Processador Vulnerabilidade MeltDown / Spectre (aka Kaiser bug)

[Nemesis11]

Downfall....

Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982, enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.

The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible

https://downfall.page/
https://downfall.page/media/downfall.pdf

Gather Data Sampling (GDS) is a transient execution side channel vulnerability affecting certain Intel processors. In some situations when a gather instruction performs certain loads from memory, it may be possible for a malicious attacker to use this type of instruction to infer stale data from previously used vector registers1. These entries may correspond to registers previously used by the same thread, or by the sibling thread2 on the same processor core.

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html?wapkw=gather data sampling

Intel DOWNFALL Ultra-Scary AVX2 and AVX-512 Side channel Attack Discovered​

The new Downfall vulnerability is a big one. This impacts Intel’s desktop CPUs up to Alder Lake and Intel’s server CPUs up to Ice Lake, the generation that was still top-of-the-line on the first day of 2023. Found by Daniel Moghimi, now at Google, the vulnerability targets AVX2 and AVX-512 pipelines in what Intel is calling a Gather Data Sampling (GDS) attack.

Intel and Daniel have been working for some time on this before its disclosure today. Intel and its firmware and OS partners have been coordinating a microcode update that will mitigate the vulnerability. This is an important enough vulnerability that the default will be “ON” for the mitigation.

For STH readers, if you have AVX-512 or AVX2 heavy pipelines, then we would advise looking at the pre/post mitigation performance and doing a risk assessment based on the likelihood that an attack can occur in your environment.

Which CPUs are Impacted by Downfall?​

Intel told us that the following CPU architectures are impacted:

1. Skylake family (Skylake, Cascade Lake, Cooper Lake, Amber Lake, Kaby Lake, Coffee Lake, Whiskey Lake, Comet Lake)
2. Tiger Lake family
3. Ice Lake family (Ice Lake, Rocket Lake)

To the best of our knowledge, AMD CPUs are not impacted by this.

https://www.servethehome.com/intel-...2-and-avx-512-side-channel-attack-discovered/

 

[Ansatsu]

enables a user to access and steal data from other users who share the same computer.

Parece ser mais perigoso para servers do que para desktops.

 

[Nemesis11]

Parece ser mais perigoso para servers do que para desktops.

É melhor ver a frase a seguir a essa.

For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages.

E a razão é:

The vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software. This allows untrusted software to access data stored by other programs, which should not be normally be accessible.

 

[muddymind]

O impacto das mitigações chega a ser desastroso em alguns casos com penalização até 50% de performance:
https://www.phoronix.com/review/intel-downfall-benchmarks

 

[DJS]

O impacto das mitigações chega a ser desastroso em alguns casos com penalização até 50% de performance:
https://www.phoronix.com/review/intel-downfall-benchmarks

 

[Nemesis11]

O impacto das mitigações chega a ser desastroso em alguns casos com penalização até 50% de performance:
https://www.phoronix.com/review/intel-downfall-benchmarks

Algo a ter em consideração:

As covered in yesterday's articles around Downfall, the microcode-based security mitigation can impact the performance of software relying on AVX2/AVX-512 GATHER instructions if gather is being used in an application's hot code path.

As Phoronix is a one-man-band I am still battling away with exploring more workloads to be impacted by the mitigation but at least AVX2/AVX-512 workloads without using the VGATHER* instructions (or not within any hot code paths) are not impaired and showing the same level of performance as with prior microcode revisions. However, there still are certainly some workloads like various AI software and some Intel oneAPI open-source components that do indeed carry very measurable overhead now as a result of the Downfall mitigations.

Aqueles valores não deverão ser os piores casos. Deverá haver software onde a perda de performance será superior.

 

[Roberto1973]

Intel corrige a falha de downfall ao preço de uma forte degradação do desempenho da CPU

 

[Nemesis11]

ReturnAddress Security Bulletin​

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html

Benchmarks das perdas no Zen 3, com os diferentes patchs para o Inception.

For Zen 3 and Zen 4 processors AMD is in the process of rolling out new microcode while for Zen 1 / Zen 2 there is simply a kernel-based mitigation needed. For Zen 3 and Zen 4 though the kernel-only mitigation solution is also available in the event your system doesn't yet have updated firmware/microcode.

off - No Inception mitigations. All other CPU security mitigations were at their defaults... This testing is just looking at the Inception mitigation overhead.

safe RET no microcode - The purely kernel-based mitigation while using the prior Family 19h CPU microcode without the Inception mitigation there.

safe RET - The default safe RET mode when using the newest CPU microcode.

IBPB - The alternative IBPB-based mitigation approach.

Onde as perdas são maiores, é em Bases de dados:

Para aí em metade, há perdas, mas que não são tão grandes:

No resto, a diferença é quase nula:

Overall it comes down to what workloads you are engaged in whether you may notice any performance difference when upgrading your Linux kernel (or otherwise being patched for Inception on your given OS) on an AMD Zen desktop or server.

For the most part users are unlikely to notice anything drastic, aside from some sizable database performance hits in a few cases.

It's unfortunate seeing some of these regressions due to the Inception mitigation but ultimately is unlikely to really change the competitive standing of AMD's latest wares on Linux. Most of the prior AMD CPU security mitigations have also not resulted in any performance degradation, so this Inception mitigation difference is a bit rare.

https://www.phoronix.com/review/amd-inception-benchmarks

 

[Dark Kaeser]

https://twitter.com/i/web/status/1744996055912005916

Para CPU da Intel com iGPU, não testaram nos APU da AMD, que eram os únicos com iGPU até há pouco.

 

[muddymind]

New UEFI vulnerabilities send firmware devs industry wide scrambling