The phantom, fuse and omen loopholes and their variants that exploded in 2018 left Intel processors struggling to cope with the crisis, while its old rival, AMD, was much less affected by the crisis than Intel. After all, Intel processors have a larger share, especially in the data center market.
In 2019, the problem of processor security vulnerabilities has not been completely solved. This is a long-term struggle.
Researchers at Bitdefender, a well-known security software company, have discovered a new way of side channel attack, which can bypass previous mitigation measures to repair fuses and ghosts.。
This new vulnerability will affect Intel's relatively new processors, including Intel Ivy Bridge and subsequent processors, covering desktop, notebook, server and other fields.
The research was conducted in collaboration with Intel, which has been working with Microsoft for more than a year, and the latter has introduced new patches.
Unlike before, in order to study the vulnerability of modern processors, Bitdefender's team has a deep understanding of CPU's internal principles, including branch prediction, disorderly execution, speculative execution, pipeline and caching system, and has also studied OS system call, interrupt and exception handling, KPTI and other mechanisms.
Bitdefender points out thatIn order to improve CPU performance, vendors have developed various versions of predictive execution mechanism, which enables CPU to predict the instructions that may be needed in advance before deciding whether the instructions are executed. This predictive execution will leave traces in the cache, allowing attackers to use these traces to attack the kernel.
Bitdefender's explanation is actually why the more modern processors are more vulnerable to side channel vulnerabilities such as ghosts and fuses. The key is that in order to improve CPU performance, Intel and other vendors will improve CPU branch prediction ability and support SWAPGS, once the prediction is in progress. It saves a lot of time and improves CPU performance, but in doing so, it is easy to expose the data in the cache to the attacker.
This is also the reason why OpenBSD used radical methods to disable HT hyperthreading technology of Intel processors directly before. HT hyperthreading greatly used branch prediction and other means to improve performance, but from a security point of view this is not conducive.
If you want to know more about this vulnerability, you can refer to it.Bitdefender's Thematic ArticlesThis fully illustrates that the performance improvement of modern processors is not free, there are gains and losses, but for ordinary people, the vulnerability problem is not so serious, it is only a small probability event, or performance is more important.