Major Intel CPU Hardware Vulnerability Found, Could Cost 35% Performance

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#1
This is far worse than anyone can imagine.. About those Ryzen's I built.. o_O

News - Rumour: Major Intel CPU Hardware Vulnerability Found, Could Cost 35% Performance

A major hardware flaw appears to have been discovered in Intel CPUs, and bypassing this bug can drastically impact performance. Patching the Intel CPU bug is purported to cause a performance hit of 30-35% on Intel CPUs, while all AMD CPUs are unaffected.

The bug itself could potentially have devastating consequences. It opens up possible security vulnerabilities in Intel CPUs, including large cloud providers and web hosts. The hardware bug causes an Intel CPU to prefetch system memory areas and gain control of any application, in theory allowing for a VM on shared hosting to read and write over another VM. Breaking out of the confines of virtual machines hosted at cloud providers could prove hugely damaging.

According to numerous sources, the security bug is currently embargoed, with Intel trying to keep a lid on it lest it is exploited for an attack. The bug was allegedly unearthed by developers working on the Linux kernel, with several major kernel patches dropping over the festive period quickly drawing attention. Patches typically take months of development and discussion before they’re pushed out, but here we have multiple patches being pushed in double quick time. The theory is that these patches are being released to prevent the security vulnerability in Intel processors.

Thanks to these kernel updates, there is a workaround for Linux users. Kernel Page-Table Isolation (PTI) restricts processes so they can only access their own memory area, blocking any potential read or writes and effectively shutting down the flaw. The downside is that PTI affects low-level features, and performance can be affected anywhere from 5-50 percent. According to Brad Spengler, from GR Security, an Intel Core i7-6700 will take a 29% performance hit while an Intel Core i7-3770S will run 34% slower.

If you’re a Windows user, the fix might take a little longer. Microsoft is currently working on its own isolation feature like PTI, although it may be a while until it’s available.

As for AMD CPU owners - worry not! This hardware bug will have zero impact whatsoever on AMD hardware as they are protected against these types of attack. “The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privilege mode when that access would result in a page fault,” says AMD’s Tom Lendacky. “The X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set, disables the AMD processors by not setting the X86_BUG_CPU_INSECURE feature.”

Should this all be true, this could have major repercussions for Intel. As it’s hardware related there could be very little Intel can do other than take the performance hit, and this really wouldn’t compare favourably to AMD. What are your thoughts on the matter?
 
P

plat1098

Guest
#2
About those Ryzen's I built.. o_O
About that money I spent. o_O

The i7 6700 takes a 29% performance decrease in the scenario. :mad: But unlike what the article states, I wish they wouldn't rush and hurry out the patches at the expense of further issues. This is especially true of Microsoft.

Add: I'll be watching this closely. Forcing users to choose between security and performance is to be condemned. Intel should be sanctioned if this turns out to be legit.
 
Last edited by a moderator:

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#3
About that money I spent. o_O

The i7 6700 takes a 29% performance decrease in the scenario. :mad: But unlike what the article states, I wish they wouldn't rush and hurry out the patches at the expense of further issues. This is especially true of Microsoft.

Add: I'll be watching this closely. Forcing users to choose between security and performance is to be condemned. Intel should be sanctioned if this turns out to be legit.
This is worse than anyone can imagine. Speaking from an enterprise realm, this is going to murder companies. Companies often 'run at the edge' of performance to save costs and don't actually have 20-40% performance to lose. This could run into the billions worldwide. Worse, realize that virtually ALL password manager backends run virtualized on servers. We must remember, when we speak of servers we don't differentiate between virtual or physical, a server - for all intents and purposes - is a server. So those password manager servers are VM's running on a physical and according to what I am reading - they're leaking kernal data.

I've been warning friends/family for the last year or two of a coming IT Apocalypse and this is about as close as we can get to one IMO. Intel must be punished for this, it's RECKLESS on their part since they focused entirely on speed/performance while knowingly leaving incredible security holes in place. Class actions should be the least of their worries.

Can you imagine laptops getting a 35% performance hit? This is going south fast..

I'm going to return those ChromeBooks I bought, all of them have intel. No way I am taking that kind of hit on new hardware. I'll buy some ARM Chromebooks or something, not this rubbish from Intel.
 
Last edited by a moderator:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,524
#4
This is especially true of Microsoft.

Intel should be sanctioned...
The only way Microsoft and Intel will be sanctioned is if governments, companies and people stop buying their product.

And what are the chances of that happening when both companies are nothing but monopolies ?

So now I can say Average Joe would be best served by using an AMD Chromebook. A mythical beast. The stuff of legend.

Can you imagine laptops getting a 35% performance hit? This is going south fast..
We're talking about performance hits that will result in lost investment and increased expenses in the aggregate totaling billions of dollars.

With losses and increased costs like that, lawsuits from big names in the industry will be a comin'. Even the average folk aren't simply going to sit by and idly accept it. People are going to sue.
 
