Bitdefender researchers have identified and demonstrated a new side-channel attack. This new attack bypasses all known mitigation mechanisms implemented in response to Spectre and Meltdown. According to the report, all Intel CPUs that support SWAPGS and WRGSBASE instructions are vulnerable to this new attack.
What this means is that basically anything from Intel Ivy Bridge to the latest processor series are vulnerable. Any device running an Intel Ivy Bridge or newer CPU: desktops, laptops, servers, etc.
This functionality has the CPU making educated guesses about instructions that may be required before it determines whether the instructions are, in fact, required. This speculative execution may leave traces in cache that attackers can use to leak privileged, kernel memory.
This attack takes advantage of a combination of Intel speculative execution of a specific instruction (SWAPGS) and use of that instruction by Windows operating systems within what is known as a gadget.
As the reports reads, addressing these vulnerabilities is extremely challenging. Since they lie deep within the structure and operation of modern CPUs, completely removing the vulnerabilities involves either replacing hardware or disabling functionality that greatly enhances performance. Likewise, creating mitigation mechanisms is highly complex and can hamper performance gains achieved by speculative-execution features. For example, completely eliminating the possibility of side-channel attacks against the speculative-execution functionality of Intel CPUs would require a complete disabling of hyperthreading, which would seriously degrade performance.
On the other hand, AMD has stated that its CPUs are safe from the SWAPGS attack.
As the red team stated:
“AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks. AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”
So yeah, this is another security vulnerability that affects solely Intel’s CPUs.
Kudos to our reader Metal Messiah for bringing this to our attention!
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email
Another one
This has been already patched on Windows 10.
Oh boy, you mean I can secure my botnet by installing another botnet?
How grand!
once again let me laugh in underpowered.
https://uploads.disquscdn.com/images/14560d14e590b048ebf01c74a708cfbd87d506cd19e3b8ecb2ffba0d53d8fcfd.png
More performance downgrades here we come 🙁
This is far from new.. was disclosed months ago and long patched…
AMD didn’t need to say anything either, this was tested by security experts and wouldn’t work on AMD CPUs.
AMD cited internal and external testing.
Jesus, they just keep finding new holes faster than they can plug the old ones.
https://uploads.disquscdn.com/images/431506cddc838d95e150fc5872a458430f1bd7f15a6c43d4e6cf7499b512ff61.png
day by day my i5600 is getting performance hit… is this intel own doing? F u intel
At this point.
1. Intel engineers leave too many holes in their cou architectures wtf ?
2. Can we all agree that Metal messiah should get paid for his many contributions to this site 🙂
i agree
amen to that !! that guy has been VERY helpful contributor. doesn’t post many comments here though.
Thats it, I’m DONE with Intel.
U slow man!
Skyleak, Kabyleak, Coffeeleak and Cannonleak.
More security leaks than Wikileaks!
*More leaks than the DNC
Wikileaks does the leaking.
B… bu… but… Russian haxors!!1!11!!!!!
Intel for the win right Mr John ?
Give me a break…
All of these theoretical side channel attack have no practical applications what so ever…
This is just here to make headlines, if you actually know how it works then you know it bullshit.
Trust me, im an engineer. at intel.
No, you’re a basement dwelling virgin posing as an engineer.
Glad I went Zen 2 this month. Intel has been far too lazy over the past decade, and it’s showing now, in spades.
Yep. AMD clearly has the upper hand when it comes to perf/$.
It’s so obvious even a rat would figure out to go red team for their cpus.
Ryzen
Hahahahaahahahah ANOTHER ONE??? My fkin god….and people pay for their sh*t?
LOL seems like the Intel engineers didn’t have a very good foresight when they were designing the chips!
Just hire Metal Messiah already. He has been providing so many article here.
https://uploads.disquscdn.com/images/091cbf547a49fa9f95b914e6021e93f7ca588f5550f5a2a0e4739dda3b98d507.gif
Hi John,
OC3D and RedGamingTech just posted a very good article.
Navi is only the start of AMD’s RDNA journey. AMD’s CEO, Lisa Su, has already confirmed that the company has “execution on those [products] are on track” when asked about high-end Navi and Zen 2 mobile hardware.
Furthermore, AMD has already confirmed that RDNA 2 is coming in a 7nm+ manufacturing
process. This is the same process which is set to be used to manufacture AMD’s Zen 3 Milan processors, which are due in Mid-2020. With this in mind, it looks like RDNA 2 is coming in 2020, and rumour has it that AMD is internally calling these GPUs “Nvidia Killer”. As always, please take this rumours with a grain of salt.
http://www.redgamingtech.com/navi-20-series-is-known-internally-as-the-nvidia-killer-exclusive/
This report comes via Red Gaming Tech, who claims that AMD’s Lisa Su is “frustrated” and the fact that AMD has no products that target Nvidia’s highest-end SKUs. With their
next-generation of RDNA products, AMD’s rumoured to be positioning itself to target Nvidia’s market leadership. Red Gaming Tech claims that AMD’s “Nvidia killers” come in the form of Navi 21 and Navi 23. Their report also states that the company’s first Radeon Navi cards released late due to Radeon’s radically redesigned core architecture.
With their “Next Gen RDNA” graphics cards. AMD plans to enter the world of hybrid ray tracing. This shift will bring the company’s graphics cards in line with Nvidia’s RTX series, at least in terms of raytracing capabilities. This move will mark a time where Radeon will hope to have its own form of Ryzen Revival, leveraging RDNA’s use in both next-generation console and their gaming-focused architectural changes to gain market share within the graphics market.
https://www.overclock3d.net/news/gpu_displays/amd_s_reportedly_working_on_a_gpu_they_re_calling_nvidia_killer/1
http://www.redgamingtech.com/navi-20-series-is-known-internally-as-the-nvidia-killer-exclusive/