New PlunderVolt Vulnrebility Hits Intel processors - vCore vs Intel SGX

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Dec 11, 2019.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    38,909
    Likes Received:
    7,572
    GPU:
    AMD | NVIDIA
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,714
    Likes Received:
    3,688
    GPU:
    2080Ti @h2o
    https://www.zdnet.com/article/new-plundervolt-attack-impacts-intel-cpus/
    https://www.semiaccurate.com/2019/12/10/intels-benchmarking-antics-questioned/


    Finally my current CPU is old enough to not be vulvernable...
     
    alanm, mohiuddin, Mundosold and 8 others like this.
  3. sverek

    sverek Ancient Guru

    Messages:
    6,099
    Likes Received:
    2,948
    GPU:
    NOVIDIA -0.5GB
    airbud7 and fantaskarsef like this.
  4. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    6,666
    Likes Received:
    983
    GPU:
    NVIDIA GTX 1070
    Merry Christmas Intel, and a Happy New Year >: )
     
    angelgraves13 likes this.

  5. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,714
    Likes Received:
    3,688
    GPU:
    2080Ti @h2o
    And I'm in the process of planning my next upgrade... so I can make use of this vulvernability again!
    (j/k, going red this time)
     
    Keitosha, Singleton99 and cryohellinc like this.
  6. QBI

    QBI Active Member

    Messages:
    56
    Likes Received:
    8
    GPU:
    MSI GTX 1080 Armor
    This has become such a sad joke at this point we're even considering replacing Intel servers with AMD ones at work. It would actually save us money when we don't have to buy vendor support just to patch the firmware every time a new Intel vulnerability is discovered.
     
    angelgraves13 likes this.
  7. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    11,714
    Likes Received:
    3,688
    GPU:
    2080Ti @h2o
    Makes sense. Although I have to say, until most of the hardware is AMD, when exploiters hit their weaknesses with force, the tables turning again... etc. etc.
     
  8. Dexterr

    Dexterr New Member

    Messages:
    3
    Likes Received:
    2
    GPU:
    Sapphire ATI Radeon HD787
    Aw crap here we go again.
     
    angelgraves13 likes this.
  9. Undying

    Undying Ancient Guru

    Messages:
    13,512
    Likes Received:
    2,725
    GPU:
    Aorus RX580 XTR 8GB
    Intell is on the roll. Nothing is going in their favor lately.
     
    angelgraves13 likes this.
  10. KissSh0t

    KissSh0t Ancient Guru

    Messages:
    8,019
    Likes Received:
    2,076
    GPU:
    ASUS RX 470 Strix
    *Keeps shooting dead body with tommy gun*

    I can't remember what that was from but it's what popped in my head when reading your comment..
     

  11. Embra

    Embra Maha Guru

    Messages:
    1,060
    Likes Received:
    282
    GPU:
    Vega 64 Nitro+LE
    *sighs*

    I was going to give my 4790 to me nephew, not I feel guilty in doing so.
    Looks like a ryzen 2600 will be it.
     
  12. Margalus

    Margalus Master Guru

    Messages:
    290
    Likes Received:
    49
    GPU:
    EVGA GTX 980 Ti FTW
    The joke is that some people think this is a serious security issue in home computer.
     
  13. blkspade

    blkspade Master Guru

    Messages:
    605
    Likes Received:
    18
    GPU:
    Leadtek Nvidia Geforce 6800 GT 256MB
    The thing about that is the independent security analyst have generally been testing AMD CPUs as well. Beyond the initial wave that effected even ARM CPUs, AMD has seemingly been in the clear.
     
    fantaskarsef likes this.
  14. blkspade

    blkspade Master Guru

    Messages:
    605
    Likes Received:
    18
    GPU:
    Leadtek Nvidia Geforce 6800 GT 256MB
    One of previous exploits TPM fail, allowed the extraction of TPM keys via thousands of SSL requests. If someone needed 45,000 clients to support in such an attack, I wonder where they'd come from. Let any one of these exploits end up being wormable and yeah it would still be an issue for home users. Something like stuxnet had a definite specific target, but ended up everywhere else. The exploit that was based on could certainly have transformed in to anything else for any other purpose. I don't consider these things as completely non-issues for home users.
     
  15. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    1,861
    Likes Received:
    511
    GPU:
    .
    CVE score at least of 7.9, good job Intel!

    Nice to have an escalation of privileges to take control over AES data... https://plundervolt.com/doc/plundervolt.pdf

    This is serious, it is at least a CVE score of 7.9, on a hardware component (which need BIOS patching) involving at least 5 generations of intel core processors. Spectre wasn't serious, but this is: easy to trigger, easy to replicate, easy to code and once is done the attacker has full access to everything, no software can help this, only a firmware update. What could be worst? A version with remote target or lower privileges required.
     
    Last edited: Dec 11, 2019

  16. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    1,954
    Likes Received:
    213
    GPU:
    Guru3d GTX 980 G1
    Intel more holes than a 20 year old pub dart board.
     
    Keitosha likes this.
  17. slyphnier

    slyphnier Master Guru

    Messages:
    767
    Likes Received:
    59
    GPU:
    GTX1070
    when looking at these report....
    its looks bad with all these vulnerability report on intel cpu, yet i have to read someone really successful using the exploit in real world, that infecting few dozen user PC
    when that happen it will obviously get red-flag, not only "yellow-ish-flag"

    and again people think the OS(windows) itself, or even the user itself complete free from exploit ?
    if yes, then why till now, there still lots of people getting scammed ?

    in the end there nothing perfect, everything exploitable
    it just for user obviously we prefer "safer" product.... but if we realize it again that "safer" one is just like the word said, "safer" aka. more-safe than other, and Not complete/perfect-safe either
     
  18. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    1,861
    Likes Received:
    511
    GPU:
    .
    Not all exploits and bugs are the same. A CVE score of at least 7.9 on a hardware component is really serious, especially if the only solution is a firmware update. If you read the paper you can clearly see how easily is manipulate AES with this.
     
  19. Caesar

    Caesar Maha Guru

    Messages:
    1,171
    Likes Received:
    450
    GPU:
    GTX 1070Ti Titanium
    Any patch coming soon will SURELY affect overclockers!
     
  20. TieSKey

    TieSKey Member Guru

    Messages:
    167
    Likes Received:
    53
    GPU:
    Gtx870m 3Gb
    Home Alone movie, the kid uses that scene from a movie on tv to freak out the hotel staff. Not sure if the other movie was a real one or not.
     
    KissSh0t likes this.

Share This Page