'Spoiler' Security Flaw Revealed that Affects All Intel Core CPUs, Software Fix Not Possible

Written by Jon Sutton on Wed, Mar 6, 2019 5:31 PM

The security problems are coming thick and fast for Intel. With the Meltdown and Spectre mess now beginning to disappear into the rearview mirror, along comes Spoiler, an all-new security vulnerability for Intel CPUs.

The CPU flaw was discovered by the Worcester Polytechnic Institute and the University of Lübeck. Spoiler affects each and every Intel CPU from the 1st-Gen Core CPU to today. That’s nine generations of Intel CPUs which are affected. No AMD processors are known to be affected by this security vulnerability.

On paper, Spoiler sounds like a very similar issue to Meltdown and Spectre, relying as it does on speculative executions which can be manipulated in order to gain control of a system. It relies on a different hardware unit to achieve this though, namely the Memory Order Buffer.

“The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments,” reads the report from the Worcester Polytechnic Institute and the University of Lübeck.

“The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available. Physical address bits are security sensitive information and if they are available to userspace, it elevates the user to perform other microarchitectural attacks.”

Unfortunately, according to the report there is no software mitigation that will be able to completely eradicate the problem. This is a hardware-based issue and there is little that can be done from a software perspective. A hardware redesign of the memory disambiguator would solve the issue, but this would only be an option for Intel CPUs manufactured going forward, rather than those out in the wild.

Intel was notified of the situation on December 1st, 2018, and has issued a statement on the matter. “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”

Our favourite comments:

I believe that everything have security issue and the use to solve it between them. " Hey i found this problem on you product" "Thank you i will solve it soon" But nowadays they are so unfriendly and just publish the unsolved problesm

therione13

Meh, probobably irrelevant for an average consumer like you and me, kinda like spectre and meltdown. I've had both patches disabled since they were released and guess what? Nothing's happened. Hackers don't target random people. And no I'm not an Intel fanboy my next CPU will be Ryzen for sure, but these so called "security flaws" are blown out of proportion IMO.

ExtremyMan

I love my 6 month 2700x even more now

Tlenodawca

Ryzen 3000 anyone? Because i'm NOT going Intel.

ItsTheGamerEdit123

Login or Register to join the debate

Rep
2
Offline
16:41 Mar-13-2019

this is why amd is better

0
Rep
94
Offline
09:39 Mar-18-2019

Who knows in 5 years we'll see the same happen to AMD. There always will be design flaws, it's just a matter of time before someone finds them

1
Rep
10
Offline
14:23 Mar-08-2019

Makes me happy I went for the 2700X, knock it all you want but security is underrated. Hopefully there's some sort of fixes for the Intel users out there, as hard as it seems it will be.

3
Rep
48
Offline
10:41 Mar-08-2019

Not too big of a deal if Intel fixes it in future processors. There will always be security flaws and vulnerabilities that needs addressing. Nonetheless a user should always be careful with their online payments and use of cookies.

0
Rep
45
Offline
admin approved badge
05:53 Mar-08-2019

A full AMD build becomes more of a reality with each new story.

5
Rep
72
Offline
admin approved badge
23:30 Mar-07-2019

I knew there was going to be a lot more problems with Intel in the future which is why i went Team Red for once and not regretting it.

4
Rep
14
Offline
11:37 Mar-07-2019

Meh, probobably irrelevant for an average consumer like you and me, kinda like spectre and meltdown. I've had both patches disabled since they were released and guess what? Nothing's happened. Hackers don't target random people. And no I'm not an Intel fanboy my next CPU will be Ryzen for sure, but these so called "security flaws" are blown out of proportion IMO.

11
Rep
10
Offline
14:25 Mar-08-2019

I agree, the biggest security flaw is the user. Your PC & data is only as safe as you are with it.
Just keep away from sketchy sites and don't download anything from an unknown source unless you're 100% sure it is safe.

1
Rep
4
Offline
10:39 Mar-07-2019

I believe that everything have security issue and the use to solve it between them. " Hey i found this problem on you product" "Thank you i will solve it soon" But nowadays they are so unfriendly and just publish the unsolved problesm

4
Rep
17
Offline
09:30 Mar-07-2019

"You either die a hero, or you live long enough to see yourself become the villain". I realy hope to see Intel's apology for flaws in CPU's and these issues to get resolved as quick as possible or I'm not even considering buying Intel stuff

1
Rep
4
Offline
07:38 Mar-07-2019

I love my 6 month 2700x even more now

9
Rep
191
Offline
junior admin badge
11:25 Mar-07-2019

It's still a great purchase.

2
Rep
55
Offline
05:48 Mar-07-2019

These flaws exist by design and not by coincidence.
How else are they going to scare consumers into buying their next new shiny sandpaper?

