Last year security researchers revealed a set of vulnerabilities affecting the speculative execution feature used by many modern processors to enhance performance. Since the revelation of the Spectre and Meltdown vulnerabilities, a number of related vulnerabilities have been disclosed and today Intel and several groups of security experts have revealed a new set.

The new vulnerabilities have names like ZombieLoad, RIDL, and Fallout, but Intel calls the new group of vulnerabilities “Microarchitectural Data Sampling,” or MDS.

While it’s unclear if malicious hackers have made use of the vulnerabilities, theoretically they allow an attacker to access data on a personal computer or cloud server that shouldn’t be publicly accessible.

Intel says it’s begun including hardware-based mitigations to help protect against this class of vulnerability with its 8th-gen and 9th-gen Core processors. But Intel is also releasing microcode updates for many chips released in the past decade, and working with operating system makers to take further steps to offer software-based mitigations.

But while those steps could help protect your data, they could also take a toll on performance of your computer.

That’s because one of the things you may be able to do to help protect a system from these vulnerabilities is to disable hyperthreading. So if you have a computer with a 2-core/4-thread processor or a 4-core/8-thread chip, you might find yourself limited to running only as many threads as you have CPU cores after a software update.

Depending on the activity, you might not notice much difference… or you could see a pretty significant performance hit.

Microsoft says it’s working with Intel to develop mitigations… and offers guidance for steps Windows users may be able to take now which may also include disabling hyper-threading

Google says it’s already disabled hyperthreading by default in Chrome OS 74, but users who want to manually re-enable it can do so by opening chrome://flags#scheduler-configuration and changing the Hyper-Threading option from “conservative” to “performance.”

Canonical says updated linux kernel, qemu, and intel-microcode packages for are “being published as part of the standard Ubuntu security maintenance” for all currently-supported versions of Ubuntu, and updates should be coming for many other GNU/Linux distributions as well. But Canonical still notes that some users may want to disable hyperthreading for enhanced security.

And Apple says the latest versions of macOS includes security updates for the Safari web browser and suggests users only download trusted apps from the Mac App Store to avoid malware that would exploit the vulnerabilities… which seems like a kind of odd response to such a massive vulnerability.  But Apple also offers the option of disabling hyperthreading for “full mitigation for MDS in macOS.”

You can read more about the new MDS attacks in Intel’s “deep dive” analysis.

via CPU.fail, Tom’s Hardware, Ars Technica, and Hacker News

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,547 other subscribers

4 replies on “More vulnerabilities affecting Intel chips revealed”

  1. People might be motivated to buy a new laptop if their current one feels slower. Intel might benefit with more sales. Kind of like when Experian had the massive data breach and then received many new orders for credit monitoring. I don’t think it is intentional, but it posses me off to see them have a net benefit.

      1. Data centers are being told “By the way your 2c/4t VM business model is new screwed. Will your customers accept 3c/3t or will you have to buy double the rack space and power to deliver 4 threads?”

  2. AMD – In 2019, we’re bringing you 32 threads to Ryzen and 128 threads to EPYC. Intel – Remember those 16 threads we gave you on desktop? Now, they’re only 8.

    EDIT: To clarify, only Whiskey Lake has the necessary hardware mitigations. Coffee Lake, while it is technically 8th Gen, does not. So the i9-9900K, which is a Coffee Lake-based product, is most definitely susceptible to this form of attack.

Comments are closed.