Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Yet another serious attack on/vuln. of intel CPUs - "EchoLoad"
New on LowEndTalk? Please Register and read our Community Rules.

Yet another serious attack on/vuln. of intel CPUs - "EchoLoad"

jsgjsg Member
edited February 2020 in General

As I just fell over it and our community can well use some actual content (other than looking at itself and its troubles) ...

Welcome to yet another very serious attack on intel processors.

Why very serious?

  • Because all intel processors from Pentium 4 (Prescott) up to the newest Cascade Lake are vulnerable
  • Because KASLR (kernel address space layout randomization) can not protect the kernel against the attack.
  • Because kernel space can in fact be de-randomized ("unprotected") within tens of microseconds
  • Because it does not require intel TSX or knowledge of internal data structures
  • Because the attack is deeply rooted in the design of the microarchitecture, it cannot easily be fixed, neither in software nor hardware
  • Even on Cascade Lake with fixes for Meltdown and MDS the kernel can be de-randomized
  • The attack even works on KPTI, the Linux software mitigation for Meltdown.
  • The attack also works in restricted environments such as SGX

How about AMD? - AMD Zen is not vulnerable

Who has developed and brought us this new attack? - The University of Graz people (again) who are already well known for some studies of and finding serious attacks against x86 (mostly intel) processors. One example is "DataBounce" (which is dangerous but less so than EchoLoad.

Link to their paper -> http://cc0x1f.net/publications/kaslr.pdf

My personal take: I tried to stay halfway neutral for a long time. And in fact intel processors aren't all bad. There are some things where they are better than AMD, one important example being CPUs with low power envelope (which often is a factor in hosting).
But the more one looks, the more crappy engineering and (not really) smart "cost saving" decisions become visible. Now, we see a vulnerability which can not be mitigated, neither in hardware nor in software and, to make it even worse, it also breaks the "foundation", kernel KASLR, upon which a lot depends. Yes, there is good news too; in fact the authors themselves suggest something like a "better KASLR", but how long will that take to be examined, discussed, and finally brought into safer kernels? Things like that don't happen quickly and even if we had safer kernels - for quite a few OSs at that - within a reasonably short time frame, there still is the issue of lots and lots of older kernel which won't be updated (just think of the billions of plastic boxes out there).

TL;DR Buy AMD only

The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

Comments

  • SynatiqSynatiq Member, Provider
  • And it takes a while (at least 1 or 2 generations) for them to fix exploits in hardware...

  • dahartigandahartigan Member without signature

    @Synatiq said:
    I am so happy to see this. Intel needed a reality check for the crap they’ve been selling at a premium.

    I agree with this 100%

    I won't completely give up on Intel, but will definitely never trust them again. AMD just got even more prem. Yikes.

    Thanked by 1Synatiq
  • I trust my Intel completely.. I mean, I sleep with it under my pillow every night so..

    Thanked by 2pike pluush
  • @stefeman said:
    I trust my Intel completely.. I mean, I sleep with it under my pillow every night so..

    Beautiful packaging. Lovely :blush:

  • I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    Thanked by 1vimalware

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • dahartigandahartigan Member without signature

    @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Thanked by 1pike
  • From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    Thanked by 1Ganonk
  • @ErawanArifNugroho said:
    From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    None reported yet. You can still choose whether you prefer a YOLO lifestyle.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • @dahartigan said:

    @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Lol.. Maybe I should find punch cards and vacuum tubes.

    My take is that I won't rush to replace personal computers, but I won't take the risk for VPS in shared environments.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • dahartigandahartigan Member without signature

    @poisson said:

    @dahartigan said:

    @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Lol.. Maybe I should find punch cards and vacuum tubes.

    My take is that I won't rush to replace personal computers, but I won't take the risk for VPS in shared environments.

    This is my approach largely, however it depends on the application of the VPS. I have Intel in my "fleet" alongside AMD. It's a matter of using the right tool for the job imo :-)

  • The time for AMD is now.

  • ClouviderClouvider Member, Provider

    That’s Epyc.

    Thanked by 2eva2000 maverickp

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • JordJord Moderator, Provider

    @poisson said:

    @ErawanArifNugroho said:
    From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    None reported yet. You can still choose whether you prefer a YOLO lifestyle.

    Nothing wrong with a YOLO lifestyle 😂

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • JordJord Moderator, Provider
    edited February 2020

    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • dahartigandahartigan Member without signature
    edited February 2020

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Deeecent!

    Edit: bold fail

  • JordJord Moderator, Provider

    @dahartigan said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Deeecent!

    Edit: bold fail

    Let me fix that for you sir. Now it's prem.

