"Spoiler" bug of Intel CPUs

karakarga · March 18, 2019, 3:30pm

https://www.techpowerup.com/253285/spoil…ting-intel-cpus

A new security bug called " SPOILER " found. This time nothing to do, (software patch useless, bios update not possible) except buying a post 2020 production Intel CPU, or current AMD processors.

Santa2017 · March 19, 2019, 3:34am

There is not bug inside " SPOILER " at all. Due Intel processor were main platform for a long time since Core 2 Duo. Many of hackers tried to attack it for long milestones.
With lastest Intel VTUNE Amplifier on Parallel Studio XE 2019 can preventing any attacks styles and bring back headroom resources for Intel X86-64 based CPU.

With lastest 0200005A microcode 2019-01-28 Intel bring back performance crown again for all Skylake X SKUs.

karakarga · March 19, 2019, 9:20am

@Santa2017

Please read the bottom links carefully. I have read many other pages related with it. The patch you have installed, are for Meltdown and Spectre variants. I have installed the patches to my Ivy ~ Sandy bridge CPU’s in the summer.

This new bug (yes a bug, called Spoiler) explored in this month, by “Worcester Polytechnic Institute in Massachusetts and the University of Lubeck in Germany” and nothing to do. This one is different than others…

https://www.msspalert.com/cybersecurity-…lity-the-facts/ 7 Mar 2019
https://www.theregister.co.uk/2019/03/05…processor_flaw/ 5 Mar 2019
https://www.amd.com/en/support/kb/faq/pa-240
https://www.theregister.co.uk/2019/02/27…ware_invisible/ 27 Feb 2019

Santa2017 · March 19, 2019, 9:57am

“Speculative execution" were keys of Intel Core Microarchitect enhancement versus other vender CPUs. " SPOILER " or " Spectre " or " L1TF" or anything you’d heard from Internet were target this point as the video link

https://www.youtube.com/watch?v=n_pa2AisRUs

If you’ve learning more what was Intel tools to address its. First they’d release microcode to mitigation those vulnerables. Next Intel VTune Amplifier on Intel Parallel Studio XE 2019 was
handle the next step to avoid Intel Processors suffered from those vulnerables as here https://software.intel.com/en-us/vtune/f…s/multithreaded

karakarga · March 19, 2019, 10:02am

@Santa2017

This one is too new! It is really too new. Beginning of this month "March 2019" it revealed.

There is no real content related with it on youtube, nor at Intel site yet. The ones you have given as, aged other stuff!

Youtube link dated (Published on Aug 14, 2018) did you understand me?

Fernando · March 19, 2019, 10:40am

@karakarga @Santa2017
Since this discussion has much more to do with the Sub-Forum “[HOT] CPU Microcode Optimization” than with the UBU Discussion thread, I have created a new thread and moved your recent posts here.
Now I hope, that this is ok for you (and all other Forum visitors).

karakarga · March 19, 2019, 10:49am

@Fernando

UBU itself is mainly (my belief) for CPU microcode, other stuff are optional things in it. People must be aware of, what they can do, or not for their systems!

Fernando · March 19, 2019, 11:05am

You are wrong. All UBU tasks are optional. The first and most important options SoniX had implemented were the updates of Option ROM modules.

It is up to the UBU user him/herself to get the required information to decide, which ones of the various UBU options he/she wants to use.
Do you really think, that in the near future Forum visitors and UBU users will find and read your discussion about the actual or supposed “Spoiler” vulnerability bug on page 331 of the UBU Discussion thread?

Santa2017 · March 19, 2019, 12:10pm

" SPOILER " or any Speculative Execution vulnerables solution must be coming from both Hardware and Software sides.

If you see history of Spectre Variant 1-4 since 2017 through present day. Both OS kernel (All platform Windows / Mac OS / Linux etc )
and CPU Microcode ( Hardware side Intel ARM AMD) were release to address those vulnerables at last.

History will repeat on " SPOILER " or any new vulnerables soon. Don’t be panic , at least there are no loss from " SPOILER " more when
compare to those Spectre Variants 1-4 and Meltdown.

karakarga · March 19, 2019, 12:12pm

I do not believe in that, They are necessary, I believe. Nevertheless some are from “GitHub - platomav/CPUMicrocodes: Intel, AMD, VIA & Freescale CPU Microcode Repositories” which are original brands production. I am following this site for updates for older systems, which lost support.

I don’t want to open a discussion about UBU…

karakarga · March 19, 2019, 12:42pm

@Santa2017

"… History will repeat on " SPOILER " or any new vulnerables soon. Don’t be panic… "

Panic? Hmm… Can Cylons or Terminators take over and run nuclear missiles? No, no. I am not panicing…

Fernando · March 19, 2019, 1:10pm

I do not believe in that, They are necessary, I believe.

You may have the opinion, that the update of the CPU Microcode is necessary for you, but it is up to the other users to decide this themselves. In this case the decision depends on the priority, which has been set by the user (safety or performance).

Santa2017 · March 19, 2019, 2:19pm

Maybe Santa2017 will terminated the T-850 , T-1000 and especially T-X by new microcode before they’d start their misson to hunt karakarga corner.

