Best thermal pads

Everything you need to know about CPU vulnerabilities like Zenbleed, Downfall, Inception, and more

by

CPU threats have been all the rage lately, Zenbleed and Downfall being two of the latest. But why should you worry?

CPU vulnerabilities have been coming in and out in recent years, and they often come with a scary message when it comes to disclosure. In the case of Zenbleed and Downfall, it was that every program on your computer could remember every other program that was running successfully. Sounds great, right?

However, it is not as bad as it seems. Obviously it is very important to ensure the disclosure and modification of the software to correct the errors, even at the cost of work, but what is happening to destroy this? Should you be worried?

Should you worry about CPU vulnerabilities like Zenbleed, Downfall, and Inception?

To be honest, none of these games appeal to the masses. Although they can transfer data from one application to another, every malware on a consumer’s machine has access that can be exploited. In fact, where this abuse is most worrisome is in cloud computing.

To understand the problem, you need to understand that most cloud servers are just computers with a lot of horsepower, a lot of network bandwidth, and some special equipment if needed. Many companies rent out what’s called a VPS, or private server, which is a virtual machine with minimal power on which many other machines can run.

Where this can be a problem is that one person on one machine can perform one of these vulnerabilities, and discover what is going on in the processor, including data from other virtual machines. This should not be possible and is a serious breach of security. This is why when Zenbleed was revealed, there were already patches for AMD’s Epyc processors, which are aimed at server applications.

Very CPU intensive at the moment

The company measures the vulnerability of “positions” and their severity through the Common Vulnerability Scoring System (CVSS). It provides a measure of the degree of severity, because different aspects of the risk will affect the number. It tests by considering the following:

  • Attack Vector: Network/Adjacent/Local/Physical
  • Attack Difficulty: Low / High
  • Privileges required: None / Low / High
  • User interaction: None / Required
  • Size: Default/Modified
  • Key: None / Low / High
  • Integrity: None/Low/High
  • Availability: None / Low / High
Also Read:  How to use Threads on desktop in Windows, Mac, Linux, and ChromeOS

All of this increases the risk of error. For example, the risk that can occur in networks with low complexity, no access required, no user contact, changing the appearance, data privacy leakage, data integrity violation, and high impact on availability will complete the top 10. in CVSS 3.1, the highest score possible.

With that metric, we can evaluate the damage that Zenbleed and Downfall can do. Hacker: They are similar, although they affect different CPUs. So, even if they get some money based on vulnerability, they can affect different things, and this will not affect their number. CVSS results are only estimates but do not tell the whole story.

Size: 6.5 (Medium)

  • Attack vector: Local
  • Attack Difficulty: Low
  • Required positions: Limited
  • User interaction: None
  • Size: Updated
  • Secret: Superior
  • Integrity: None
  • Availability: None

Description: The attack vector requires access to the system (as it runs on the system) while having no effect on the system’s data integrity or availability. However, it changes the density (meaning it affects things beyond its chance) and attack difficulty, and the chance required to do so is low. It also breaks the privacy of information on the system.

Rating: 6.5 (Medium)

  • Attack vector: Local
  • Attack Difficulty: Low
  • Required positions: Limited
  • User interaction: None
  • Size: Updated
  • Secret: Superior
  • Integrity: None
  • Availability: None

Description: The attack vector requires access to the system (as it runs on the system) while having no effect on the system’s data integrity or availability. However, it changes the density (meaning it affects things beyond its chance) and attack difficulty, and the chance required to do so is low. It also breaks the privacy of information on the system.

Start: 5.6 (Medium)

  • Attack vector: Local
  • Attack Difficulty: High
  • Required positions: Limited
  • User interaction: None
  • Size: Updated
  • Secret: Superior
  • Integrity: None
  • Availability: None

Description: The attack vector requires access to the system (as it runs on the system) while having no effect on the system’s data integrity or availability. However, it changes density (meaning it affects things beyond its chance), the attack difficulty is high, and the chance required to execute is low. It also breaks the privacy of information on the system.

