laughs in “underpowered”
rofl…..I think INTEL is slowly getting doomed to some extent.
kudos to me for posting it on wccftech 😀
I bet juanrga and the Proctor are working overtime trying to deflect from it.
Lool, i said it time ago, the new mecanism from intel to downgrade their products so the people have to buy a new one XD
By the way, just FYI, Spoiler is not actually a Spectre attack, so it isn’t affected by Intel’s current mitigations, which otherwise could have prevented other Spectre-like attacks such as SplitSpectre (Because it involves a leak in the page mapping when it comes to memory, making other similar attacks much easier to perform).
But any said attacker would actually need some kind of foothold on any PC to drive this new exploit, such as a malware, or a piece of malicious JavaScript running on some dodgy webpage. It can also be exploited by any rogue logged-in user, who might extract passwords, and other data from the memory.
ALSO, some major update on this current issue. An Intel spokesperson has just provided the following statement on the Spoiler vulnerability:
“Intel received notice of this research, and we expect that software can be protected
against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest.
“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”
.
That Odin’s Eye keeps rearing its ugly head.
Thanks for the detailed information 🙂
You’re hot to trot with latest news updates, MM. Appreciated as always.
Well its long overdue for Intel to redesign their architecture anyways. Plus, ARM is coming to the mainstream PC market. Don’t be surprised if we see Qualcomm releasing a processor rivaling high-end Intel and AMD cpus in the next 3-5 years!
these (((security vulnerabilities))) are put in there on purpose. they are nsa/cia/etc backdoors so they can access your information/pc if they decide to take it from you and or over internet spy on you.
This always freaks me out so much…thou I heard it several times by this point and…eeeh. It never f*ked up my PC.
Again thou, it’s still rather scary to hear about stuff like this.
I’m surprised many people even care. Most people run a wide range of unsafe pieces of software from their OS, programs, not to mention their daily habits and how they use stuff. Basically most people are too lazy to really care about security.
Another one
Well its long overdue for Intel to redesign their architecture anyways. Plus, ARM is coming to the mainstream PC market. Don’t be surprised if we see Qualcomm releasing a processor rivaling high-end Intel and AMD cpus in the next 3-5 years!
On some slightly related but OFF TOPIC news. It looks like INTEL is finally retiring 6th-Generation Skylake CPUs, and they will be discontinued.
Intel has given the EOL status to some 2015 Skylake processors in the Celeron, Pentium, Core i3, Core i5, and Core i7 range.
A total of 22 Skylake chips have reached the end-of-life (EOL) status. The retirees span from the entry-level dual-core Celeron parts up to quad-core Core i7 models.
Have a peek::
https://www.tomshardware.com/news/intel-retires-6th-generation-skylake-cpus-processors,38751.html
More OT.
Intel Donates Compute Express Link, a High-Speed Protocol for PCIe 5.0….Intel Releases their CXL 1.0 Interconnect Standard..
Intel, alongside Alibaba, Cisco, Dell EMC, Facebook, Google, Hewlett Packard Enterprise, Huawei and Microsoft have teamed up to create the “Compute Express link” (CXL) 1.0 protocol, building upon the PCIe infrastructure to deliver next-generation host-device and device-device performance.
https://newsroom.intel.com/editorials/milestone-moving-data/#gs.0zgyif
https://www.tomshardware.com/news/intel-compute-express-link-pcie-5.0,38786.html
https://www.overclock3d.net/news/misc_hardware/intel_releases_their_cxl_1_0_interconnect_standard/1
Hello JOHN,
Another day, another very interesting news to share with you guys. We all know INTEL is planning to release DISCRETE GPUs next year, and now the official Twitter Page of INTEL is teasing a new CONTROL PANEL.
Intel is ramping up towards its industry event at GDC 2019 next week, with the official Twitter page for Intel Graphics recently teasing the new control panel coming to Intel and its future discrete GPUs.
The new control panel looks very Steam-ish and that’s not a bad thing, and it’s a vast upgrade on the aging look of NVIDIA’s GeForce control panel. Hopefully we see more of this during The Odyssey event next week, as the hype train for Intel’s first discrete graphics card since the Intel i740 (how good was Trespasser on it!) arrives in 2020.
Check the official Twitter page, and article posted on TT.
https://twitter.com/IntelGraphics/status/1105223183727280129
https://www.tweaktown.com/news/65164/intel-teases-new-control-panel-discrete-gpus/index.html
Your blog post was really enjoyable to read, and I appreciate the effort you put into creating such great content. Keep up the great work!
I like the efforts you have put in this, regards for all the great content.
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
It’s always a joy to stumble upon content that genuinely makes an impact and leaves you feeling inspired. Keep up the great work!
I’m often to blogging and i really appreciate your content. The article has actually peaks my interest. I’m going to bookmark your web site and maintain checking for brand spanking new information.
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!
I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
มีระบบแนะนำเพื่อน: ชวนเพื่อนมาเล่น รับรางวัลมากมาย
เล่นสนุก ลุ้นระทึก: เพลิดเพลินกับเกมเดิมพัน ลุ้นระทึกทุกวินาที
เล่นได้อย่างมั่นใจ: เว็บไซต์มาตรฐาน ปลอดภัย มั่นใจได้