a new intel-specific CPU vulnerability has been discovered: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
- can be used to leak data between processes, hyperthreads, SGX enclaves, etc
- effects core and xeon CPUs
- CPUs with meltdown mitigations are less effected, but still vulnerable
- this is a hardware issue - OS independent
- can be mitigated by disabling hyperthreading
- proof of concept - one thread is able to access URLs typed into firefox (a different thread)
@lynnesbian Ubuntu released an update for their Intel microcode package yesterday, which I assume disables HyperThreading as per the recommended fix.
Also, I find it hilarious that Intel has had this fixed for two years as evidenced by the last two generations of their CPUs being unaffected, but only now decided to tell us for the older ones.
And by hilarious, I mean fucked up.
@uint8_t @lynnesbian Yup. I 100% believe that they deliberately delayed it so they could use it for planned obsolescence purposes similar to Google's Play Services and Apple's iOS updates slowing down older systems for no reason other than to "encourage" users to buy new versions of the same hardware they bought 2 years ago.
But if Intel tells us about the problem when its current model line is already fixed, it's just an image loss, and does not necessarily steer revenue toward AMD.
chaos.social – a Fediverse instance for & by the Chaos community