Massive CPU Security Flaws Revealed

Yeah, another intel bug like Meltdown. AMD is definitely looking better.

Name your new notable thing “SPOILER” to make it virtually search engine kryptonite, gg.

So, this sounds really, really bad, especially to cloud providers. That’s a monstrous number of CPUs that have to be replaced.

For those who aren’t afraid of the flaws, it may mean a lot of cheap used hardware appearing on the market soon. I mean, you would think?

Are we reasonably certain that the only reason similar flaws haven’t been found in AMD is because of security by obscurity? I don’t have any reason to think they are vulnerable, but then again, is anyone actually working on attacking them, given how prevalent Intel is?

Don’t know, but that approach has worked pretty damned well for macs for the last two decades.

That’s one possible explanation, another is that AMD just didn’t have the same level of optimizations that Intel had, and hence has fewer surfaces to attack.

According to https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

For this specific bug, yes. That wasn’t the point.

Here we go again

In a call with TechCrunch, Intel said the microcode updates, like previous patches, would have an impact on processor performance. An Intel spokesperson told TechCrunch that most patched consumer devices could take a 3 percent performance hit at worst, and as much as 9 percent in a datacenter environment. But, the spokesperson said, it was unlikely to be noticeable in most scenarious.

Edit: Ars has a better article with more details

Another intel-specific design exploit. I still wonder if AMD doesn’t have just as many mistakes, but they just haven’t been found or disclosed publicly because it isn’t as popular.

This was a pretty serious (and rather large) team of security experts from around the world. Assume they’re on the cutting-edge of this stuff, and they’re testing every new method on all modern chips. AMD came clean in this case.

Oh, and Google is disabling hyperthreading in Chrome OS to mitigate this. So those high-end Chromebooks you bought just got slower.

Speaking of which, today’s cumulative Win10 update finally enables retpoline, which should mitigate a lot of the performance impact from Spectre mitigations.

https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441

MDS mitigation performance hit is real.

https://phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

And that’s with hyperthreading left on. It gets worse if you shut it off.