3
Rep
7
Offline
07:39 Mar-07-2019

Interesting prespective!

2
Rep
94
Offline
19:31 Mar-11-2019

Hmm, but does this affect business grade hardware? (for example xeons)
What about intel's reputation if they provide computer components to governments? Would their computers run on specialized hardware or a "flawless" version of the consumer/business grade hardware?


And yes, planned obsolescence is understandable, nobody will support old tech. Support is just not long enough nowadays :/

1
Rep
-4
Offline
04:11 Mar-07-2019

sCrEw yOu iNtEl. guESs iM gOiNg tO aMd lEl

2
Rep
35
Offline
22:32 Mar-06-2019

Well... This could make my decision for choice of future cpu a lot easier.
Not a hates, just a guy who likes to get his money's worth.
And Intel's price-performance ratio is not that good in past 2 years, at least not in Easter EU.

14
Rep
97
Offline
admin approved badge
21:35 Mar-06-2019

Ryzen 3000 anyone? Because i'm NOT going Intel.

25
Rep
191
Offline
junior admin badge
05:59 Mar-07-2019

Same

3
Rep
17
Offline
09:41 Mar-07-2019

Same. I was planing to buy a gaming laptop next month but the issue is that most of them are Intel only in my country .

1
Rep
191
Offline
junior admin badge
11:27 Mar-07-2019

That sucks. Do you know anyone who travels outside of your country and ask them to buy an AMD laptop?

0
Rep
72
Offline
admin approved badge
15:39 Mar-12-2019

Well depending on the games you play you could always go for a laptop that has a Ryzen 7 3700U which could handle most games on low settings to high settings depending on the resolution as well.

0
Rep
59
Offline
admin approved badge
13:19 Mar-07-2019

Same here, waiting for the 3700x to come out so I can finally upgrade the rest of my system.

0
Rep
191
Offline
junior admin badge
16:47 Mar-07-2019

What FPS do you get with your 3570?

0
Rep
59
Offline
admin approved badge
18:10 Mar-07-2019

Depends on the game but in most cases 60+. In cpu-intensive games however my FPS can be an unstable mess due to not being able to keep up with gpu. Examples of this are BF1/V, Metro Exodus in certain areas and situations, etc.


Currently stuck at 60Hz until I get another DP cable as my other one crapped out yesterday. It took a little adjusting going from 144Hz back to 60Hz. xD

0
Rep
28
Offline
04:41 Mar-08-2019

@ItsTheGamerEdit123 Your good for at least 2-3 years though so you might as well just wait for Ryzen 4000 as you already have a great AMD cpu.

0
Rep
97
Offline
admin approved badge
08:06 Mar-08-2019

Yeah but my GPU is old. I will need Navi

0
Rep
72
Offline
admin approved badge
16:10 Mar-12-2019

I know i am good for another 2 to 3 years as well but i am still planning on going for the Ryzen 3 3300 or Ryzen 5 3600/G (depending how good the iGPU is).

0
Rep
319
Offline
admin badge
21:26 Mar-06-2019

This is getting ridiculous... There is no way my next CPU is going to be an intel. There are 0 reasons. They are more expensive, their performance gap from AMD in gaming ranges from negligible to non-existent unless you have a 144+ hz monitor and a high end GPU (even then I am not even sure its worth it anymore), they lose on almost all productivity task and on top of that their security is garbage apparently. How the heck did that happen ? They were indisputable kings such a short time ago and suddenly an intel purchase makes absolutely no sense to me.

13
Rep
28
Offline
21:08 Mar-06-2019

Good thing all my systems are powered by AMD

4
Rep
191
Offline
junior admin badge
20:26 Mar-06-2019

AMD better use this PR goldmine.

10
Rep
0
Offline
20:35 Mar-06-2019

Fingers crossed!

0
Rep
191
Offline
junior admin badge
06:02 Mar-07-2019

I'll keep my eyes on the news. If I see anything I'll post it in a shout.

0
Rep
-17
Offline
03:33 Mar-07-2019

They did it before. They will do it again. And Intel's not gonna be able to defend against that. Even a ridicule from AMD about Meltdown and Spectre is enough to make Intel embarrassed about it. It's how AMD deliver's it on their speech.

0
Rep
191
Offline
junior admin badge
06:01 Mar-07-2019

I hope that AMD's dragon lady will present the case in an interview.


She's awesome at the press stuff.

0
Rep
7
Offline
07:43 Mar-07-2019

Even Intel fans can benefit , as competition is always good for the consumer.

