New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Even with the slight performance hit, Intel is still faster. That's how bad AMD is.

 

Wow, we got ourselves a real one here.

 

Microcode can be patched from the OS loader if the MB firmware does not provide an updated version. Of course everything that runs between system power up and OS loader is still without any protection, but for most users is enough.

 

There is no way at all you can try to claim no one has been attacked due to this vulnerability, that is the whole point of hacker groups and Govs having unpatched/unknown zero day exploits in their arsenal of tools used to abuse people in various ways !!!

 

I can without a doubt claim that nobody has been attacked by this vulnerability.

 

Sure you are absolutely right, anyone can claim Anything that they want, but claiming idiotic things will tarnish their image to some degree in the eyes of the people around them

Such an exploit can be worth many 10's of millions to the right group selling it to Govs about the world who use them subjugate people.
This is well known already where such groups buy such an exploit for up to a couple of million (or much more than a bug bounty), keep it secret + then obviously sell for a LOT more many times over to Govs.

Such an exploit becomes worthless once it is no longer a secret......

 

This is why this security bugs are classified only as "medium", all those bugs are not easy to reproduce by the average Bob. But what happen if "bad guy" (cit. Kurose-Ross) find the way to exploit all this? Those issues are potentially more dangerous than the first Meltdown/Spectre first wave bugs, they can give complete access to any non-cached virtual address in memory, bypassing OS kernel address randomization. If all those bugs are not a very-high priority issues for simple consumer, they are for datacenters and HPCs.

 

Yes, you are right. But it's neither what the biggest part of the userbase will be able to do, nor is it my job as a customer to fix a faulty product... if a car manufacturer builds a car with crap breaks, it's not the driver's job to change the breaks, he gets an appointment at the garage to fix it.

Yes, you can claim anything

 

Part of me wonders if this is related to that kernel patch Linux had a few months ago, that basically just outright inadvertently disabled HT. Needless to say, people were pretty pissed about that patch because of the substantial performance losses, though it was modified to allow HT under certain conditions. So as far as I'm concerned, Linux users basically already got this vulnerability patched.

Still ridiculous though. Seems to me there should be some more benchmarks showing how fast Intel's CPUs really are after you make them properly secure.

 

Except the OS loader patch is provided by Intel and distributed by Microsoft/Canonical/Apple/RedHat/Gnu foundation etc...

 

Man Intel CPUs have so many security holes!!! Intel is looking very silly/stupid right now... And i imagine how some huge companies with Intel expensive servers must be feeling right now with all the exploits being found...

 

IMagine next Snowden revealing that some of those vulnerabilities have actually been used for years... Days later all data center clients demand disabled HT.

 

True. My car breaks better / harder / faster after such a fix. With Intel it's quite the opposite st ill. But you are right about the distribution I guess.

 

My Motherboard brand(Asrock) just publish a new BIOS with intel microcode update, i am wondering if is really worth update since is already risky trying update the BIOS.....

 

Let's play a game of heavy drinking every time an Intel vulnerability is announced.
After a few weeks: oh man, my liver is toast...

 

DO not worry, article is not real. Everything is fine.
...
...
Better?

 

This. We will forget they patched it same day. Announced micro code updates are coming. Yet, all they want to focus on is their hate for evil Intel. I'm all for Intel vs AMD competition, but they cannot see anything beyond their hate for Intel.

And yes, I can say since 2008 there is no record of an actual attack with any of these vulnerabilities. So unless you can come back with actual proof, again this affects really no one right now in the real world, especially since there are patches available. BTW, I felt the same way when the security flaws were announced for both Intel and AMD previously.

 

That's incredibly naive way to look at things. You have few men research labs & students finding those vulnerabilities and NSA/CIA/... not finding them and exploiting them?

Have you ever thought why Russia went to develop multiple CPUs for their governments? You must be sure that it was done to make everyone in the world laugh on how slow those chips are. You are likely sure that it was not because their "best HW hackers in the world" did discover that intel's chips are having more similarities with elemental cheese than CPUs, and AMD's are not that far behind.

I wonder about number of those vulnerabilities OFFICIALLY found by China or Russia. (I know your answer... "None, because they found none.")

 

Go to first bios! LOL.