New RIDL vulnerability hits Intel - Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 14, 2019.

  1. jwb1

    jwb1 Master Guru

    Messages:
    490
    Likes Received:
    66
    GPU:
    MSI GTX 2080 Ti
    Even with the slight performance hit, Intel is still faster. That's how bad AMD is.
     
  2. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    6,203
    Likes Received:
    638
    GPU:
    MSI GTX 1070
    Wow, we got ourselves a real one here.
     
  3. Alessio1989

    Alessio1989 Maha Guru

    Messages:
    1,404
    Likes Received:
    235
    GPU:
    .
    Microcode can be patched from the OS loader if the MB firmware does not provide an updated version. Of course everything that runs between system power up and OS loader is still without any protection, but for most users is enough.
     
  4. Humanoid_1

    Humanoid_1 Master Guru

    Messages:
    947
    Likes Received:
    64
    GPU:
    MSI RTX 2080 X Trio
    There is no way at all you can try to claim no one has been attacked due to this vulnerability, that is the whole point of hacker groups and Govs having unpatched/unknown zero day exploits in their arsenal of tools used to abuse people in various ways !!!
     
    Fox2232 likes this.

  5. Astyanax

    Astyanax Ancient Guru

    Messages:
    3,699
    Likes Received:
    1,005
    GPU:
    GTX 1080ti
    I can without a doubt claim that nobody has been attacked by this vulnerability.
     
  6. Humanoid_1

    Humanoid_1 Master Guru

    Messages:
    947
    Likes Received:
    64
    GPU:
    MSI RTX 2080 X Trio
    Sure you are absolutely right, anyone can claim Anything that they want, but claiming idiotic things will tarnish their image to some degree in the eyes of the people around them ;)

    Such an exploit can be worth many 10's of millions to the right group selling it to Govs about the world who use them subjugate people.
    This is well known already where such groups buy such an exploit for up to a couple of million (or much more than a bug bounty), keep it secret + then obviously sell for a LOT more many times over to Govs.

    Such an exploit becomes worthless once it is no longer a secret......
     
  7. Alessio1989

    Alessio1989 Maha Guru

    Messages:
    1,404
    Likes Received:
    235
    GPU:
    .
    This is why this security bugs are classified only as "medium", all those bugs are not easy to reproduce by the average Bob. But what happen if "bad guy" (cit. Kurose-Ross) find the way to exploit all this? Those issues are potentially more dangerous than the first Meltdown/Spectre first wave bugs, they can give complete access to any non-cached virtual address in memory, bypassing OS kernel address randomization. If all those bugs are not a very-high priority issues for simple consumer, they are for datacenters and HPCs.
     
  8. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    10,944
    Likes Received:
    3,078
    GPU:
    2080Ti @h2o
    Yes, you are right. But it's neither what the biggest part of the userbase will be able to do, nor is it my job as a customer to fix a faulty product... if a car manufacturer builds a car with crap breaks, it's not the driver's job to change the breaks, he gets an appointment at the garage to fix it.



    Yes, you can claim anything ;)
     
    Fox2232 likes this.
  9. vbetts

    vbetts Don Vincenzo Staff Member

    Messages:
    14,714
    Likes Received:
    1,296
    GPU:
    RTX 2070FE
    Yeah, let's not make posts like this please. Thank you.
     
  10. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,511
    Likes Received:
    1,394
    GPU:
    HIS R9 290
    Part of me wonders if this is related to that kernel patch Linux had a few months ago, that basically just outright inadvertently disabled HT. Needless to say, people were pretty pissed about that patch because of the substantial performance losses, though it was modified to allow HT under certain conditions. So as far as I'm concerned, Linux users basically already got this vulnerability patched.

    Still ridiculous though. Seems to me there should be some more benchmarks showing how fast Intel's CPUs really are after you make them properly secure.
     
    anticupidon likes this.

  11. Alessio1989

    Alessio1989 Maha Guru

    Messages:
    1,404
    Likes Received:
    235
    GPU:
    .
    Except the OS loader patch is provided by Intel and distributed by Microsoft/Canonical/Apple/RedHat/Gnu foundation etc...
     
  12. H83

    H83 Ancient Guru

    Messages:
    2,734
    Likes Received:
    408
    GPU:
    MSI Duke GTX1080Ti
    Man Intel CPUs have so many security holes!!! Intel is looking very silly/stupid right now... And i imagine how some huge companies with Intel expensive servers must be feeling right now with all the exploits being found...
     
  13. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,755
    Likes Received:
    2,203
    GPU:
    5700XT+AW@240Hz
    IMagine next Snowden revealing that some of those vulnerabilities have actually been used for years... Days later all data center clients demand disabled HT.
     
  14. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    10,944
    Likes Received:
    3,078
    GPU:
    2080Ti @h2o
    True. My car breaks better / harder / faster after such a fix. With Intel it's quite the opposite st ill. But you are right about the distribution I guess.
     
  15. Txatxiquesi

    Txatxiquesi New Member

    Messages:
    9
    Likes Received:
    3
    GPU:
    Zotac 1080 Mini.
    My Motherboard brand(Asrock) just publish a new BIOS with intel microcode update, i am wondering if is really worth update since is already risky trying update the BIOS.....
     

  16. anticupidon

    anticupidon Ancient Guru

    Messages:
    4,037
    Likes Received:
    790
    GPU:
    Vega
    Let's play a game of heavy drinking every time an Intel vulnerability is announced.
    After a few weeks: oh man, my liver is toast...
     
    typhon6657 and HWgeek like this.
  17. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,755
    Likes Received:
    2,203
    GPU:
    5700XT+AW@240Hz
    DO not worry, article is not real. Everything is fine.
    ...
    ...
    Better?
     
  18. jwb1

    jwb1 Master Guru

    Messages:
    490
    Likes Received:
    66
    GPU:
    MSI GTX 2080 Ti
    This. We will forget they patched it same day. Announced micro code updates are coming. Yet, all they want to focus on is their hate for evil Intel. I'm all for Intel vs AMD competition, but they cannot see anything beyond their hate for Intel.

    And yes, I can say since 2008 there is no record of an actual attack with any of these vulnerabilities. So unless you can come back with actual proof, again this affects really no one right now in the real world, especially since there are patches available. BTW, I felt the same way when the security flaws were announced for both Intel and AMD previously.
     
    Last edited: May 15, 2019
  19. Fox2232

    Fox2232 Ancient Guru

    Messages:
    9,755
    Likes Received:
    2,203
    GPU:
    5700XT+AW@240Hz
    That's incredibly naive way to look at things. You have few men research labs & students finding those vulnerabilities and NSA/CIA/... not finding them and exploiting them?

    Have you ever thought why Russia went to develop multiple CPUs for their governments? You must be sure that it was done to make everyone in the world laugh on how slow those chips are. You are likely sure that it was not because their "best HW hackers in the world" did discover that intel's chips are having more similarities with elemental cheese than CPUs, and AMD's are not that far behind.

    I wonder about number of those vulnerabilities OFFICIALLY found by China or Russia. (I know your answer... "None, because they found none.")
     
  20. bombardier

    bombardier Master Guru

    Messages:
    225
    Likes Received:
    22
    GPU:
    RTX 2080 Ti GAMING
    Go to first bios! LOL.
     

Share This Page