a new intel-specific CPU vulnerability has been discovered: https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
- can be used to leak data between processes, hyperthreads, SGX enclaves, etc
- effects core and xeon CPUs
- CPUs with meltdown mitigations are less effected, but still vulnerable
- this is a hardware issue - OS independent
- can be mitigated by disabling hyperthreading
- proof of concept - one thread is able to access URLs typed into firefox (a different thread)
@lynnesbian Ubuntu released an update for their Intel microcode package yesterday, which I assume disables HyperThreading as per the recommended fix.
Also, I find it hilarious that Intel has had this fixed for two years as evidenced by the last two generations of their CPUs being unaffected, but only now decided to tell us for the older ones.
And by hilarious, I mean fucked up.
@lynnesbian Just as a source on this, since the article you linked makes no mention of it:
"The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw."
But if Intel tells us about the problem when its current model line is already fixed, it's just an image loss, and does not necessarily steer revenue toward AMD.
chaos.social – a Fediverse instance for & by the Chaos community