    Thanked by 1dahartigan

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • ClouviderClouvider Member, Provider

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

    Clouvider Limited - Leading Hosting & Connectivity Partner || Dedicated Server Sale from £39/m - Our Latest LET Offer

    Cloud Web Hosting | SSD & SAS HA OnApp VPS | US, UK, NL & DE Dedicated Servers | Network Services | Colocation | Managed Services

  • JordJord Moderator, Provider
    edited February 2020

    @Clouvider said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

    https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Specifications
    https://www.asrockrack.com/general/productdetail.asp?Model=1U4LW-X470#Specifications

    They even have motherboards for threadripper now. Prem indeed.

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • @Jord said:

    @Clouvider said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

    https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Specifications
    https://www.asrockrack.com/general/productdetail.asp?Model=1U4LW-X470#Specifications

    They even have motherboards for threadripper now. Prem indeed.

    Threadripper boards go up to 256GB RAM, while Ryzens only go up to 128GB. Potentially a Threadripper node can support more VMs with the higher RAM and cores, but of course I haven't done a cost benefit analysis.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • Keep in mind that TR only have quad-channel memory vs octa on epyc. So if You want to do virtualization You should go with Epyc. If You need pure compute power then TR is way to go.

  • JordJord Moderator, Provider

    I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time. It's actually really nice compared to Intel. And if Intel are going to keep having these problems, I think people will start to move to AMD.

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • Mr_TomMr_Tom Member, Provider

    Jord said: I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time.

    I presume that's down to the clock speed of the Ryzen?

    VM Specialist - Custom, managed and storage VM solutions | Latest Offers

  • dahartigandahartigan Member without signature

    @Jord said:
    I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time. It's actually really nice compared to Intel. And if Intel are going to keep having these problems, I think people will start to move to AMD.

    Same here and 100% agreed. Ryzen is honestly extremely impressive, high clocks and strong on plow.

    @Mr_Tom said:

    Jord said: I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time.

    I presume that's down to the clock speed of the Ryzen?

    In my testing, yes. In saying that, the EPYC is quite fast too considering the lower clock but doesn't enter the same performance league as Ryzen.

    Thanked by 1Mr_Tom
  • JordJord Moderator, Provider
    edited February 2020
    Basic System Information:
    ---------------------------------
    Processor  : AMD Ryzen 9 3900X 12-Core Processor
    CPU cores  : 4 @ 3792.876 MHz
    AES-NI     : ✔ Enabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 3.7G
    Swap       : 0B
    Disk       : 1.1T
    
    Geekbench 5 Benchmark Test:
    ---------------------------------
    Test            | Value
                    |
    Single Core     | 1276
    Multi Core      | 4137
    Full Test       | https://browser.geekbench.com/v5/cpu/1288376
    
    Basic System Information:
    ---------------------------------
    Processor  : AMD EPYC 7551P 32-Core Processor
    CPU cores  : 3 @ 1996.250 MHz
    AES-NI     : ✔ Enabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 2.8G
    Swap       : 0B
    Disk       : 25G
    
    Geekbench 5 Benchmark Test:
    ---------------------------------
    Test            | Value
                    |
    Single Core     | 602
    Multi Core      | 1739
    Full Test       | https://browser.geekbench.com/v5/cpu/1292823
    
    Thanked by 1Ganonk

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • jsg said: Why very serious?

    The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?

  • I see cheap used Intel CPUs flooding the market.

  • Fastmako (aff) - another cheap VPS.

  • PulsedMediaPulsedMedia Member, Provider

    I am so glad we've been mostly AMD shop ever since we went for our own hardware :)
    Tho it does annoy that we do have couple racks of unused Intel servers left wondering if we should even power them up at this point.

    As for power consumption: Intel lies. and oh do they lie! On all testing we've done Intel platforms have far exceeded the power envelope expectations by a quite a big margin, where as all AMD systems tend to use less than expected. One late nice surprise was when we started using 32c/64t EPYC servers with 24 drives each, all memory channels populated, some nvme etc. and they consumed 100W less than expected, churning happily along at 400-420W power envelope in production. (@Wall, averaged over months)

    Waiting to receive some mITX X570 server motherboards late next month for testing! :)

  • jsgjsg Member
    edited February 2020

    @naing said:

    jsg said: Why very serious?

    The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?

    Answer: Look at why KASLR was developed and deployed. Also read OP again (hint: e.g. SGX).

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • @PulsedMedia (and others)

    Yes, intel is known to be, uhm, "creative" regarding the meaning of TDP, and yes. AMD's TDP numbers are more honest.

    But my point was a different one. It was about having an array of low-power 2-8 cores products. sure AMD had some but they never received a lot of love and if you saw one, for example in a router, it virtually always was a CPU that was available only to board builders and in 1k or more quantities.

    AMD seems to have gotten better at it; now they offer the "small Ryzens" for notebooks and even some quite low power versions (about 12 or 15W) - but still, those are but low core count Ryzens with a trimmed clock.

    Now, look at the V series. Many never even heard about those. And it's not really easy to find a choice of boards with those.

    But OK, I guess AMD wasn't strong enough to attack on all fronts and had to rip open one side of the intel castle first.

