[情報] 新的幽靈漏洞昨天被發佈
新聞來源:
https://www.tomshardware.com/news/intel-alder-lake-arm-cpus-affected-by-new-spectre-vulnerability
新的幽靈漏洞昨天被發佈,
這個屬於Specture-V2的漏洞,主要影響Intel跟Arm CPU系統,
Intel從Haswell開始到Alderlake都有影響,
會出一個新的軟體更新去修正這問題,
Arms則是影響Cortex A15, A57, A72 及 Neoverse V1, N1, and N2
可由Intel之 CVE-2022-0001、CVE-2022-0002
及 Arm 之 CVE-2022-23960 了解漏洞及修正
漏洞演示:
https://twitter.com/vu5ec/status/1501256481097883648
底下為原文:
VUSec security research group and Intel on Tuesday disclosed a yet another Spectre-class speculative execution vulnerability called branch history injection (BHI). The new exploit affects all of Intel processors released in the recent years, including the latest Alder Lake CPUs, and select Arm cores. By contrast, AMD's chips are believed to be unaffected.
BHI is a proof-of-concept attack that affects CPUs already vulnerable to Spectre V2 exploits, but with all kinds of mitigations already in place. The new exploit bypasses Intel's eIBRS and Arm's CSV2 mitigations, reports Phoronix. BHI re-enables cross-privilege Spectre-v2 exploits, allows kernel-to-kernel (so-called intra-mode BTI) exploits, and allows perpetrators to inject predictor entries into the global branch prediction history to make kernel leak data, reports VUSec. As a result, arbitrary kernel memory on select CPUs can be leaked and potentially reveal confidential information, including passwords. An example of how such aleak can happen was published here.
VUSec
圖片我就不附上,因為有影片
(Image credit: VUSec)
All of Intel's processors beginning with Haswell (launched in 2013) and extending to the latest Ice Lake-SP and Alder Lake are affected by the vulnerability, but Intel is about to release a software patch that will mitigate the issue.
Numerous cores from Arm, including Cortex A15, A57, A72 as well as Neoverse V1,N1, and N2 are also affected. Arm is expected to release software mitigations for its cores. What is unclear is whether custom versions of these cores (e.g., select cores from Qualcomm) are also affected and when the potential security holes will be covered.
Since this is a proof-of-concept vulnerability and it is being mitigated by Intel and Arm, it should not be able to be used to attack a client or server machine — as long as all the latest patches are installed. There's no indication how much the mitigations will impact performance.
----------
https://i.imgur.com/RVYbywG.jpg
----
Sent from BePTT on my SHARP FS8002
--
是AMD運氣好嗎?常常都沒他的事
架構不同,分支預測做法不同
不會說都沒有,但是會比較少
其實沒有比較少,只是沒人無聊一直
貼。這一個還算蠻有趣的
AMD自己bug就夠搞了
Designer: 又要多浪費電晶體了
一直都有,看大不大條和好不好修而
已,以前的漏洞是修完-50%效能才被
幹
AMD被炮是因為效能原本就沒有intel
好 修完BUG例如當年TLB BUG效能
又更少
安全漏洞無感吧 用AMD的很少
的人
i皇「跟上!! AMD快跟上!!」
I皇就靠漏洞偷效能
當年分支預測漏洞號稱修補後最多會
降20%效能,但是實測之後影響很小
不過這個一系列漏洞的確打亂了i社
的處理器布局,黑暗的九代U大部分都
拿掉了HT,整個市場定位亂掉
九代可以說是最亂的一代
打了補丁又要降幾%效能
原來是宣稱喔?我還以為是真的 XD
那時很多團隊都測試過了,是有影響
但是對於一般user的影響很小。分支
預測的漏洞影響最大的是server用戶
當時比較擔心的是ssh key會被這種小
刀掘牆滴水穿石的方式偷走。但以結
果而言,駭客寧願去選更有效率的方
式
e3 1231 v3被吃很多校能幹
之前九代 還更新了步進從硬體層面修
Xeon E5 那時候I/O影響比較大
12代分支預測已經改良過了
又有漏洞了喔...
