Intel Ivybridge + Haswell Require Security Mitigation For Graphics Hardware Flaw

Written by Michael Larabel in Intel on 14 January 2020 at 08:23 PM EST. 26 Comments
INTEL
Earlier today we were first to report on an Intel graphics driver patch mitigating a "Gen9" graphics hardware vulnerability. Details on that new security disclosure are coming to light and it turns out older Intel "Gen" graphics are also affected.

The Linux kernel patch for this hardware defect that was merged earlier today only was for the very common Gen9 graphics, basically from Skylake through all relevant/shipping CPUs today pre-Icelake. The patch had mentioned though Gen8 was not impacted thanks to an earlier workaround. But now it turns out Intel Gen7/Gen7.5 graphics are also affected: this basically means Ivy Bridge and Haswell processors along with the likes of Valley View.


A new patch has been posted that characterizes this Intel Processor Graphics issue as being insufficient control flow in certain data structures. As explained earlier, this vulnerability could lead to unintended information disclosures but requires having access to the local system for exploit.

The Gen9 workaround is clearing the execution state between context switches. For Ivy Bridge and Haswell, a custom EU kernel is being called prior to every context restore in order to clear EU and URB resources.

While the Gen9 patch was quickly merged today and already back-ported for stable trees, the Gen7/Gen7.5 patch has not. The mitigation for older Intel hardware is pending mainline inclusion for performance analysis to see the impact on performance.

The Intel Gen7 graphics security mitigation patch can be found here. Presumably a similar change will be coming to the Intel Windows driver. I'll be firing up some benchmarks shortly for seeing how this Intel HD Graphics security mitigation affects the graphics performance.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week