[NOTICIA RAPIDA] A salvo? no.. ahora fallas de seguridad en los GPUs de Intel

Ahora resulta que no solo los procesadores de intel tienen fallas, algunas de estas monstruosas que permiten el robo de datos.
Si no que también los gráficos integrados de intel tienen este defecto que permite la posibilidad de robar información de cualquier cpu que tenga gráficos integrados de intel desde la 3ra generación hasta la décima.

El parche recién sacado de intel para mitigar este problema, da un duro golpe en desempeño.
Por el lado bueno, intel promete que la versión final del parche no tendrá mucho efecto en desempeño. Otros no lo ven tan claro considerando las promesas que ha hecho intel.

Intel on Tuesday announced a flaw in its graphics driver affecting GPU generations 3 to 10. When Phoronix benchmarked the patched driver, devices using Gen7 graphics saw a significant iGPU performance drop. But Intel said that the final version of the patch should eliminate most of that performance loss, the publication reported today.

The flaw (CVE-2019-14615) can create an information leak on computer systems using Intel’s integrated GPUs from generations 3 to 10. Core, Xeon and Atom-based processors, such as Celeron and Pentium SKUs from the past 15 years, are affected. A full list of affected CPU models is on the relevant security advisory page.

When Intel announced the patch for the flaw, it said that Ivy Bridge, Haswell and Bay Trail processors don’t yet have full mitigations enabled on the Windows platform. The Linux mitigations would be provided for the mainline kernel, it said.

Red Hat, a provider of Linux software and services bought by IBM, considered the flaw significant enough to recommend Linux users to disable the Intel GPU drivers until the full mitigations are available.

El parche obviamente no esta disponible en todos los modelos por el momento, pero se espera que se saquen los parches en los próximos días.
Por otro lado, varios gigantes de la computación, incluyendo IBM que usan Linux Red Hat..han recomendado que por default desactiven los gráficos intel hasta que todas las mitigaciones y parches hayan sido propagados e instalados.

Yesterday we noted that the Linux kernel picked up a patch mitigating an Intel Gen9 graphics vulnerability. It didn't sound too bad at first but then seeing Ivy Bridge Gen7 and Haswell Gen7.5 graphics are also affected raised eyebrows especially with that requiring a much larger mitigation. Now in testing the performance impact, the current mitigation patches completely wreck the performance of Ivybridge/Haswell graphics performance.

The vulnerability being discussed and analyzed this week is CVE-2019-14615. This CVE still hasn't been made public over 24 hours later (though there are the Intel SA-00314 details for this disclosure), but from going through kernel patches and other resources, it certainly caught our interest right away and have been benchmarking it since yesterday evening. The CVE-2019-14615 vulnerability amounts to a new information disclosure issue due to insufficient control flow in certain data structures. Local access is required for exploiting this control flow issue in the hardware, but it's not yet known/published if say WebGL within web browsers could exploit this issue. This is a hardware issue with all operating systems being affected. Our testing today, of course, is under Linux.

Mas información:
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html
cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2019-14615
www.tomshardware.com/news/intel-gen7-graphics-performance-hit-driver-patch
www.phoronix.com/scan.php?page=article&item=intel-gen7-hit&num=1