Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.

This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

Not something you can get a firmware update or an operating system patch to help with either, since it concerns the Converged Security and Management Engine (CSME). As written by the folks over at Positive Technologies:

We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

As you can see, it's not going to be the most practical for people to break into so you don't need to go and wildly panic right this second, since they would need some sort of physical and local access but it's still a damning look for Intel's processor security. To have something so severe that can only be fixed by replacing the entire hardware—ouch.

Do you currently have an Intel CPU and are you considering switching to AMD? Let us know in the comments. AMD aren't entirely secure themselves though, multiple past issues have also affected them.

Article taken from GamingOnLinux.com.
13 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
49 comments
Page: «4/5»
  Go to:

Eike Mar 7, 2020
View PC info
  • Supporter Plus
Quoting: Mountain ManLocal and physical access tends to decrease the effectiveness of and defeat many security measures. For that matter, if someone has physical access to your machine, they could simply walk off with it and crack it at their leisure.

If you got decent encryption, not within billion years with the whole energy of the sun.


Last edited by Eike on 7 March 2020 at 4:56 pm UTC
Eike Mar 7, 2020
View PC info
  • Supporter Plus
Quoting: CreakAs your post has been up-voted as well, I'm intrigued why single-core performance is the major sell point for you?

According to measurements with actual games, single core performance is very important. My guess is that there's a main game logic process which runs on a single core and needs quite some power. Other threads are used, too, so you do need enough cores as well. This was especially pointed out for the Ryzen 2000 generation which lost on real games performance against Intel.
Creak Mar 7, 2020
Quoting: Eike
Quoting: CreakAs your post has been up-voted as well, I'm intrigued why single-core performance is the major sell point for you?

According to measurements with actual games, single core performance is very important. My guess is that there's a main game logic process which runs on a single core and needs quite some power. Other threads are used, too, so you do need enough cores as well. This was especially pointed out for the Ryzen 2000 generation which lost on real games performance against Intel.
I understand that and you're completely correct, but if you buy a CPU now, I'd say it is for a few years. By the time, these benchmarks will probably change (because of the reasons I listed).

But if you plan to change your CPU every year, I agree this would be the best choice..
Purple Library Guy Mar 7, 2020
Quoting: Eike
Quoting: Mountain ManLocal and physical access tends to decrease the effectiveness of and defeat many security measures. For that matter, if someone has physical access to your machine, they could simply walk off with it and crack it at their leisure.

If you got decent encryption, not within billion years with the whole energy of the sun.
Yesyes, encryption works. And if what someone is trying to do is access your data, that's fine. Won't stop ransomware though, they can just encrypt your encrypted data. Or hijacking your machine to help a botnet or whatever. If someone's got physical access, they can do pretty much anything except access encrypted data, and I still don't see how a chip having security features is gonna stop them.

(For that matter, cracking encrypted data they might not be able to do in a few days or even in a practical length of time, but it won't take any billion years; they just wait 10-20 years for quantum computing to mature a bit)
BrazilianGamer Mar 7, 2020
Let it sink
Eike Mar 7, 2020
View PC info
  • Supporter Plus
Quoting: CreakI understand that and you're completely correct, but if you buy a CPU now, I'd say it is for a few years. By the time, these benchmarks will probably change (because of the reasons I listed).

But if you plan to change your CPU every year, I agree this would be the best choice..

I'm not sure people will get rid of a hungry main process. But fortunately, with Ryzen 3000, the question should be mood. (Is that correct? The question is not important anymore.) It's got the same single speed performance and more cores for the money.
Purple Library Guy Mar 7, 2020
Quoting: Eike
Quoting: CreakI understand that and you're completely correct, but if you buy a CPU now, I'd say it is for a few years. By the time, these benchmarks will probably change (because of the reasons I listed).

But if you plan to change your CPU every year, I agree this would be the best choice..

I'm not sure people will get rid of a hungry main process. But fortunately, with Ryzen 3000, the question should be mood. (Is that correct? The question is not important anymore.)
You're very close. "moot"
kneekoo Mar 8, 2020
I've been eyeballing AMD CPUs for a while now, being sick and tired of Intel's crap. It sucks that the AMD CPUs also have issues, but at least they're fewer. What can I do? Spend a fortune on a RISC-V PC? Unlikely. I'd rather move my sensitive computing to a Raspberry Pi 4. :P
Eike Mar 9, 2020
View PC info
  • Supporter Plus
Quoting: Purple Library Guy
Quoting: EikeI'm not sure people will get rid of a hungry main process. But fortunately, with Ryzen 3000, the question should be mood. (Is that correct? The question is not important anymore.)
You're very close. "moot"

So close and yet so far... :D

Thanks!
F.Ultra Mar 9, 2020
View PC info
  • Supporter
Quoting: Purple Library Guy
Quoting: Eike
Quoting: Mountain ManLocal and physical access tends to decrease the effectiveness of and defeat many security measures. For that matter, if someone has physical access to your machine, they could simply walk off with it and crack it at their leisure.

If you got decent encryption, not within billion years with the whole energy of the sun.
Yesyes, encryption works. And if what someone is trying to do is access your data, that's fine. Won't stop ransomware though, they can just encrypt your encrypted data. Or hijacking your machine to help a botnet or whatever. If someone's got physical access, they can do pretty much anything except access encrypted data, and I still don't see how a chip having security features is gonna stop them.

(For that matter, cracking encrypted data they might not be able to do in a few days or even in a practical length of time, but it won't take any billion years; they just wait 10-20 years for quantum computing to mature a bit)

quantum computing will just scale down the timeframe from many many billions of years to (many many billions of years) / 2.

Where quantum computing will wreck absolute havoc is in asymmetric encryption which is not used to encrypt data (for 99.99999% of it's application) but to exchange encryption keys or used to sign data by encrypting cryptographic hashes.

edit: just wanted to point out that I wrote the wrong timeframe change above, it's not the time component that is halved, it's the number of bits. So a 256 bit symmetric algorithm today will in a fully quantum world be equivalent to a 128 bit symmetric algorithm.

We are still talking about billions and billions of years, and in fact the "not with the whole energy of the sun" that Eike first wrote is actually a quote taken from Bruce Schneier's first book where he talks about the energy requirements to brute force a 128 bit symmetric key so what Eike wrote still holds true even in a quantum world (the energy requirement to brute force a 256 bit symmetric key today would be equivalent of 2^128 suns).

It's also worth noting that this energy requirement is also based on a implausible future where the energy requirement to fully decrypt one step of an algorithm would be just the movement of a single electron one energy level. Today (and still tomorrow with quantum) such an operation will take billions of such movements.


Last edited by F.Ultra on 10 March 2020 at 3:31 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.