in part of the SystemDate system service,

which are part of the core components of the Linux operating system.

This service is responsible for managing system processes after the boot stage is executed. The reported Journald service vulnerability,

which is responsible for collecting and storing event logging data, causes critical system information to be infiltrated with successful exploitation,

access to the Root level in the target machine and in addition to it. No patches for this vulnerability have been provided so far.

According to Qualys, including companies active in the field of cybersecurity,

Qualys identified two memory corruption vulnerabilities:

The first one is CVE-2018-16864 of type Stack Buffer Overflow and the second with the identifier CVE-2018-16865 of the type Memory Allocation.

Also,

the company found the Out-of-Bounds Error vulnerability identifier CVE-2018-16866 in the Linux kernel.

Qualys continues to announce the possibility of successfully exploiting second and third vulnerabilities,

and can access the local Root Shell on x86 and x64 machines from the victim’s system.

Exploit on a 32-bit machine responds faster, with a response time of about ten minutes, while the 64-bit machine has a response time of about seventy minutes.

 Qualys also said that exploit will soon release PoC for these vulnerabilities, but will not explain more about how they are exploited.

According to available information,

it is known that the SystemDate system service is vulnerable to all Linux distributions, but SUSE Linux Enterprise 15 and openSUSE Leap 15 and Fedora 28 & 29 distributions are due to the compilation of the User Space by the GCC compiler

and the use of memory-protected security capabilities through the structure Protecting fStack Clash Protection When compiling, it’s not possible to exploit them.

All three released vulnerabilities can be exploited without user interaction, one of which can be exploited locally, and the rest can be exploited through the network.

These vulnerabilities have been exploited since the SystemD has v201 and v230 versions.

It’s worth noting that only the CVE-2018-16866 vulnerability, known as the Information Leak type, has been fixed in the updated systemd v240-1 update.

RedHat also reported these vulnerabilities on the Important level,

giving them a score of 7.4 and 7.5, and introduced the OOB vulnerability at Moderate level with a score of 4.3.

Red Hat Enterprise Linux 7 distributes all three vulnerabilities,

but the redistribution RedHat Virtualization 4 only has two memory corruption vulnerabilities and there is no OOB vulnerability.

Exposing a new security vulnerability to Intel processors

Researchers have discovered new security vulnerabilities known as MDS vulnerabilities in Intel processors, all based on the guesswork function, something similar to the one used in Spectrum and Meltdown vulnerabilities.

In January 2018, the researchers discovered a series of vulnerabilities related to the performance of new processors at the time of the implementation of the function known as speculative execution.

The importance of Specter and Meltdown vulnerabilities was partly due to the fact that Specter was responsible for all attacks that operate in a way. Intel spent most of its time confronting these attacks in 2018.

Nearly one and a half years after that, researchers are still researching similar issues.

Several new vulnerabilities have been discovered, and researchers have put several names on them: ZombieLoad, RIDL, and Fallout.

Intel called this particular type of vulnerability called MDS, the abbreviation of “Microarchitectural Data Sampling.”

Rogue In-flight Data Load (RIDL) was discover by the Vrije Universiteit Amsterdam and the Helmholtz Center for Information Security.

Fallout was observed by a group of experts from the Graz University of Technology, the Austrian Catholic University of Leuven (KU Leuven), the University of Michigan, and the Worcester Polytechnic Institute.

And finally, the ZombieLoad vulnerability is also the result of research done at the universities of Graz, Worcester and Cayo Levon.

Attackers using MDS can not directly store data stored in the target buffer directly

A glimpse of these vulnerabilities suggests that all of them, including specter and modeller, relate to how all processors or only Intel processors work when they perform the guesswork implementation, but MDS vulnerabilities are only relevant to Intel processors.

The reason for these problems is the differences between the processor architecture (how to document how processors work in writing) and their microarchitecture (actual performance of processors at runtime).

 The “guesswork implementation” function does exactly what its name implies: the processor, instead of waiting to be aware of the need for subsequent operations, guesses it ahead of time and performs its results if necessary.

