Back in May 2019, we informed you about a new security vulnerability that affected Intel’s CPUs, Spoiler. And today, a brand new security vulnerability has been discovered that, once again, affects only Intel CPUs and is called RIDL.
RIDL can be used to attacks victims and computers with Intel CPUs are vulnerable to this thread. Phones and tablets are unaffected by this, and neither laptops and desktop PC configurations that are using AMD’s processors.
Regarding RIDL, VUSec’s Pietro Frigo claimed that a quick fix – at this point – is to disable Hyper Threading.
“If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors.”
Now I don’t know whether it’s possible to fix this issue via a new firmware, and whether this software will bring any performance hit on Intel’s CPUs. After all, the firmware/software updates did impact the overall gaming performance on Intel’s CPUs (not by a large margin thankfully).
It’s also interesting pointing out that AMD CPUs are unaffected by both RIDL and Spoiler. From the looks of it, AMD currently offers processors that are not affected by a lot of security vulnerabilities so kudos to the red team.
Thanks Guru3D
UPDATE:
Alongside RIDL, ZombieLoad, Fallout and Store-to-Leak Forwarding are three more Microarchitectural Data Sampling (MDS) attacks that target a CPU’s microarchitectural data structures. All these four security vulnerabilities affect Intel’s CPUs.
John is the founder and Editor in Chief at DSOGaming. He is a PC gaming fan and highly supports the modding and indie communities. Before creating DSOGaming, John worked on numerous gaming websites. While he is a die-hard PC gamer, his gaming roots can be found on consoles. John loved – and still does – the 16-bit consoles, and considers SNES to be one of the best consoles. Still, the PC platform won him over consoles. That was mainly due to 3DFX and its iconic dedicated 3D accelerator graphics card, Voodoo 2. John has also written a higher degree thesis on the “The Evolution of PC graphics cards.”
Contact: Email
Laughs in underpowered.
Zen2/3 it is then. Zen2 this year, or 3 next year? Patience….. hmmm……
RIDLculous.
RIDLled with security vulnerabilities!
Wow. AMD hasn’t looked this good, since the mid 2000’s.
at this rate patching this up by lowering perfomance is gonna bring intel cpus equal to amds at half the price.
And Zen 2 isn’t even out yet.
And I have been waiting for this moment for nearly a decade!
It just works
(((Mossad))) inside.
????????????????????
THAT DIDNT MAKE ANY SENSE
He is high on DOPE….lol
Israel / Mossad have had back-doors for many years, ie Intel ME.
people need to calm down about China Israel is the real issue
Intel CPUs seemingly have more vulnerabilities than a Polygon ‘journalist’.
Can’t wait for another security company to publish on an exploit in AMD’s processors that requires physical access to the machine to try and run damage control for Intel.
Y’know, like last time?
I want a new intel build, they keep making me wait another year
LOL
OY VEY GOY
where are you from?
The US?
i’ve seen three type of people complain about jews :1-middle easterners 2-old conservative americans 3-eastern europeans.
by the way i’m not defending jews, i consider all religions stupid.
I do not fit any of those categories.
you do but you deny it.
No lol, I’m a mid thirties nationalist.
i did think about you being british or australian but i don’t remember seeing or talking to white british guy or white australian guy who’s got a grudge against jews.
Oy Vey
On AWS, several of the VM classes have AMD variants with the same RAM and disk (just put an ‘a’ at the end of the class) and a slightly lower price per VM-hour. Bugs like these may give some enterprises the push they need to switch over.
BTW, it looks while a selection of 8th Gen and 9th Gen processors are safe from the exploit, the majority of Intel CPUs from 2011 or later are impacted, affecting millions of consumer PCs and servers.
Though, Intel is hoping to address these issues with future OS updates and microcode mitigations, but many of their latest processors already contain hardware level fixes for these issues. But they come at a performance cost, IMO.
I think, apart from that, to address these new vulnerabilities, OS makers will now need to make major changes as to how Hyperthreading functions, giving each thread an extra layer of isolation when programs with different security domains are running. To be more prcise, these exploits can allow one thread to peak at what the other is doing, and while observable data will, for the most part, be useless it is nonetheless a big concern for cloud systems with multiple VMs or other high-security environments.
Intel just proposed a solution called Group Scheduling, which will prevent CPUs from a separate trust domain from running on the same thread.The problem here is that this will prevent full thread utilisation within systems, reducing performance levels. IF several programs don’t trust one another it is likely that there will be threads that sit at IDLE, impacting load balancing and performance, imo.
BTW, these threefold of attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in cache.
PS.
Also, please kindly update your article, john. No. Intel is not recommending that users disable Hyper threading. It’s important to understand that doing so does not alone provide protection against MDS, and may impact workload performance or resource utilization that can vary depending on the workload.
That’s a bit tricky question to answer, because no technology is future-proof. Even if INTEL overhauls the entire CPU architecture from scratch, there is no 100% guarantee that future chips are going to invulnerable.