Last edited by a moderator:

Kubla

Level 5
Joined
Jan 22, 2017
Messages
210
#5
From what I read this will affect the Xeon workstation and server environment as well, not sure how a 35% performance hit will even be acceptable in those arenas let alone the PC market.

One thing is for sure conspiracy theorists are going to have a field day with NSA mandated back doors in Intel chip scenarios.
 
Last edited:

SHvFl

Level 33
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,264
OS
Windows 10
Antivirus
Emsisoft
#6
Hope it actually happens because if it's true i am getting a new cpu to replace what i have now at a bargain. They will be forced to do it when they are send to court by every company and organisation on the planet. Wouldn't mind a free upgrade.
 

LASER_oneXM

Level 28
Content Creator
Verified
Joined
Feb 4, 2016
Messages
1,770
OS
Windows 8.1
Antivirus
Kaspersky
#7
source: Huge Intel CPU Bug Allegedly Causes Kernel Memory Vulnerability With Up To 30% Performance Hit In Windows And Linux | HotHardware

If the reports are accurate, it appears that Intel might have a pretty severe chip-level security bug on its hands that cannot be simply swatted away with a microcode update. The bug affects all modern Intel processors dating back at least a decade.

We should note that squashing the bug requires a patch at the OS level; and Linux patches have already been distributed (with redacted comments). Microsoft is expected to address the bug in its monthly Patch Tuesday update. The circumstances surrounding the exploit are currently under embargo, but some details are starting to make their way to the public spotlight, thanks to reporting over at Python Sweetness and The Register.
There's one big problem, however. Fixing this problem in software also comes with a big hit in performance. Additional overhead is introduced to keep a barrier between address spaces, which can result in a performance handicap of 30 percent or more. However, recent Intel processors with PCID (Process-Context Identifiers) enabled could have the performance impact lessened somewhat.
Given that the patches are currently under embargo and that Intel is understandably staying tight-lipped, it may still be a few days before we are made privy to all pertinent details surrounding the bug and how damaging it will be computing platforms. However, this is looking very real at this point. The Linux update has been posted here.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#9
We're talking about performance hits that will result in lost investment and increased expenses in the aggregate totaling billions of dollars.

With losses and increased costs like that, lawsuits from big names in the industry will be a comin'. Even the average folk aren't simply going to sit by and idly accept it. People are going to sue.
As an IT Engineer w/Server Certifications, I can say you aren't overstating this at all. Especially given the prevalence of firms running 'at the edge' of performance of their servers already - most are. A 35%, heck, a 15% performance hit could CRIPPLE their entire infrastructure! This is the apocalypse many of us have been warning about.. It's arrived, the train is in the station.

One of our clients runs 30 VM servers (THIRTY bro).. Each of those is allocated to within 5-6% of their capacity, that's how VM's work. When you sign up for Azure, Microsoft gives you 'just enough', anyone that runs Azure knows how close even they cut that, it's how costs are kept from going through the roof.

This blows all of that out of the water and just as bad, shows Intel was playing loose as a goose with security.

There is NO WAY they will get away with this without a massive class action lawsuit. What about Apple machines?
Apparently Apple is impacted. If Linux is you can bet Apple is. Apparently all chips in the last decade are impacted by it. That is, all intel.. Not Arm, AMD, etc.. Even those M3 and M4 Intels are apparently impacted.

So yeah, Intel played fast and loose to keep their edge and got PWNED.
 
Last edited by a moderator:

Nightwalker

Level 11
Verified
Joined
May 26, 2014
Messages
507
OS
Windows 10
#10
I saw this at Reddit, dont know if it is accurate, but this performance hit should be pretty task specific imo.

Those performance numbers are going to be pretty task specific though, it's unlikely to be 35% across the board.

Where this patch hurts performance is context switching in and out of the kernel. So if an application is making heaps of syscalls, it might really harm its performance.

General purpose computing/gaming isn't likely to be that affected I don't think? I doubt most games really make all that many syscalls, most of the heavy lifting is all going on inside the games own process.


Context switching is already an expensive operation on current hardware, games, graphics libs like directx, graphics drivers etc. should all already designed to minimize context switching as much as possible. So I don't imagine that context switching becoming more expensive will hurt gaming performance that much, if at all. Really impossible to know until the patch is actually out and people can test real world performance, theorizing about this stuff only gets you so far.


Also this is a Linux patch, but Microsoft is apparently working on implementing a similar fix in the NT kernel. So Windows won't be safe from the potential performance hit.
 
D

Deleted member 65228

Guest
#11
Intel have really screwed up, and they are dead in the water now. Apparently the CEO recently cashed out on stocks, but I am not sure if it's legit or not. I switched to AMD over 4-5 months ago, I haven't trusted Intel since the McAfee products they produced. And my distrust has saved me... We had the recent Intel Management Engine (ME) vulnerability, and now we have this.