Architecturally, all operations are executing in sequence, and only the data store by the processors is the data that is requiring for execution of the operations.

But it is possible to look at the microarchitecture and find clever clues to find the storage location of the data on the chip.

This will be done using the time differences available for the time it takes to access the information.

Measuring these differences allows attackers to extract the numeric values ​​stored in the cache or buffer memory on the chip.

Typically, similar vulnerabilities to Spectra on leaked data were at the heart of attention; however, the MDS uses subtle buffer data, which is the very small data that chips use to transmit data internally.

How important are new security defects?

The controversy about the extent to which these vulnerabilities are serious

and dangerous have not yet come to an end, but some have also led to publications.

Maybe some of you will find last year’s news that a security research company called CTS-Labs,

in collaboration with a borrowing company, was making apparent attempts to attack the stock price of AMD,

and a series of seemingly important security defects

And it was saying that these disclosures could endanger the lives of some.

However, no outcomes from the vulnerabilities that Viceroy Research has predicted is likely to lead to a sharp decline in AMD’s stock value.

As it was saying at the time,

irrespective of who and with what motive the purpose of such programs is,

such disclosures are highly misleading by filling the exaggerated marketing claims

with the aim of making things worse than those in reality.

Intel’s current conditions have not worsened AMD’s situation over the past year, but it’s going to upset the same trend.

Researchers have published their findings on a website called “CPU.fail”, which, according to the type of design and the questions and answers posed, appear to scare others rather than seek to be informed.

For example, site operators respond very briefly to the question of whether they have been using for large-scale malicious purposes for the time being: “We do not know.”

But the fact is that asking questions about the significance of vulnerabilities is a clever question.

Apart from a few examples of conceptual proofs carried out by researchers,

however, no learning attacks have been reporting using Specter and Meltdown.

 Also, the use of MDS is much more complicated than the one mentioned on this website.

Invaders can not directly control the data stored in the buffer they target,

that is, they can only get old and non-historical data that has no benefit to them.

Updating microcodes for systems that use Sandy Lake or Kaby Lake processors are now sending to customers.

Currently, the Coffee Lake and Whiskey Lake processors are safe against the attack. The impact of software repairs on system performance is estimating at around 3%.

Updating is one of the best ways to stay safe from these threats

In an official statement from Intel, it says:

At the moment,

many of the Intel® Core 8th and Ninth Generation processors

and the second generation Xeon scalable processors have put the MDS issue on the agenda.

Other vulnerabilities also attempt to reduce the vulnerability of systems by updating microcodes,

along with other related updates and Hypervisor software that are available to users today.

We’ve put more information on the site and we’re still asking everyone to keep their systems up-to-date. Because updating is one of the best ways to stay safe.

We appreciate all the researchers who have collaborated with us

and all our industry partners for the role they played in disclosing these issues.

There are different opinions about the risk of newly discover vulnerabilities.

The Wired site casts a warning tone and believes that these vulnerabilities

will allow attackers to get almost bit of raw data that a victim processor receives.

The site says that the researchers’ comments on the key to these vulnerabilities are correct.

Intel believes that, given their complex implementation,

the failure to report large-scale malicious attacks,

and the fact that updates of microcodes and hardware-refurbish processors are already available on the market,

these vulnerabilities may be of medium to low risk.

According to PCMag:

MDS vulnerabilities discovered today reveal more scientific issues at this time. For the time being,

there have not been any public reports in the real world about any attacks

that have been involve with these vulnerabilities.

Perhaps an important reason is that attackers can easily use traditional malware to steal computer data,

rather than having to deal with Intel processors.

How the attacks work

Both variants of the vulnerability gain access to the victim machine using what’s know as a side channel attack. These attacks infer information about a system’s inner workings by observing patterns in seemingly innocuous information—how long it takes the processor to access the machine’s memory, for example. This can be use to gain access to the inner workings of the machine.

The attack then confuses the system’s processor by exploiting a feature call speculative execution. Used in all modern CPUs, speculative execution speeds processing by enabling the processor to essentially guess what it will be asked to do next and plan accordingly.

