New Spectre-like CPU vulnerability discovered

[Jamie McKane]

New Spectre-like CPU vulnerability discovered

Researchers have discovered a new variation of the Spectre CPU vulnerability which is easier to exploit than the original security flaw.

The vulnerability is named SplitSpectre, and is reportedly a variation of the original Spectre CPU security flaw which can be exploited via browser-based code.

 

[w1z4rd]

Ryzen, here I come.

 

[Fulcrum29]

Ryzer, here I come.

Good choice, because Ryzen chips are also vulnerable.

 

[w1z4rd]

Good choice, because Ryzen chips are also vulnerable.

Yeah, to the same level? What would you recommend? What is the safest CPU? Or what are the various risk levels with various hardware choices out there.

 

[Fulcrum29]

Yeah, to the same level? What would you recommend? What is the safest CPU? Or what are the various risk levels with various hardware choices out there.

Read the report, it is linked in the article.

 

[backstreetboy]

ARM, here I come.

tiftfy

 

[w1z4rd]

Read the report, it is linked in the article.

Contains some data, but not enough to find out what we should be using to make safer systems. Which cpu`s are safer than others? Even on micro hardware.

Since the measurement technique differs between the
two CPU vendors, results for Intel and AMD cannot be
compared.
Table IV shows the results of this experiment. We see that
complex instructions such as
div
, which translates to multiple
μ
ops, widen the speculation window. The same is true for a
cache miss, when the CPU needs to fetch the data from main
memory.
At the same time, access to cached memory contributes
little to the speculation window compared to a register access.
Measuring a range from four to twelve cycles, the results
for Broadwell and Skylake are in accordance with Intel’s
performance analysis guide [1] which states four cycles as
the average for an access to L1 and ten cycles for L2.
On AMD, we see even less impact between register and
cached accesses. In addition, adding a complex instruction on
top of an acp/quote]

 

[w1z4rd]

tiftfy

Are there ARM processors we can game on? Priorities and stuff.

 

[Fulcrum29]

Contains some data, but not enough to find out what we should be using to make safer systems. Which cpu`s are safer than others? Even on micro hardware.

Well, that report covers a sample size and the risk may be broad across the several AMD and Intel architectures. The best option is to purchase supported hardware which isn't in EoL and trust the logic/motherboard, CPU and related R&D and manufacturers to patch accordingly. There is no prevention, only cure for these type of scenarios.

 

[w1z4rd]

Well, that report covers a sample size and the risk may be broad across the several AMD and Intel architectures. The best option is to purchase supported hardware which isn't in EoL and trust the logic/motherboard, CPU and related R&D and manufacturers to patch accordingly. There is no prevention, only cure for these type of scenarios.

It would be useful if there was good data we could use that perhaps lists that various architectures out there and their security levels and risk.

 

[Fulcrum29]

It would be useful if there was good data we could use that perhaps lists that various architectures out there and their security levels and risk.

Here is a guideline,

https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

remember this is a 'new' exploitation and there may still be more windows of opportunity out there if you know what I mean.

 

[w1z4rd]

Here is a guideline,

https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

remember this is a 'new' exploitation and there may still be more windows of opportunity out there if you know what I mean.

Yeah, right now I have very little privacy so always looking for methods to make more secure hardware choices ty for the link

 

[w1z4rd]

 

[w1z4rd]

2990WX is one of the new chips out, it isnt in that list, the last Ryzen chips were these I think.



It might just be because they were not tested yet?

 

[w1z4rd]

Based on what I see the Ryzen looks kinda safer? It doesnt have the Meltdown problem and hopefully they are hardening against specter.

 

[Fulcrum29]

2990WX is one of the new chips out, it isnt in that list, the last Ryzen chips were these I think.

View attachment 588564

It might just be because they were not tested yet?

The article was last updated in March on the 7th. It will probably be updated again to include SplitSpectre.

 

[w1z4rd]

The article was last updated in March on the 7th. It will probably be updated again to include SplitSpectre.

SplitSpectre showed slightly better results and I am not sure if newer cpu`s were tested there either. I still liked what I read about Ryzen over Intel in that link you shared, might be my bias.

Really want more data on this

 

[Fulcrum29]

Based on what I see the Ryzen looks kinda safer? It doesnt have the Meltdown problem and hopefully they are hardening against specter.

Microsoft Windows is patched for Meltdown and Spectre, iirc since May/June if your supported OS is up to date. Several motherboard manufacturers also released firmware for patching.

 

[w1z4rd]

Microsoft Windows is patched for Meltdown and Spectre, iirc since May/June if your supported OS is up to date. Several motherboard manufacturers also released firmware for patching.

On Arch Manjaro. Patched afaik. Dont feel secure... but I am currently on an Intel cpu

 

[Swa]

Oh for peet's sake when are we going to stop with this sensationalism. CPU exploits are nothing new but you need access to a system first. Once you're there you can execute whatever you want anyway. This is like drilling a hole in a bathtub when you can simply pull the plug.