Say hello to Downfall, another data-leaking security hole in several years of Intel chips
Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel Downfall, the two Google researchers say,"exploits the speculative forwarding of data from the SIMD Gather instruction.
" SMID stands for"single instruction, multiple data" and refers to a type of parallel processing. "The Gather instruction helps the software access scattered data in memory quickly, which is crucial for high-performance computing workloads performing data encoding and processing," explained Moghimi and Ormandy."Downfall shows that this instruction forwards stale data from the internal physical hardware registers to succeeding instructions." Accessing this data involves a process similar to the exploitation of Meltdown. The technique involves: issuing instructions to make it more likely that transiently-forwarded data will be visible; executing the gather instruction; encoding a 32-bit unsigned integer so as to reveal up to 4 bytes of transient data; and scanning the cache using the Flush+Reload technique, which removes and reloads data from a shared cache to determine data related to the targeted user.available for those inclined to test it., according to Moghimi and Ormandy, imposes a performance hit ranging from zero to 50 percent, depending on the workload. The x86 giant, meanwhile, sought to downplay the security weakness, saying the Googlers exploited the shortcoming “within the controlled conditions of a research environment.""While this attack would be very complex to pull off outside of such controlled conditions, affected platforms have an available mitigation via a microcode update," an Intel spokesperson told us today. "Recent Intel processors, including Alder Lake, Raptor Lake, and Sapphire Rapids, are not affected. Many customers, after reviewing Intel's risk assessment guidance, may determine to disable the mitigation via switches made available through Windows and Linux operating systems as well as VMMs. "In public cloud environments, customers should check with their provider on the feasibility of these switches.”
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Ukraine war: Several killed in Russian missile strike eastern Ukraine, officials sayPresident Zelensky said the Russian attacks had struck an 'ordinary residential building'.
Read more »
China’s CPU champ Loongson is four years behind IntelChina's great CPU hope – Loongson – finds it's only four years behind Intel
Read more »
Sinéad O'Connor: Mourners to say final goodbyes ahead of private burialA cortege will pass through the singer's former home of Bray, County Wicklow, after a private service.
Read more »
Man who fled UK to Bulgaria after terrorism charges jailedPolice say David Bodill was found with chemicals for explosives and had downloaded bomb-making manuals.
Read more »
Microsoft, Intel lead this month's security fix emissionsDownfall processor leaks, Teams holes, VPN clients at risk, and more
Read more »
Apple, Samsung, and Intel to invest in Arm IPOApple, Samsung, and Intel to invest in Arm IPO, and emerge with some control: report
Read more »