Intel's CEO Just Sold a Lot of Stock
 

DeepWeb

Level 15
Verified
Joined
Jul 1, 2017
Messages
702
OS
Windows 10
Antivirus
Emsisoft
#12
Intel have really screwed up, and they are dead in the water now. Apparently the CEO recently cashed out on stocks, but I am not sure if it's legit or not. I switched to AMD over 4-5 months ago, I haven't trusted Intel since the McAfee products they produced. And my distrust has saved me... We had the recent Intel Management Engine (ME) vulnerability, and now we have this.

Intel's CEO Just Sold a Lot of Stock
Just noticed you found the same article. Funny coincidence how he sold half of his stock 2 weeks ago...

Wow. Just unbelievable. I will never go Intel again. Most people bought these chips because of that 30% performance advantage over AMD and now it turns out that's all due to the fact that they are cutting corners left and right risking security.
 

Danielx64

Level 10
Verified
Joined
Mar 24, 2017
Messages
472
OS
Windows 10
Antivirus
ESET
#14
Well Ryzen mobile is looking better and better now.
Nope: AMD Struggles to Be Excluded from Unwarranted Intel VT Flaw Kernel Patches

Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#15
This is glorious.. It means because of Intel, virtually everyone is going to take a significant performance hit? That's not going to float well with AMD and smacks of cronyism with intel. Why do companies think they can get aware with this? Maybe in the short term, but never forever.. This is like the VW Diesel rigging fiasco.

Also think about this - US Govt. systems all generally use Intel. (intel's largest customer is the fed govt) That means up to this point almost everything was 'security theater' because of this. Intel, one of the largest govt. suppliers was screwing you the tax payer over! What about secure facilities? Ships? Planes? Weapons flatforms? Intel chips in those too? How will a 35% performance hit impact them? How has this now revealed exploit impacted state secrets? Did the NSA know about it and expect it to be kept secret so they'd have the keys to the castle?

Another thing to remember.. Cloud Based password managers generally ALL run in VM's.. You can bet Lastpass, Stickypassword and yes, Bit Warden run on VM's within server based clusters, almost everything does. So the whole 'I don't trust the cloud' thing isn't a tin foil hat thing, it's reality because the reality is, your crypto libraries running in VM's could have been intercepted.

I've never used Intel for desktop gaming, my old faithful FX series gaming rigs were almost all upgraded to Ryzen in the fall. Dodged the bullet on that one provided AMD can fight for their performance exclusions due to Intels lies, greed and manipulation. I've listed ALL of my intel based laptops/notebooks on Ebay. I'm done with them. Intel will never set foot in my home again. I'm replacing the notebooks with bunch of brand new top-kit ARM powered Chromebooks.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,625
OS
Other OS
#17
Great minds think alike ;)

Ditched Intel months ago and went straight to AMD Ryzen. My AMD Ryzen 5 has been performing brilliantly for many months now without issue, and the AMD SVM technology has been spectacular so far.
Ryzen 5 is a beast at the price it is, after using Ryzen 7, then using a Ryzen 5 I couldn't see or feel a difference and it was like +/- 3fps in games. So I really think the hotspot for price and performance is the Ryzen 5 1500x right now. It's a wonderful CPU for $160.

I think Ryzen supplies will dwindle fast in the coming weeks/months. Also they could see a price jump. I know AMD stock is going up nicely right now. Intel is dead in the water.

My server engineers just built out a $15,000.00 server for a client, I hope they don't read about this and see that extra 5K they spent for performance will be vaporized?
 
D

Deleted member 65228

Guest
#18
Speaking of Intel...

The other day, a friend of mine asked me how his friend could uninstall McAfee. I replied, "Run the uninstaller?" and I got back, "Yes I did this for my friend but after the reboot all the drivers are still active I can see the services in Process Hacker and the self-defence is on so I can't terminate any of the processes or end the Services even though I uninstalled it". He even ran the cleaner utility for her after which they developed specifically to solve issues like this, but to no avail did it work. The folders were also left behind.

Of course she could have gone into Safe Mode and tried the cleaner utility there, but the point is... How is this even legally allowed? I think a law needs to be put in place about software installations. McAfee don't own someone else's PC. They should work on their uninstallation. I remember 8 years ago when I was uninstalling it for a family member, the exact same thing happened. I remember it like yesterday, and it's been 8 years since.

If I install Emsisoft Anti-Malware, EVEN QIHOO, I won't expect it to rootkit-up my system and block its components from being removed after a clean uninstallation and reboot. McAfee? I will literally be surprised if it doesn't happen. I've uninstalled it maybe 7 times in total in my life at different times and scenarios, and none of the 7 times ever went successful and were properly completed.

At least I know I can get a first class rootkit in 2018. Download the free AV trial.
 
Last edited by a moderator: