Announcement

**skeevy420** · 06 August 2020, 09:43 PM

It's Not Good

So how many other people's first thought when seeing that was some combination of "Crap, what now

" & "That's not very surprising

"

and ARM/IBM/AMD CPUs may also be affected by Foreshadow.

Crap, what (do I buy) now

**stormcrow** · 06 August 2020, 09:55 PM

Correct me if I'm wrong, but the wording in the article sounds like this is a fundamental design problem in the way prefetch is handled in operating system kernels rather than hardware vulnerabilities. Or is it a design flaw in software exacerbated by hardware prefetching problems? I'm not clear on what's going on.

**bearoso** · 06 August 2020, 09:56 PM

Right now you buy AMD CPUs, because they’re currently a better value. With either brand of CPU, you pass mitigations=off to the kernel and forget about it, because you’re not a cloud provider, and it’s impossible to leverage these through a web browser.

**GraysonPeddie** · 06 August 2020, 10:25 PM

Originally posted by bearoso View Post

Right now you buy AMD CPUs, because they’re currently a better value. With either brand of CPU, you pass mitigations=off to the kernel and forget about it, because you’re not a cloud provider, and it’s impossible to leverage these through a web browser.

Even if I use NoScript in Firefox, right? Sure, it does break websites and I sometimes run into sites where their web page won't load (shows a white blank page with nothing in it) until I whitelist their domain in NoScript. As someone who is security- and privacy-conscious, I hate how websites do that, especially when viewing a blog page. I do whitelist websites that I frequently visit, though. I also have Pi-Hole for filtering out ads as well. And yes, I'm a Premium member of Phoronix, so no ads. At least I'm doing what I can to help and support the owner of Phoronix.com.

**jrch2k8** · 06 August 2020, 11:11 PM

Originally posted by bearoso View Post

and it’s impossible to leverage these through a web browser.

i wouldn't make such bombastic claims because sure, simple JS(not sure if js.asm make it possible tho) is not enough to exploit this but a binary payload with some escalation exploit can actually make it work and the kicker is you won't notice it and be able to detect it after that(with some of the attacks that run below the kernel).

Linux should be way more resistant but on Windows i'm not so sure since is very easy to escalate from the browser or trick the user into it and most of the implementation for this exploits are incredibly small and can easily pass as a resource of some kind(hacker are usually smart and won't name it L1TF.exe)

**zxy_thf** · 06 August 2020, 11:11 PM

Originally posted by stormcrow View Post

Correct me if I'm wrong, but the wording in the article sounds like this is a fundamental design problem in the way prefetch is handled in operating system kernels rather than hardware vulnerabilities. Or is it a design flaw in software exacerbated by hardware prefetching problems? I'm not clear on what's going on.

Prefetch is done by the processor, not by software. The PREFETCH instructions are also implementation-dependent and may have zero effect.

What this paper really shows is the reverse:
"In particular, neither the prefetch instruction nor other user-space instructions actually prefetch kernel addresses into the cache."
"The effect exploited in all of these papers is, in fact, caused by speculative dereferencing of user-space registers in the kernel."

**tildearrow** · 07 August 2020, 12:22 AM

Typo:

Originally posted by phoronix View Post

full mitigation to these microarchitural attacks

**RomuloP** · 07 August 2020, 01:06 AM

Originally posted by jrch2k8 View Post

i wouldn't make such bombastic claims because sure, simple JS(not sure if js.asm make it possible tho) is not enough to exploit this but a binary payload with some escalation exploit can actually make it work...

At this point why you need such a exploit if your social Engineering just worked?

**jrch2k8** · 07 August 2020, 01:49 AM

Originally posted by RomuloP View Post

At this point why you need such a exploit if your social Engineering just worked?

Because social Engineering is like a 22mm shot, you can do some damage but with very limited penetration where many of the exploits based on this CPU failures are literal nukes, once the exploit runs it can do literally in every sense of the word anything you want, even invade the own CPU microcode, BIOS(es), controllers and literally the exploit have more priority in the execution rings that the Kernel and Hypervisors do, which means you become invisible to them.(hence explain the panic and Intel be willing to destroy their CPU perf in exchange of some protection since big money business are juicy targets with big pockets)

Of course not all failures allow this level of penetration but lots of the partially "mitigated" ones do

Announcement

Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment