• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • The Politics forum has been nuked. Please do not bring political discussion to the rest of the site, or you will be removed. Thanks.

Another day, another Intel vulnerability discovered: CrossTalk attack impacts Intel's mobile, desktop, and server CPUs

Insane Metal

Member
Mar 11, 2006
27,000
21,985
2,180
Br
Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores.

Academics from a university in the Netherlands have published details today about a new vulnerability in Intel processors.

The security bug, which they named CrossTalk, enables attacker-controlled code executing on one CPU core to leak sensitive data from other software running on a different core.

The Vrije University's Systems and Network Security Group (VUSec) says the CrossTalk vulnerability is another type of MDS (microarchitectural data sampling) attack.

MDS attacks target user data while in a "transient" state, as it's being processed inside the CPU and its many data-caching systems.

More specifically, CrossTalk attacks data while it's being processed by the CPU's Line Fill Buffer (LBF), one of these aforementioned CPU cache systems.

According to the VUSec team, the LBF cache actually works with a previously undocumented memory "staging buffer" that is shared by all CPU cores.

The research team said they've been working with Intel on having the CrossTalk attack patched for the past 21 months, since September 2018.

The VUSec team said that patching this bug took more than the standard 90 days because of the complexity of the issue and because they initially didn't thoroughly investigate the possibility of a cross-core leak.

In the meantime, Intel has already made significant changes to the hardware design of its CPUs, and most of its recent products are not vulnerable to this attack.

For all the older Intel CPU lines, the chipmaker has released today microcode (CPU firmware) updates to patch the CrossTalk vulnerability -- which Intel refers to as "Special Register Buffer Data Sampling" or SRBDS (CVE-2020-0543, Intel-SA-00320).

"As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment," Intel said in a blog post analyzing its June security updates.

A list of vulnerable Intel CPUs are listed on this page (check the SRBDS column in the table). The list includes CPU lines for embedded, mobile, desktop, and server products.

The VUSec team has also published proof-of-concept code and a technical paper and website on the CrossTalk attack. Intel has its own technical write-up, here.

 

Panajev2001a

GAF's Pleasant Genius
Jun 7, 2004
19,548
13,950
2,110
The mitigation strategy of very latest vulnerability in microcode tanks performance by a huge amount:


 

Virex

Abrasive, but well-meaning
Jan 26, 2018
4,276
10,313
875
South Africa
But..... But.......[insert reason AMD is still worse and Intel is still better]. And clearly[insert why Intel is far superior and casual insult]
 
  • Like
Reactions: draliko

PhoenixTank

Member
Jul 13, 2017
1,487
1,688
745
Nothing most likely, this is only an issue your some giant enterprise.
Yes and no. Gaming should be minor, but there seems to be an impact on workstation workloads from the phoronix benches, but not as heavy as the worst case. i.e. not just massive datacenters.
You also don't really have the option to disable all these mitigations on Windows, but there is a reason Intel are limiting this to certain instructions despite it sounding like the vuln affects more (all?). I need to read more on it.
 

jigglet

Member
May 18, 2020
3,447
6,220
630
I'm definitely moving to AMD for my next processor. Pity I only just upgraded a year ago, what the heck was I thinking going with Intel :(
 

mitchman

Member
Aug 20, 2013
2,043
1,513
720
Oslo, Norway
Well, my friends.
It looks like I'm going full AMD for my next laptop.
Over the last 6 months, I've gone completely from Intel to AMD at home. Ryzen 7 3700x with X570 motherboard for the desktop computer, and yesterday I received my new AMD Ryzen 9 4900HS/32GB/1 TB SSD/RTX 2060 MaxQ Asus Zephyrus G14 laptop. Welcome to the red team!

Edit: Ironically, Ryzen 9 4900HS 35W CPU is likely the design what the consoles will be using in their APUs as it's within 10-15% of the performance of the Ryzen 7 3700x at significantly lower power draw.
 
Last edited: