Announcement

Collapse
No announcement yet.

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

    Phoronix: More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

    As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved. Thanks to the researcher who originally discovered this vulnerability having reached out to us, we now have some more information on this issue they describe as a "dangerous vulnerability."..

    http://www.phoronix.com/scan.php?pag...U-Leak-Details

  • #2
    It's going to be a long time before I buy an Intel chip again...

    Comment


    • #3
      Unfortunately a website can "identify" an ordinary unprotected browser, aka fingerprinting via a WebGL string "WebGL Vendor", actually directly, indirectly fingerprinting using various computations like nmap do when trying to fingerprint an operating system via TPC/IP stack requests/response, timing, whatever.
      Mesa DRI Intel(R) HD Graphics XYZ (Skylake ZXY)
      Main concern in 2020 it's not a plugin like Flash or Java but drivers directly or even hardware himself .

      Comment


      • #4
        Has this vulnerability seen the light of day in an actual exploit yet?

        Comment


        • #5
          Originally posted by milkylainen View Post
          Has this vulnerability seen the light of day in an actual exploit yet?
          Why wait? Once a vulnerability is known the bad actors will try to leverage it.

          Comment


          • #6
            I thought I would first start to replace some weak AM1 machines, but now I'm migrating away from my more powerful Intel system... I lost trust, security and performance seems to be just a marketing phrase for Intel nowadays. I really hope that the new Ryzen mobile CPU's are available soon. My Intel notebook needs to be replaced now as well :-(

            Comment


            • #7
              I use an Intel based system and have for quite a while happily. Its a bit of an odd setup though that ironically protects from this. I run everything in a GPU pass through VM with an Nvidia card. The Intel GPU is only left assigned to the VM host and that host is not used for anything other than hosting the VMs (i.e. no browsing nothing).

              I promote this as the best workaround for those with Intel systems

              That said, I really really want to upgrade to a ryzen system!

              Comment


              • #8
                Originally posted by zexelon View Post
                I use an Intel based system and have for quite a while happily. Its a bit of an odd setup though that ironically protects from this. I run everything in a GPU pass through VM with an Nvidia card. The Intel GPU is only left assigned to the VM host and that host is not used for anything other than hosting the VMs (i.e. no browsing nothing).

                I promote this as the best workaround for those with Intel systems

                That said, I really really want to upgrade to a ryzen system!
                Intel's VT-x is well known to be vulnerable (L1TF), and is currently impossible to mitigate when HT is enabled. There's really no excuse to use Intel hardware if you care about security in the least.

                Comment


                • #9
                  Originally posted by Ribs View Post
                  It's going to be a long time before I buy an Intel chip again...
                  Yeah, the engineers at Intel thought these things would not be possible to attack. Now that they know better, I am sure they have not spent the better part of the last few years thinking "oh well".

                  I look forward to them coming back with a new safe by default uArch. by then AMD should have gotten to ~50% market share and we should have some good pricing for some rather powerful CPUs.

                  Comment


                  • #10
                    I don’t think most SMEs care about security that much. I remember working in Wall Street when the intel ME hole came out. The IT manager of our team didn’t even hear about it. Also many servers I’ve seen haven’t been patched for YEARS. Not to mention no firmware updates.
                    Most small businesses are more scared from loss of continuity than being hacked. In truth, you’re more likely to get financially harmed by a bad update than a security bug.
                    What I’m more concerned is that the H97 chipset came out in ‘14 and they don’t have Windows 10 drivers. WTF?! I was trying to install the AHCI driver the other day and came across that.

                    Comment

                    Working...
                    X