Sure, INTEL is going to release microcode mitigations soon, along with OS updates, and these might patch some of the vulnerabilities in the current CPU lineup, but this going to come with some performance cost, and these might not work with future CPU architectures/revisions.
Whether or not more vulnerabilities are going to be detected, will all depend on the CPU architecture, as well the “stepping”. But nothing is certain. It might depend on how INTEL redesigns the future CPU architecture, because there are flaws in it’s current state.
Btw, do malware, trojans, viruses, worms ever stop spawning ? Nope. Every week new attacks are being discovered, despite the patching done on previous versions of detected malware..
But obviously, we shouldn’t be comparing INTEL’s CPU vulnerabilities, with any malware though, because these vulnerabilities are Hardware agnostic more like. This was just a vague analogy, but I had to mention it..
Anyways, the issue at hand here is that like other side-channel attacks, exploits may allow hackers to obtain info that was deemed secure, had it not been run through the CPU’s speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on Intel’s CPUs, MDS attacks read the data on the CPU’s various buffers, between threads, CPU’s cache, and others.
So, this new vulnerability is more severe than Meltdown/spectre, so expect few more to spawn in the coming months, regardless of the CPU generation.. No hardware is future-proof though..
Gibberish…. that’s what people call it when the topic of discussion, is well beyond their scope of intellect.
Go juggle Denuvo’s balls in your mouth on some other site. You’ll feel better I’m sure.
I’m sure that he is just frustrated, seeing as he said yesterday that the new Denuvo was “uncrackable” (Delusions, yeah i know) and here we are a day later and Rage is already cracked.
I think Rage wasn’t cracked, there was a Denuvo free version on the Beth launcher. At least this is what I’ve got so far.
Fair enough.
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
As always, so much trolling from you KIM. Take some MEDS, it will make you feel better.
Also, go outside this forum to take a breath of fresh air, because we have had enough of your nonsensical immature comments here.
That’s a bit tricky question to answer, because no technology is future-proof. Even if INTEL overhauls the entire CPU architecture from scratch, there is no 100% guarantee that future chips are going to invulnerable.
Sure, INTEL is going to release microcode mitigations soon, along with OS updates, and these might patch some of the vulnerabilities in the current CPU lineup, but this going to come with some performance cost, and these might not work with future CPU architectures/revisions.
Whether or not more vulnerabilities are going to be detected, will all rely on the CPU architecture, as well the “stepping”. But nothing is certain. It might depend on how INTEL redesigns the future CPU architecture, because there are flaws in it’s current state.
Btw, do malware, trojans, viruses, worms ever stop spawning ? Nope. Every week new attacks are being discovered, despite the patching done on previous versions of detected malware.. But obviously, we shouldn’t be comparing INTEL’s CPU vulnerabilities, with any malware though, because these vulnerabilities are Hardware agnostic more like. This was just a vague analogy, but I had to mention it..
Anyways, the issue at hand here is that like other side-channel attacks, exploits may allow hackers to obtain info that was deemed secure, had it not been run through the CPU’s speculative execution processes. While Meltdown read sensitive information that was being stored in memory due to the speculative execution functions on, MDS attacks read the data on the CPU’s various buffers, in-between threads, CPU’s cache, and others.
So, this new vulnerability is more severe than Meltdown/spectre, so expect few more to spawn in the coming months, regardless of the CPU generation.. No hardware is future-proof though..
Fixing these speculative execution issues isn’t an easy process and there is no doubt that more vulnerabilities will be discovered over the next few years.
It will likely take several years for Intel to fully address the risk of Speculative Execution attacks within their CPUs, and even then there is always the possibility that another exploit is waiting to be discovered.
It wasn’t fully exploited before by any groups whatsoever. Once this came to light, then only INTEL took some action.
Even older gen CPUs from Intel might have been vulnerable for a long time, but only recently the vulnerability has been exposed.
I guess even INTEL never noticed the flaws in their CPU architectures, and they might have been ignorant on this issue as well, and/or overlooked it..
Intel might be sweating buckets right now seeing all these security vulnerabilities being discovered that exclusively affect their CPUs! Their time for bullying is coming to an end! I love it! Zen FTW…Go AMD!
RIDLed with bugs.
RIDL me this, Intel. Why should I even think about getting Ice Lake, over Zen2?
On second though, don’t bother. Nothing you say, could convince me otherwise.
*facepalm*
Yeah, concerns for security, performance and pricing are facepalm worthy.
*facepalm*
*** UURGENT***
Rage 2 got cracked. Just a heads up for DSO
no one cares, nobody pirates video games on this website. go away troll.
This is why I buy AMD processors nowadays, I can’t risk the security of my PC for few more extra FPS in some games.
Here we go again, intel is finished
Mega LOL
So in short Intel has nobody working security these days.
Got it.
This is getting out of hand! Now, there are four of them!
that picture tells a thousand words