Office

Intel recommends disabling hyper

Table of contents:

Anonim

New security flaws have been discovered in Intel's processors that have to do with speculative execution, but this time they are more serious than we have seen before, to the point that Intel is recommending disabling HyperThreading.

Intel names the bug as 'MDS' and recommends disabling HyperThreading.

The 4 security breaches have been announced by Intel in coordination with the Austrian TU Graz University, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, the Worcester Polytechnic Institute, the University of Saarland in Germany and security companies Cyberus, BitDefender, Qihoo360 and Oracle. While some of them named the four flaws as " ZombieLoad ", " Fallout ", RIDL, or " Rogue In-Flight Data Load ", Intel is naming the set as PEGI-13 Microarchitectural Data Sampling (MDS).

Like other speculative execution attacks, these flaws can allow hackers to obtain information that would otherwise be considered safe if it had not been executed through CPU speculative execution processes. Meltdown was reading sensitive information that was being stored in memory, but MDS attacks could read the data in the different CPU buffers (Threads). The researchers say that this flaw can be used to divert data from the CPU at near real-time speed, and can be used to selectively extract information deemed important, it could be passwords or the websites the user is visiting on the moment of attack.

Visit our guide on the best processors on the market

Intel says significant patches will be needed to close this huge security breach and that it will impact performance. The modus operandi would be for the entire data collection and writing cycle to be restarted within the CPU each time a different process is called. That is, the buffers must be erased or overwritten each time you go from one application to another, even from one service to another that is not from the system itself.

The company estimates that the performance loss would be 9%. A more drastic solution is to disable the HyperThreading function as guaranteed protection against MDS attacks on those eighth and ninth generation processors. This, unsurprisingly, would have a significant impact on many tasks, and games.

The CVE codes for the vulnerabilities are as follows:

  • CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS) CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

We will keep you informed.

Techpowerup font

Office

Editor's choice

Back to top button