0
Rep
1,041
Offline
senior admin badge
19:07 Mar-06-2019

let's move to ARM then

0
Rep
94
Offline
19:23 Mar-06-2019

RISC-V
ARM isn't good enough as a x64 replacement, RISC-V has a long way to go, but it can do good stuff

1
Rep
1,041
Offline
senior admin badge
21:20 Mar-06-2019

most people use computers for very light tasks, so I could imagine ARM co-processor for casual tasks

0
Rep
94
Offline
19:27 Mar-11-2019

Hmm, true. ARM is in the RISC family :)

0
Rep
19
Offline
18:37 Mar-06-2019

Goddamit intel.

6
Rep
87
Offline
18:03 Mar-06-2019

Does it reduce CPU performance?

2
Rep
7
Offline
18:51 Mar-06-2019

Does it reduce the price then, since they fu*k it up, the end price is like 50% cheaper. Sounds logical to me... Not like anyone wants to buy defective products at full price...

9
Rep
116
Offline
18:58 Mar-06-2019

No but it introduces security vulnerabilities which could be exploited to get sensitive information from your PC.

2
Rep
85
Offline
21:27 Mar-06-2019

How easy is it for someone to exploit such a vulnerability?

0
Rep
12
Offline
21:59 Mar-06-2019

Thats what i wondered too, can any rando execute this vulnerability? or does it take some super secret underground hacker group to find nuke codes type of people?

2
Rep
116
Offline
01:17 Mar-07-2019

I couldn't tell you that but I would guess its not an easy job anyone could do.

2
Rep
191
Offline
junior admin badge
06:05 Mar-07-2019

Used to be you actually had to know something to execute a hack. There days you can just run scripts (which you can get) and not know much to get into most random PC.

0
Rep
-1
Offline
18:00 Mar-06-2019

Oh Intel... You miserable mother f...r! What did you do?! Again?!
What can we do? I have a huge regret for bought of your product. Arrrrgh! :X

6

Can They Run... |

| 60FPS, High, 1080p
Core i7-10700 8-Core 2.90GHz GeForce RTX 2060 6GB 16GB
100% Yes [1 votes]
| 60FPS, High, 1080p
Ryzen 5 2600X 6-Core 3.6GHz GeForce RTX 2060 6GB 16GB
100% Yes [1 votes]
| 30FPS, Medium, 720p
Pentium Dual Core E6300 2.8GHz GeForce 210 3GB
100% Yes [1 votes]
| 30FPS, Medium, 1080p
Ryzen 5 3600 6-Core 3.6GHz GeForce GTX 1660 Ti 6GB 8GB
| 60FPS, Ultra, 1080p
Ryzen 7 2700X GeForce RTX 3060 Ti MSI Ventus 3X OC 8GB 16GB
| 30FPS, Medium, 1080p
Core i7-2600K 4-Core 3.40GHz GeForce RTX 2060 MSI Gaming Z 6GB 16GB
| Ultra, 1080p
Core i3-9100F 4-Core 3.6GHz GeForce GTX 1070 Gigabyte Windforce OC 16GB
| 60FPS, High, 1080p
Core i5-6600K 3.5GHz GeForce GTX 1060 MSI Gaming X 3GB 16GB
100% Yes [2 votes]
Core i5-4460 3.2GHz Radeon RX 570 XFX RS Black 4GB 8GB
| 30FPS, Low, 720p
Core i5-2310 2.9GHz GeForce GT 1030 8GB
| 30FPS, Ultra, 1080p
Core 2 Quad Q6600 2.4GHz GeForce GT 1030 8GB
100% Yes [1 votes]
| 30FPS, High, 1080p
Ryzen R5 1600 Radeon RX 570 Sapphire Pulse 4GB 8GB
0% No [1 votes]
| 30FPS, High, 1080p
Ryzen R5 1600 Radeon RX 570 Sapphire Pulse 4GB 8GB
100% Yes [1 votes]
| 60FPS, High, 1440p
Core i7-8700K 6-Core 3.7GHz GeForce RTX 2080 MSI Gaming X Trio 8GB 16GB
| 30FPS, Medium, 1080p
Athlon 3000G 2-Core 3.5GHz Radeon RX 550 2GB 6GB
0% No [1 votes]
| 30FPS, Medium, 1080p
Core i3-10100 4-Core 3.60GHz GeForce GTX 1650 16GB
| 30FPS, Medium, 1080p
Core i7-4710MQ 4-Core 2.5GHz GeForce GTX 960M 2GB 16GB
0% No [1 votes]
| 60FPS, Medium, 1080p
Ryzen R5 PRO 1600 Radeon RX 5500 XT 4GB 16GB
100% Yes [1 votes]
| 60FPS, Ultra, 1440p
Core i5-11400 6-Core 2.7GHz GeForce RTX 2060 Asus Dual OC 6GB 16GB
| 60FPS, Ultra, 4k
Core i9-10900KF 10-Core 3.70GHz GeForce RTX 2080 Super MSI Ventus XS OC 8GB 64GB
66.6667% Yes [3 votes]