Don't want to see articles from a certain category? When logged in, go to your User Settings and adjust your feed in the Content Preferences section where you can block tags!
We do often include affiliate links to earn us some pennies. See more here.

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.

This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

Not something you can get a firmware update or an operating system patch to help with either, since it concerns the Converged Security and Management Engine (CSME). As written by the folks over at Positive Technologies:

We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

As you can see, it's not going to be the most practical for people to break into so you don't need to go and wildly panic right this second, since they would need some sort of physical and local access but it's still a damning look for Intel's processor security. To have something so severe that can only be fixed by replacing the entire hardware—ouch.

Do you currently have an Intel CPU and are you considering switching to AMD? Let us know in the comments. AMD aren't entirely secure themselves though, multiple past issues have also affected them.

Article taken from GamingOnLinux.com.
13 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
49 comments
Page: «3/5»
  Go to:

wvstolzing Mar 6, 2020
Quoting: Comandante ÑoñardoHow empiric are these reports?
How do I know this is not just negative paid publicity?

By the fact that intel themselves have acknowledged it:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Purple Library Guy Mar 6, 2020
I don't really like Intel, but this doesn't really worry me. I mean,
Quotethey would need some sort of physical and local access
Why are we even expecting any kind of compute-y thing to be secure when someone has physical and local access? That was never a thing when I was young, and I'm fairly convinced that if we think it's a thing now it's mainly wishful thinking.
Eike Mar 6, 2020
View PC info
  • Supporter Plus
Quoting: Purple Library GuyI don't really like Intel, but this doesn't really worry me. I mean,
Quotethey would need some sort of physical and local access
Why are we even expecting any kind of compute-y thing to be secure when someone has physical and local access? That was never a thing when I was young, and I'm fairly convinced that if we think it's a thing now it's mainly wishful thinking.

The question of security against local access is the very reason for things like disk encryption and especially important for mobile devices like notebooks.
omer666 Mar 6, 2020
Because their CPUs are so much better right now and because their GPUs have the best open source support right now and just caught up with Nvidia's cards regarding energy efficiency, my next rig is gonna be full AMD.
Mountain Man Mar 6, 2020
Quoting: Purple Library GuyI don't really like Intel, but this doesn't really worry me. I mean,
Quotethey would need some sort of physical and local access
Why are we even expecting any kind of compute-y thing to be secure when someone has physical and local access? That was never a thing when I was young, and I'm fairly convinced that if we think it's a thing now it's mainly wishful thinking.
Local and physical access tends to decrease the effectiveness of and defeat many security measures. For that matter, if someone has physical access to your machine, they could simply walk off with it and crack it at their leisure.
Marlock Mar 6, 2020
"I'm not worried about X cybersecurity threat because I'm nobody important..."

If it's a threat that really requires physical access to exploit, you should be reasonably fine... until you loose a laptop or smartphone and can't remotely ask it to nuke all your personal files like photos, banking, memorized passwords, etc...

If it can be remotely exploited, it just doesn't matter who you are and what you do for a living... there is professional malware floating around that can systematically test every door on every machine on the internet and is automated to exploit known flaws in mostly anyone's machine... at best your computer will just help them attack some other target... at worse you get some WannaCry ransomware, for which anyone is a target, or false banking website to steal access to your money, etc.

The ods that you get hit like this are not too high, and the more exotic exploits are not always in a malware's arsenal... but it's a real issue we shouldn't dismiss lightly.

Finally, if it's a "local" access threat it means someone on the same LAN can hack you... it shouldn't be too bad, except routers are almost all untrustworthy craps. Mirai and other botnets eat them for breakfast... so basically this means barely the same as remotely exploitable.


ps: i'm currently using AMD Phenom II x4, will definitely try AMD Ryzen in the future!
appetrosyan Mar 6, 2020
AMD isn't perfectly secure. It's more secure. If there are fewer researchers for the platform because of obscurity, then there's going to be fewer people knowing about the exploit. That said, AMD should release the source for the PSP.

if you want more security than AMD, use something like RISC V, or Power. Sure finding binary blobs that work for them would be difficult, but in my view, you shouldn't be running software that you didn't personally compile on a compiler of your choosing if you are concerned with security to this level.
F.Ultra Mar 6, 2020
View PC info
  • Supporter
Quoting: Purple Library GuyI don't really like Intel, but this doesn't really worry me. I mean,
Quotethey would need some sort of physical and local access
Why are we even expecting any kind of compute-y thing to be secure when someone has physical and local access? That was never a thing when I was young, and I'm fairly convinced that if we think it's a thing now it's mainly wishful thinking.

Think servers, when you use a resource remotely on a server (e.g a HTTP request to a web server, or a SMTP request to a mail server and so forth) you have a form of local access to that server (and if the software have some form of vulnerability as well then you definitely have local access, even if that application is securely sandboxed).

And if you are in a big server room then you have physical access to those servers without necessarily have the kind of physical access that you would have if you stole a laptop from someone.

So these recent vulnerabilities are not so much of a desktop problem as they are a server problem, just like many of the other recent Spectre variants.
emphy Mar 6, 2020
Quoting: F.Ultra
Quoting: Purple Library GuyI don't really like Intel, but this doesn't really worry me. I mean,
Quotethey would need some sort of physical and local access
Why are we even expecting any kind of compute-y thing to be secure when someone has physical and local access? That was never a thing when I was young, and I'm fairly convinced that if we think it's a thing now it's mainly wishful thinking.

Think servers, when you use a resource remotely on a server (e.g a HTTP request to a web server, or a SMTP request to a mail server and so forth) you have a form of local access to that server (and if the software have some form of vulnerability as well then you definitely have local access, even if that application is securely sandboxed).

And if you are in a big server room then you have physical access to those servers without necessarily have the kind of physical access that you would have if you stole a laptop from someone.

So these recent vulnerabilities are not so much of a desktop problem as they are a server problem, just like many of the other recent Spectre variants.

Not to mention the virtual computing one can rent over at Amazon, Microsoft, Google and the like. I imagine those sort of systems make heavy use of local security features.
Creak Mar 7, 2020
Quoting: dubigrasuI do have an Intel CPU now, but when the time to upgrade comes I'll buy the one CPU that gives me the best single-core performance, what brand doesn't matter, I don't have an allegiance with either of them.
I know we're seeing more and more games taking advantages of multiple cores, but for the moment the single-core perf is what I look for.
As your post has been up-voted as well, I'm intrigued why single-core performance is the major sell point for you?

I know for certain that game studios are improving their engines to take advantage of the increasing number of cores in today's CPUs. Of course they won't release games that needs 16+ cores since no current consoles have it, and even in the PC world, players with this kind of CPUs have a very small market share (less than 0.1% ). But 4 cores is now the norm (50%) and 6 cores is not far (21%), while 8 and 12 cores are already slowly increasing.

Considering several points:
* Intel still has a high market share (79%)
* Intel CPUs have low core count
* AMD CPUs have high core count
* AMD is starting to increase its market share
* Intel will clearly try to compete with AMD with high core CPUs (when they'll figure out 7nm)
* And finally, we can put so much transistors in just one core, thus the increase of the core count we see

I would say future is more multi-core than single-core. Maybe I'm projecting too far though :D


Last edited by Creak on 7 March 2020 at 4:47 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.