New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
No real world damage done. Only in laboratory conditions found vulnerability shoud be safely ignored. Only intel stock market cries now.
Pardon me but that's about the stupidest point of view imaginable.
Your imagination needs an upgrade!
How this 'veryserious' vulnerability would affect a mere lowender? These kind of finds are geared towards Intels stock market and insanely harsh competition vs AMD. Anyone got hacked here because one of Intels vulnerabilities? No.
No need for clickbait such as 'very serious'. It's one more nail in a coffin of Intel. That's it.
This time I should start preparing my popcorn on Intel...
We do not know the intentions of the researchers. Maybe they are out to harm intel, maybe not. And yes, I do see that there is of course an economic component, too but I focus on the technical perspective.
As for "very serious" the point is not about whom it affects - although it does affect low-enders. The point is to look at CacheOut in relation to Spectre/Meltdown, etc. And in that regard CacheOut is very serious; in fact it's potential to create harm is much, much higher than that of Spectre, Meltdown, etc.
In particular there are (a) multiple ways to exploit it and (b) a very attractive effort vs gain ratio which makes it highly likely that, while we speak, malware groups are working on putting CacheOut into their kits/software.
Ticket please
Correct me if I'm wrong but only ones with TSX enabled? e.g. the E5-2620v4 (Broadwell EP) isn't vulnerable (I believe TSX was disabled in microcode due to stability concerns in Broadwell EP and early Skylake) to this one and that's relatively modern by typical LE* standards?
I might be mistaken (and am concentrated on my work right now) but I seem to remember that TSX was not a necessary precondition but rather the worst case.
Anyway, this list should offer a better answer than I can provide -> https://software.intel.com/security-software-guidance/insights/processors-affected-l1d-eviction-sampling
Another reason to switch over AMD ?
I can't find a list of processors. Is this only for large processors, or small CPU like Celeron (N3450, N4100, and so on) are also affected?
The original post above has a direct link to the list. Seems to affect the whole range down to atoms. Celeron is usually just a marketing name for the lower spec-ed versions of a given generation.
Considering the work was done at a university (my alma mater, no less!) their motivations are probably more around making names for themselves than shorting Intel stock.
I would guess more than most. You're unlikely to get hacked on your home PC unless you do something stupid with malware. You're unlikely to get hacked on a dedi because I believe the attacker has to be able to run code on the physical box. You're unlikely to get hacked on the big player public clouds because they'll be the first to patch up.
But some low-end host running old Intel gear where anyone can get a VM for $1/month...and then one of those subscribers decides to run something he downloaded from HF that exploits this, breaks out of the VM, and starts interrogating the physical host memory...it's probably the most likely of all scenarios.
Very serious huh?
Intel lists it as a "medium severity," but we can hardly expect them to be objective.
Objectively it's not in their best interest to have high severity issues.