Size: 5.6 (Medium) (With straps)

Spectre, even though it is a very common phenomenon, it benefits Less than Zenbleed and Downfall. This is because the difficulty of the attack was set to “High,” which lowered the effect.

  • Attack vector: Local
  • Attack Difficulty: High
  • Required positions: Limited
  • User interaction: None
  • Size: Updated
  • Secret: Superior
  • Integrity: None
  • Availability: None
Also Read:  Best RTX 4080 laptops in 2023

Description: The attack vector requires access to the system (as it runs on the system) while having no effect on the system’s data integrity or availability. However, it changes density (meaning it affects things beyond its chance), the attack difficulty is high, and the chance required to execute is low. It also breaks the privacy of information on the machine.

Solubility: 5.6 (Medium) (Consistent)

Like Spectre, Meltdown is more advanced than Zenbleed and Downfall, due to the difficulty it requires.

  • Attack vector: Local
  • Attack Difficulty: High
  • Required positions: Limited
  • User interaction: None
  • Size: Updated
  • Secret: Superior
  • Integrity: None
  • Availability: None

Description: The attack vector requires access to the system (as it runs on the system) while having no effect on the system’s data integrity or availability. However, it changes density (meaning it affects things beyond its chance), the attack difficulty is high, and the chance required to execute is low. It also breaks the privacy of information on the system.

Main reason: Branch prediction

Branch prediction and hypothetical execution define when your computer is doing something that is not needed now but will happen next. It usually happens when your machine has free hardware because it speeds up all processing when instructions or data may not be ready for the CPU. If the function is not needed, it is usually discarded, and the processor can jump back to where it is needed to execute the next instruction. When it does this, it is called a branch fault.

For a deeper understanding of branch predicates, consider a scenario where a program only adds the same two numbers in its execution. At some point, the processor can recognize the pattern and plan the next steps if the method in which the two numbers are added is called again. If the result changes at some point, even if the processor plans for the same two numbers to be the same, then the decision will be discarded and replaced with the actual execution exit. However, for the time being those numbers and in the same way, then the processor can jump through those instructions quickly.

Also Read:  AMD Radeon RX 7700 XT vs Nvidia GeForce RTX 4060 Ti: Which is better for your budget?

There are many challenges when it comes to fantasy kills, however, weaknesses such as Spectre, Zenbleed, Downfall, etc. are next. It is a powerful feature that we owe much of today’s CPUs, but the main focus of research is looking for weaknesses in CPUs.

Limitation: A barrier to success

Reducing these risks is very important, but the problem is that these reductions often result in a tax on employment. In the case of AMD’s latest Zenbleed, the reduction could see even more.

The reason for this is that the only workaround is to disable or modify the behavior of the branch predictor in the affected processor. The same hit can also be found in Intel’s Downfall, with early reports showing performance gains of up to 39%. Epic Games once shared CPU usage graphs when the Meltdown vulnerability was revealed and how the mitigations affected the company’s CPU usage. There was a huge spike in CPU usage, as one would expect. When things threatened with AMD’s Inception processing, performance was found to drop by up to 54%.

Because vulnerabilities like these affect the most important aspects of the processor, they are difficult to fix without disabling or causing serious damage. Simulation execution is very important, and this reduction will be felt by many people. Games are unpredictable, so if your PC’s main activity is gaming, you may be fine as your computer can’t predict much, but these problems are magnified in larger systems.

Are future processors affected?

Fortunately, in the case of Intel Downfall and Zenbleed, this affects older processors. The new processors from both companies are safe, and there is nothing to worry about at this point. A major overhaul is often the solution to these problems. For example, Specter affected Intel’s eighth and ninth generation CPUs, but the ninth generation included the same kind of software tools that were installed, finished and hit the game. Intel’s 10th generation was secure but no longer had performance effects and mitigations.

As a result, considering that Downgrade and Zenbleed were already installed in the latest software for their processors, users do not have much to worry about. Of course, there could always be more problems to be found, but for now, you’re safe.

Categories: Reviews
Source: thptvinhthang.edu.vn