Retbleed: A new Specter version infects older Intel and AMD CPUs.

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jul 13, 2022.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    48,388
    Likes Received:
    18,552
    GPU:
    AMD | NVIDIA
  2. cucaulay malkin

    cucaulay malkin Ancient Guru

    Messages:
    9,236
    Likes Received:
    5,208
    GPU:
    AD102/Navi21
    seems to affect zen1/2 the worst with near 100% success rate and higher leakage bandwidth, as well as 7th/8th gen in a big way too.
     
  3. Venix

    Venix Ancient Guru

    Messages:
    3,440
    Likes Received:
    1,944
    GPU:
    Rtx 4070 super
    New week new vulnerabilities. Well I hope the impact from the fixes of those is not huge.
     
  4. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    9,633
    Likes Received:
    3,413
    GPU:
    NVIDIA RTX 4070 Ti
    My old 4770K was pretty much downgraded to the first generation i7.
     

  5. cucaulay malkin

    cucaulay malkin Ancient Guru

    Messages:
    9,236
    Likes Received:
    5,208
    GPU:
    AD102/Navi21
    same thing will happen to zen2 now
    good thing 7/8th gen are already the same as first skylake lol

    just disable them, lol.
    who cares about some smecter
     
  6. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,513
    Likes Received:
    2,355
    GPU:
    Nvidia 4070 FE
    It feels like hackers know more about software than the coders who developed the software, and vulnerability investigators know more about CPUs than the engineers who designed the CPUs.
     
  7. alanm

    alanm Ancient Guru

    Messages:
    12,232
    Likes Received:
    4,435
    GPU:
    RTX 4080
    With millions of users of older CPUs I guess there is safety in numbers. How many systems can hackers go through per day until they reach you? :D
     
  8. umeng2002

    umeng2002 Maha Guru

    Messages:
    1,425
    Likes Received:
    331
    GPU:
    4080 Super
    “Hackers” aren’t developing these exploits. Researchers are.
     
  9. Horus-Anhur

    Horus-Anhur Ancient Guru

    Messages:
    8,633
    Likes Received:
    10,682
    GPU:
    RX 6800 XT
    This exploit can be used remotely, or does it require physical access to the hardware?
     
  10. sykozis

    sykozis Ancient Guru

    Messages:
    22,492
    Likes Received:
    1,537
    GPU:
    Asus RX6700XT
    You'll never have 100% secure software or hardware. It's also impossible for CPU designers to account for every possible security flaw in any chip design. Same with software devs.... If you want a 100% secure computer, disassemble it and melt the parts down. As long as a computer is functional, there will be security flaws.

    Given the vulnerability allows for software based attacks, remote execution is likely possible....
     
    Horus-Anhur likes this.

  11. Blueabyss25

    Blueabyss25 Member

    Messages:
    22
    Likes Received:
    5
    GPU:
    MSI 3080 SUPRIMX 10
    but if there was no loophole, what would the authorities do then!? :D:rolleyes:
     
  12. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,973
    Likes Received:
    4,341
    GPU:
    HIS R9 290
    I misread the name as "Rectbleed". Not exactly the newest "vulnerability" but sure is a problem for many lol.
     
    sykozis and fantaskarsef like this.
  13. user1

    user1 Ancient Guru

    Messages:
    2,746
    Likes Received:
    1,279
    GPU:
    Mi25/IGP
    Ever since the first spectre exploit, browsers have effectively crippled the accuracy and precision of timers via javascript, so successful remote execution is unlikely, I won't say its impossible though. ultimately you still have to run foreign code on your machine for this to work.
     
    Horus-Anhur likes this.
  14. D1stRU3T0R

    D1stRU3T0R Master Guru

    Messages:
    678
    Likes Received:
    241
    GPU:
    8 GB
    When people say "old AMD CPU" im thinking about AMD FX and older, not Ryzen lol

    ps: i like how Intel 12 series has microcode: 0xd

    xd
     
  15. LesserHellspawn

    LesserHellspawn Master Guru

    Messages:
    690
    Likes Received:
    32
    GPU:
    RTX 3080ti Eagle
    Yep, from the view of my i7 5960X all of those CPUs are brand spanking new.
     
    fantaskarsef likes this.

  16. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,011
    Likes Received:
    7,351
    GPU:
    GTX 1080ti
    Does not affect windows at all.
     
    D1stRU3T0R, Venix and cucaulay malkin like this.
  17. Venix

    Venix Ancient Guru

    Messages:
    3,440
    Likes Received:
    1,944
    GPU:
    Rtx 4070 super
    Good catch !
     
  18. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    8,125
    Likes Received:
    969
    GPU:
    Inno3D RTX 3090
  19. Astyanax

    Astyanax Ancient Guru

    Messages:
    17,011
    Likes Received:
    7,351
    GPU:
    GTX 1080ti
    It does not affect Windows

    The mitigations are necessary for linux only.

    "Windows systems are not affected given that these systems use Indirect Branch Restricted Speculation (IBRS) by default which is also the mitigation being made available to Linux users. Intel is not aware of this issue being exploited outside of a controlled lab environment.”
     
  20. RealNC

    RealNC Ancient Guru

    Messages:
    4,944
    Likes Received:
    3,222
    GPU:
    4070 Ti Super
    The perf impact of this mitigation is quite big. On Linux, it can be disabled with the:

    Code:
    retbleed=off
    
    kernel option. Other Spectre mitigations are left on. It only disables the costly retbleed mitigation. No idea how to disable it on Windows.

    Exploiting retbleed requires local access or otherwise the ability to execute code locally, so unless you're running some multi-user system (including remote login), it should be safe to disable.
     

Share This Page