Intel has spent much of its goodwill with customers chasing down bugs: the Spectre and Meltdown bugs it dealt with years ago, and the instability that plagued its Raptor Lake processors last year. Now there are additional chapters in each of those stories.
You don’t have to do anything; make sure your PC is patched and updated. But there will be a price to pay in performance in fixing the latest issue, and one you can’t do anything about.[1]
On 1 May, Intel issued another microcode update for the Raptor Lake and Raptor Lake Refresh processors. Intel said last July that those processors could degrade over time due to elevated operating voltages. But the recent update was designed to prevent instability on systems “running multiple days with low-activity and lightly-threaded workloads” or machines that weren’t working at their full capacity.
Intel said that mitigating that bug will not only solve the problem, but performance will not be affected. Fortunately, any variation after applying the patch would be within normal “run-to-run variation. "
Unfortunately, researchers at ETH Zurich have discovered another bug that affects several Intel processors dating back to the 2018 Skylake architecture. Mitigating it will have a significant effect this time, although the effects will be most pronounced in the much-maligned 11th-gen “Rocket Lake” chips.
As noted by Bleeping Computer, the new bug harkens back to 2018, when the Spectre and Meltdown bugs were discovered, affecting the kernel software at the heart of most X86 chips. Though Intel patched out both bugs, researchers at ETH Zurich have found that branch target injection attacks (a “branch privilege injection”) can again be used against Intel CPUs to leak otherwise protected information. The affected chips include everything from 2018’s Skylake to Raptor Lake. The researchers found that AMD’s Zen 5 and Zen 4 chips are unaffected. More information can be found at the ETH Zurich site.
Proper security practices usually require researchers to privately disclose bugs to the manufacturers before they’re released to the public, and the researchers did just that. Intel released microcode to the research team for testing and to confirm that the microcode update works.
To avoid being preyed upon by either vulnerability, the same thing must be done: simply make sure that your PC is properly patched, either via Windows Update or via the firmware updates your PC or motherboard maker provides.
Intel disclosed the bug in a security advisory and also issued a public blog post about it. A company representative also issued a statement, which is below.
“We appreciate the work done by ETH Zurich on this research and collaboration on coordinated public disclosure,” Intel said in a statement. “Intel is strengthening its Spectre v2 hardware mitigations and recommends customers contact their system manufacturer for the appropriate update. To date, Intel is unaware of any real-world exploits of transient execution vulnerabilities.”
However, there will be a performance price to pay, too. ETH Zurich said it won’t be too bad: just a 2.7 percent drop in performance in Alder Lake and 1.6 percent in the 2018 Skylake (Coffee Lake Refresh) chip. (For the record, Intel says that “Intel’s performance tests conclude that standard benchmarks are within normal run-to-run variation.”)
If you still own an 11th-gen “Rocket Lake” chips, however, you’re going to pay a price: an estimated 8.3 percent drop in performance, according to ETH Zurich. Knocking almost 10% off the performance of an already subpar chip may mean it’s time for an upgrade.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.pcworld.com/article/2780652/spectre-cpu-bug-returns-to-haunt-intel-processors.html
Comments