爆
[外絮] Reggie Miller:泡泡園區的紀錄真的算嗎Reggie Miller:泡泡園區的紀錄真的算嗎 It’s been almost two years since the Los Angeles Lakers won an NBA title in the Orlando Bubble but if you’re asking Hall of Famer Reggie Miller, that really d idn’t mean much. 距離洛杉磯湖人隊在奧蘭多泡泡園區贏得 NBA 總冠軍已經快兩年了,但如果你問名人堂成爆
[爆卦] 克宮內部會議流出:普丁對1-4日內不能攻克宮內部會議流出:普丁對1-4日內不能攻陷烏克蘭表示震怒!! 懂俄羅斯原文的可以在Twitter文件的消息來源對照看看~ Intel from a Ukrainian officer about a meeting in Putin’s lair in Urals. Oligar chs convened there so no one would flee. Putin is furious, he thought that the w爆
[外絮] LBJ回應一位現場球迷:你除了知道球進、LBJ回應一位現場球迷:你除了知道球進、不進還知道什麼?閉嘴吧你 Playing in front of their home crowd, the Lakers did not deliver the way fans in LA expect them to. And as a result, Lakers fans booed LeBron James and the Lake rs. The Lakers are one of the most successful franchises in NBA history, and pla ying at this level with the amount of talent available to them is truly unaccept爆
[外絮] Vogel:只要AD回歸並掌握住適合的對戰組Vogel:只要AD回歸並掌握住適合的對戰組合,湖人就有機會 Los Angeles Lakers head coach Frank Vogel is keeping the faith. Amid all the unc ertainty that has been brought about by his team’s lackluster showing throughou t the season, the 48-year-old shot-caller remains somewhat confident about his t eam’s chances this term.爆
[分享] 學者John Mearsheimer對烏俄議題的觀點學者John Mearsheimer () R. Wendell Harrison Distinguished Service Professor of Political Science at the University of Chicago) 在2014年撰寫Why the Ukraine Crisis Is the West’s Fault 為什麼烏克蘭危機是西方的錯爆
[外絮] Rick Barry:現今NBA的吹判讓球員逍遙法外Rick Barry:現今NBA的吹判讓球員逍遙法外 If the modern-day NBA was to be compared to the old days, arguably the most stri king difference between the two times is how the game is officiated nowadays. Ma ny believe that the referees have become a tad bit too lenient, this helps playe rs take advantage.68
Re: [分享] 學者Mearsheimer烏克蘭不應該放棄核武上一篇不少推文說Mearsheimer是以大國的角度來看 看完這篇1993年的文,不知道還是不是一樣 文中寫道1991年烏俄的關係是不錯的 Mearsheimer能在二三十年烏俄關係不錯的背景 先預見現在歐美的態度,烏克蘭放棄核武的錯誤,俄國出兵理由44
[外絮] Dudley如何轉換角色並幫助達拉斯獨行俠HOW JARED DUDLEY SWITCHED SEATS ON THE BENCH AND BECAME A KEY PART OF THE MAVS Jared Dudley thought he would be wearing a Lakers jersey right now. When the Lakers made their way to Dallas in December, Dudley was on the court, but in a completely different role than he imagined–a coach for the Dallas41
[爆卦] 哥吉拉要對決金剛戰士啦Godzilla vs. The Mighty Morphin Powers Rangers: The Comic Book Crossover We Never Knew We Needed Oh no! There goes Angel Grove!30
[爆卦] 烏克蘭覺青筆桿抗俄 求分享“蘇聯是一個巨大的食人魔的屍體,雖然死了,但從未被埋葬。他只是躺在那裡,在俄羅 斯,腐爛並散發出腐爛的氣味。你無法躲避它。好比說,你帶著鮮花和蛋糕去你女朋友漂 亮的公寓,雖然窗戶關著,但你仍然可以聞到那種難聞的蘇維埃氣味。”這是10 年前弗 拉基米爾·索羅金接受採訪內容的引述。 譯註: 弗拉基米爾·索羅金是俄羅斯當代最傑出的後現代主義文學家之一
65
Re: [閒聊] GN送修Ally差點被華碩敲190鎂竹槓76
[閒聊] GN送修搖桿故障的ROG Ally11
[情報] 5090/5080一起發表 但會相隔幾週上市9
[閒聊] 中國銘瑄推出首張璦珈主題Intel主機板8
Re: [閒聊] GN送修搖桿故障的ROG Ally7
[情報] 把VENTUS換成棕色 就變成4折星SHADOW卡6
[請益] DDR4 挑選5
[情報] 近代家用微電腦的起點, Z80 CPU 在推出2
[開箱] Thermalright Assassin Spirit 120 V2 +1
[閒聊] 京東AX1800+512M RAM+128G+可刷機$500多