    Thanked by 1vimalware

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • PulsedMediaPulsedMedia Member, Provider

    Yes, AMD did not make low power server products at all.

    Used to buy many E-350 mITX boards tho, still use them, Atoms from same era are trash but the E350s consumed less energy, DDR3 upto 32Gigs if i recall right etc.

    Typically, in my experience, AMD tends to max out at the TDP rating mentioned, Intel using 1.5-2x the mentioned TDP rating, and platform differences ofc too, but somehow it always ends up AMD being less power hungry. Hell, we use hundreds of old opterons to this date, newer xeons sucks just too much power to replace those opterons, and that's even without all these security issues! Security issues makes them damn near useless.

    Now we also have those AsRock A300 based "minidedis", they are not supposed to be used as servers, but for low power high density, they work a treat! We made custom fan shrouds etc. and i am always stunned how little power they consume.

    Cannot wait when we get to start racking our custom form factor servers with the AsRock Rack boards! :)

    Thanked by 1vimalware
  • @jsg said:

    @naing said:

    jsg said: Why very serious?

    The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?

    Answer: Look at why KASLR was developed and deployed. Also read OP again (hint: e.g. SGX).

    I knew why KASLR was developed. As far as I'm concerned, KASLR may be a nice thing to have, but not very useful. Leaking the kernel address is bad, but not serious, certainly not very serious.

    SGX is a rubbish to begin with. It's a glorified DRM at best.

  • @naing said:
    I knew why KASLR was developed. As far as I'm concerned, KASLR may be a nice thing to have, but not very useful. Leaking the kernel address is bad, but not serious, certainly not very serious.

    Oh, I see. All the kernel developers and quite a few scientists are all wrong and clueless because some guy in some forum said so, because apple is accused of having done a poor job, and because "naing" says so.

    SGX is a rubbish to begin with. It's a glorified DRM at best.

    One might have a discussion on that and I even might agree to a large degree - but SGX is a decisive security device for many, it's about the best they have/had for some secure volatile storage.
    I state that so clearly because sometimes a viewpoint seems to be sensible from a theoretical perspective, but many people who have to be practical have to live with what's available.

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • @jsg said:

    @naing said:
    I knew why KASLR was developed. As far as I'm concerned, KASLR may be a nice thing to have, but not very useful. Leaking the kernel address is bad, but not serious, certainly not very serious.

    Oh, I see. All the kernel developers and quite a few scientists are all wrong and clueless because some guy in some forum said so, because apple is accused of having done a poor job, and because "naing" says so.

    Did you look at the link? He provided a technical argument to back up his opinion and you're the "some guy in some forum said so". Feel free to quote "All the kernel developers and quite a few scientists" to counter his assertion. How can you not see the obvious that you're very bad at debating? Do we need another angstrom post calling you out? You still haven't learned how to use quotes, either.

  • Announcement:

    I will from now on not any more inform about security relevant issues and events.

    You can thank TimboJones.

    The problem with democracy is that by definition > 85% of the voters are not particularly intelligent.

  • @jsg said:
    Announcement:

    I will from now on not any more inform about security relevant issues and events.

    You can thank TimboJones.

    And nothing of value was lost. If people relied on you for security relevant issues and events, they were already fucked in the first place. Your posts make poor arguments without providing data to back up your opinion. You assert the issue is "very serious", and then when someone disagrees, while providing very detailed reasons why you're mistaken, you have to go cry to mommy instead of technically engaging in robust discussion.

    My personal take

    Jesus, so much valuable insight (sarcasm) from that paragraph that isn't relevant to the topic you started and it's a lot of words to say fuck all. What is your point from this? Security issues that are "very serious" are ok because of lower power (not quantified, no source, just your opinion)? That's just bad logic.

    I tried to stay halfway neutral for a long time.

    Lol, wut? You're the one who started a thread talking about how they lied about fixing the flaws that were disclosed to them while designing their latest gen chips. I haven't seen any neutral observer tone from you on Intel in any previous Intel security thread. This is just a bonkers statement.

    I can't recall another person constantly blaming others for their faults other than orange man. If you have colleagues, I pity them.

    @angstrom already clearly said what your problem is:

    Again, it doesn't work this way.

    You wrote something (twice, for that matter).
    You've now been called out for what you wrote.
    And now you're trying to avoid responsibility for what you wrote (= you're running away).
    (We've seen this before.)

    Print that quote out, read it every morning and then take some responsibility, FFS. Blaming me for not being able to have technical debate without throwing a hissy fit is pretty pathetic for a grown man. What a baby.

    Thanked by 2naing doghouch
  • jfracjfrac Member, Provider

    Lol, and we were planning to buy some xeon v3 decommisioned servers.
    Guess we'll just go Epyc, some supermicro boards can fit in those old opteron 1u chassis fine, you just need a 20 to 24 pin adapter for the psu and remove the io shield.

Sign In or Register to comment.