Another vulnerability discovered for Intel chips: Special Register Buffer Data Sampling (CVE-2020-0543)

By KaoDome
in Back Page News

 Share

Recommended Posts

Experienced

KaoDome

Posted
Posted

Intel Advisory INTEL-SA-00320 has some general info on it, but their Dive Deep page explains it better: Dive Deep: Special Register Buffer Data Sampling Advisory

 

Here's an excerpt:

  Quote

Certain processor operations (such as RDRAND) microarchitecturally need to read data from outside the physical core (for example, from a random number generator shared between cores). This is often performed through an internal microarchitectural operation called a special register read.

 

On some processors, the data returned for a special register read is staged in a shared microarchitectural buffer and then transferred to the microarchitectural fill buffer within the physical core that performed the read. That core can then use the value from the microarchitectural fill buffer (for example, the core could copy the value into software-visible registers). This shared buffer is often larger than the data being read (the buffer is usually the size of a cache line), and different special register reads may use different offsets within the shared buffer.

 

...

 

When the shared staging buffer is updated on a read, only the portion of the staging buffer needed for that read is updated. The other portions of the staging buffer are not modified. The unmodified portions of the staging buffer may contain stale data from previous special register reads, including those done by other cores.

Expand  

There are plenty of CPUs affected by this going back to Haswell, while a microcode update seems to be enough to mitigate it, RDRAND and RDSEED will be slower (and RDRAND serialized) according to the the article. It also states that many client systems don't use those instructions often enough to have a significant performance impact, so... there's that.

 

I wonder which kinds of workloads are using random numbers continuously for it to be a problem, crypto related maybe (like certificate generation)?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Posts

    • Asus joins Microsoft, AMD, Dell, urges you to "prepare for mandatory Windows 11 upgrade"

      By bikeman25 · Posted

      Minor Problems over the years with Windows 11 Pro on my original Intel 10700 Desktop i was using and not many problems on my Newer AMD Ryzen 7 7700X. Overall Windows 11 works extremely well, if don't do too many modifications, and do the regular security updates, and keep 3rd party apps up to date, and users shouldn't have any issues, and if a user does, should be a minor little issue that is easily fixable My goal is to have the 2 remaining household systems replaced for Windows 11 Compatible machines, hopefully by early September if not sooner.
    • Bill Gates says he'll donate 99 percent of his wealth to Africa

      By Hamid Ganji · Posted

      Bill Gates says he'll donate 99 percent of his wealth to Africa by Hamid Ganji Microsoft co-founder and tech billionaire Bill Gates has pledged to donate a significant chunk of his personal wealth to African countries. As reported by the BBC, Gates's funding will be spent on improving health and education infrastructure in Africa over the next twenty years. The Gates Foundation has played an active role in improving public health and education in Africa over the past decades. Bill Gates aims to double down on that effort by donating most of his fortune to Africa. Last month, he also said that 99% of his fortune, which could exceed $200 billion, will go to African countries by 2045. Speaking at the African Union (AU) headquarters in Ethiopia's capital, Addis Ababa, Gates said, "By unleashing human potential through health and education, every country in Africa should be on a path to prosperity." The tech billionaire also told young African innovators to start relying on AI to improve health and education in their countries and use the technology to benefit the entire continent. He introduced Rwanda as a successful example of using AI in healthcare to identify high-risk pregnancies. "Africa largely skipped traditional banking and now you have a chance, as you build your next generation healthcare systems, to think about how AI is built into that," Gates added. By donating 99 percent of his personal fortune by 2045, Bill Gates can still maintain his position as one of the richest people on earth. According to Bloomberg, Gates's current net worth is around $175 billion. Gates's decision to donate 99 percent of his wealth to Africa came after the US administration cut USAID funding to African countries following the DOGE investigations. In a recent interview with the New York Times, Bill Gates called out Elon Musk for cutting the USAID budget, saying Musk has a role in the death of the poorest children on earth.
    • The Witcher 4 tech demo shows off the RPG in action on a base PS5 at 60FPS

      By excalpius · Posted

      Very cool next level tech (for Witcher 4, CybePunk 2, etc.), but I'd be more impressed with seeing this at 4k than through a too low-bitrate YouTube ~1080p filter.
    • [Official] Doctor Who Thread

      By margrave · Posted

      I was thinking, and was going to post, almost exactly what @Brandon Hjust posted!
    • Nvidia App gets light theme, bug fixes, and support for more games

      By Chay Meredith · Posted

      Wtf do people want a light theme?

  • Recent Achievements

    • Week One Done
      Adam Todd earned a badge
      Week One Done
    • Contributor
      Ed B went up a rank
      Contributor
    • One Month Later
      moporcho earned a badge
      One Month Later
    • One Month Later
      Parotel earned a badge
      One Month Later
    • Reacting Well
      Cryptecks earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      202
    2. 2
      snowy owl
      146
    3. 3
      ATLien_0
      133
    4. 4
      Xenon
      120
    5. 5
      +FloatingFatMan
      110
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!