All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Yet another serious attack on/vuln. of intel CPUs - "EchoLoad"
As I just fell over it and our community can well use some actual content (other than looking at itself and its troubles) ...
Welcome to yet another very serious attack on intel processors.
Why very serious?
- Because all intel processors from Pentium 4 (Prescott) up to the newest Cascade Lake are vulnerable
- Because KASLR (kernel address space layout randomization) can not protect the kernel against the attack.
- Because kernel space can in fact be de-randomized ("unprotected") within tens of microseconds
- Because it does not require intel TSX or knowledge of internal data structures
- Because the attack is deeply rooted in the design of the microarchitecture, it cannot easily be fixed, neither in software nor hardware
- Even on Cascade Lake with fixes for Meltdown and MDS the kernel can be de-randomized
- The attack even works on KPTI, the Linux software mitigation for Meltdown.
- The attack also works in restricted environments such as SGX
How about AMD? - AMD Zen is not vulnerable
Who has developed and brought us this new attack? - The University of Graz people (again) who are already well known for some studies of and finding serious attacks against x86 (mostly intel) processors. One example is "DataBounce" (which is dangerous but less so than EchoLoad.
Link to their paper -> http://cc0x1f.net/publications/kaslr.pdf
My personal take: I tried to stay halfway neutral for a long time. And in fact intel processors aren't all bad. There are some things where they are better than AMD, one important example being CPUs with low power envelope (which often is a factor in hosting).
But the more one looks, the more crappy engineering and (not really) smart "cost saving" decisions become visible. Now, we see a vulnerability which can not be mitigated, neither in hardware nor in software and, to make it even worse, it also breaks the "foundation", kernel KASLR, upon which a lot depends. Yes, there is good news too; in fact the authors themselves suggest something like a "better KASLR", but how long will that take to be examined, discussed, and finally brought into safer kernels? Things like that don't happen quickly and even if we had safer kernels - for quite a few OSs at that - within a reasonably short time frame, there still is the issue of lots and lots of older kernel which won't be updated (just think of the billions of plastic boxes out there).
TL;DR Buy AMD only
Comments
I am so happy to see this. Intel needed a reality check for the crap they’ve been selling at a premium.
And it takes a while (at least 1 or 2 generations) for them to fix exploits in hardware...
I agree with this 100%
I won't completely give up on Intel, but will definitely never trust them again. AMD just got even more prem. Yikes.
I trust my Intel completely.. I mean, I sleep with it under my pillow every night so..
Beautiful packaging. Lovely
I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen
My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's
From all this vuln, is there any real life accident? Like some provider or company being victims because of it?
None reported yet. You can still choose whether you prefer a YOLO lifestyle.
Lol.. Maybe I should find punch cards and vacuum tubes.
My take is that I won't rush to replace personal computers, but I won't take the risk for VPS in shared environments.
This is my approach largely, however it depends on the application of the VPS. I have Intel in my "fleet" alongside AMD. It's a matter of using the right tool for the job imo :-)
The time for AMD is now.
That’s Epyc.
Nothing wrong with a YOLO lifestyle 😂
Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.
Deeecent!
Edit: bold fail
Let me fix that for you sir. Now it's prem.
Link?
https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Specifications
https://www.asrockrack.com/general/productdetail.asp?Model=1U4LW-X470#Specifications
They even have motherboards for threadripper now. Prem indeed.
Threadripper boards go up to 256GB RAM, while Ryzens only go up to 128GB. Potentially a Threadripper node can support more VMs with the higher RAM and cores, but of course I haven't done a cost benefit analysis.
Keep in mind that TR only have quad-channel memory vs octa on epyc. So if You want to do virtualization You should go with Epyc. If You need pure compute power then TR is way to go.
I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time. It's actually really nice compared to Intel. And if Intel are going to keep having these problems, I think people will start to move to AMD.
I presume that's down to the clock speed of the Ryzen?
Same here and 100% agreed. Ryzen is honestly extremely impressive, high clocks and strong on plow.
In my testing, yes. In saying that, the EPYC is quite fast too considering the lower clock but doesn't enter the same performance league as Ryzen.
The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?
I see cheap used Intel CPUs flooding the market.
I am so glad we've been mostly AMD shop ever since we went for our own hardware
Tho it does annoy that we do have couple racks of unused Intel servers left wondering if we should even power them up at this point.
As for power consumption: Intel lies. and oh do they lie! On all testing we've done Intel platforms have far exceeded the power envelope expectations by a quite a big margin, where as all AMD systems tend to use less than expected. One late nice surprise was when we started using 32c/64t EPYC servers with 24 drives each, all memory channels populated, some nvme etc. and they consumed 100W less than expected, churning happily along at 400-420W power envelope in production. (@Wall, averaged over months)
Waiting to receive some mITX X570 server motherboards late next month for testing!
Answer: Look at why KASLR was developed and deployed. Also read OP again (hint: e.g. SGX).