OK. Back to topic buddy. The speculative execution unit vulnerables of Intel CPU issue were coming from these cause.
https://www.youtube.com/watch?v=pi2ftnlfImo

Intel already acknowledged all vulnerables cause speculative execution attack as you see from those video link.

They’d already fixed exist CPU family since Nehalem to Cannonlake and also Comet lakes and Icelake.
Some model of CPU they’d release microcode for mitigation those vulnerables within work co-operating with Microsoft Apple and all Linux venders to optimized their OS kernels
working with those microcode for minimum performance impacted.

Some model of CPU such as Cascade Lake Cooperlake Icelake SP had hardware fixed in silicon already.

For Example Icelake U here

The RED rectangular around was new instruction to protect against Spectre V1-4 and also L1TF vulnerables. These called " Hardware Silicon Fixed " .

So, Don’t panic on " SPOILER " vulnerables to launch NUKE at all. It’ll be " TERMINATED SOON " .

Santa2017 · March 21, 2019, 3:43am

There is new Skylake X 0200005D Microcode Protected Against " SPOILER " DATE 2019-03-21 Release Inside Microsoft Windows 10 # 2020H1 #
Insider Preview 18860.1001 Kernel. Could you search for other source binary file for us.

@karakarga As I said " SPOILER " are terminated . Maybe faster than your imagine

karakarga · March 21, 2019, 7:14am

@Santa2017
From the pictures you have inserted, I still can not see " Spoiler " patch related fix! ???
I can see at top picture;
Microcode Rev. 0x200005D > Spectre (CVE-2017-5715) Patched < but, not related with " Spoiler " fix?

According to: https://blog.rapid7.com/2018/01/04/meltd…-cve-2017-5754/
Updates
January 5, 2018: We have added Meltdown and Spectre vulnerability checks to InsightVM and Nexpose for Windows and VMware and will continue to add coverage as vendors publish mitigations for CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. We have also added a dashboard to InsightVM to provide visibility and tracking for Meltdown, and will continue to incorporate new insights. The Meltdown dashboard is available in the R7 Dashboard template library within InsightVM, …

The update is still missing for " Spoiler " that patch is dated "January 5, 2018"

By the way, you are using an older bios version than the latest Version 1704 2019/02/21 please update your bios first!

Santa2017 · March 21, 2019, 9:07am

@karakarga
You misunderstand me, CPU-Z only indicated CVE-2017-5715 on many Microcode Since 0200003A → 0200005D.
It was not said anymore that what microcode revision do other thing . However for correcting you qoutes above

0200003A - 02000049 release on late 2017 to 2018 to protect against CVE-2017-5715 Spectre Variant 1 , 2 , 2a and Meltdown and also CVE-2017-5753/5754.

0200004D - 0200005A release on mid 2018 to present day add protect against CVE-2018-3665 (Lazy FPU) and CVE-2018- 3620/3646 Vulnerables (L1TF)

0200005D release 2019-03-21 protect against " SPOILER " addition protect over CVE-2017-5715 again (with no CVE label due same practice as Spectre V2 on attack areas.)

PS. Due ASUS Binary code protection on BIOS 1603 and 1704 BIOS. We can’t directly use UBUTools to update lastest 02000059 or 0200005A microcode with both BIOS revision.
However even my R6E use 1503 BIOS version. It’d already got 0200005D Microcode 2019-03-21 / Intel RST EFI / SATA OROM 17.2.0.3790 / 0.0.22 Intel LAN UNDI 0.1.13 Boot Agent
which more up to date than ASUS 1704 BIOS a lot.

EDIT by Fernando: Unneeded fully quoted post replaced by directly addressing (to save space)

Fernando · March 21, 2019, 9:19am

@Santa2017
@karakarga
Since the UBU Discussion thread is already big enough, I have moved your recent posts about the “Spoiler” bug into this already existing and more specific thread.
The UBU Discussion thread should only be used for specific UBU related problems.

karakarga · March 21, 2019, 9:40am

OK, thank you Fernando…

plutomaniac · March 21, 2019, 4:26pm

Yes, that was a goldmine. I found 16 new microcodes going all the way back to Ivy Bridge. I’ll update MC Extractor and the Microcode Repository on Saturday. Thank you for the tip @Santa2017 .

mcupdate_GenuineIntel_18860.1001.rar (2.25 MB)

karakarga · April 5, 2019, 9:35am

@plutomaniac

Can you manage to find a new microcode for x79 platform? I have seen, you have found SPOILER protection for Ivy Bridge 22nm 1155 processors, (cpu306A9_plat12_ver00000021_2019-02-13_PRD_A8DF9213.bin) and added to CPUMicrocodes-master DB r104.

I am looking for cpu306E4_platED_ver0000042E. (Instead of, cpu306E4_platED_ver0000042D_2018-04-25_PRD_25AD26F7.bin)

15.April.2019 update: (cpu306E4_platED_ver0000042E_2019-03-14_PRD_3C222CE1.bin) is lately available and inserted into “CPUMicrocodes-master DB r107” and integrated into “UBU_v1.73.0”. Thanks a lot for all…