The attack feeds in false information that leads speculative execution into a series of wrong guesses. Like a driver following a faulty GPS, the processor becomes hopelessly lost. This confusion is then exploit to cause the victim machine to leak sensitive information. In some cases, it can even alter information on the victim machine.

While these vulnerabilities were caught before causing major damage, they expose the fragility of secure enclaves and virtualization technologies says Ofir Weisse, the graduate student research assistant involved in the work. He believes that the key to keeping technologies secure lies in making designs open and accessible to researchers so that they can identify and repair vulnerabilities quickly.

Foreshadow is detail in a paper titled “Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution.”

The fact that all users do not update their operating systems or hardware is a proof of the inadequacy of these solutions. But these security issues have existed since the beginnings of personal computers.

Part of the difficulty in deciding whether and to what extent these vulnerabilities are important and dangerous is because users still do not know which expert should be taken seriously.

For example, last year Theo de Raadt, a Canadian software engineer, decided to change the default behavior of the FreeBSD operating system and disable the Hyper-Threading option because it considered it an important security risk.

But the designers of other operating systems did not find it possible to do this. Is Hyper-Threading A Potential Security Potential?

The answer is yes. Is the risk to the extent that current users attempt to disable Hyper-Threading capabilities? Experts are literally opposed to this.

The logical answer to this question is: “It depends,” not because no one can make a decisive decision in this regard, but because the appropriate security practices in each situation depend on the threats and the cost of fixing it.

How much should users take these threats seriously? The answer is: upgrade your systems so much so that they are convinced. After all, the consequences of these real-world threats are not yet clear to anyone.

To date, there has not been a widespread specter or multitasking attack that involves Intel processors (or any other processor) in any generation.

That does not mean that such a thing will never happen in the future, and, of course, it does not absolve Intel from its responsibility to secure its products.

But that’s not to say that the invisible hackers are now throwing your pockets out of hardware attacks that your soul does not know.

 Each security vulnerability does not necessarily end with an attack, at least until today.

One of the questions raised in the wake of the launch, however,

was why Intel was calling the Core i9-9900K a 95W TDP CPU when it used far more power than that under full load.

General power consumption measurements on the CPU came back in the 160-180W range —

far more than 95W nominal TDP that Intel actually specifies.

We’ve touched on the explanation for this behavior before,

but Anandtech has written an excellent article delving into how Intel CPU TDP is calculated these days and the guidelines that determine overall Intel CPU power draw.

The report gathers some important information and I recommend reading it.

TDP, in its most narrow sense, refers to the ability of the CPU cooling solution to dissipate heat.

A CPU with a 65W TDP requires a cooler that can handle a 65W TDP processor. A CPU with a 95W TDP requires a 95W cooler, and so on.

But Intel’s rated TDPs are alwayscalculated at the base clock, with no turbo frequency enabled at all.

In other words, a CPU cooler capable of handling a 95W TDP is suitable for handling a 9900K running at stock frequency.

As soon as Turbo Mode kicks in, all bets are off in terms of overall power consumption.

This has become a problem now,

when it wasn’t in the past, because CPUs are now much more likely to slam into the TDP limits Intel defines.

In the old days,

it wasn’t unusual for a quad-core CPU to sit at or even below its defined TDP.

In our power consumption tests back when the Core i7-4770K launched, for example,

the difference between idle and peak system-level power consumption came out to 84W. Granted,

that’s a test of systempower consumption (and the CPU still drew some power at idle)

but the 84W difference between idle and peak power consumption was a sign that the CPU’s 84W rated TDP was in the right ballpark.

Today,

a chip with a 95W TDP might plausibly pull 150 – 180W at the wall under full load,

due to the impact of additional cores and higher burst frequencies. TDP was never intended to stand in as a metric for how much power a CPU would use,

and Intel has always been clear on that point, but it’s now much less accurate than it used to be.

Unfortunately,

this is where the complications start.

Intel now defines two distinct power levels (PL1, PL2) and a time limit, tau.

PL1 is typically analogous to the rated TDP — it’s the long-term power consumption expected over time.

PL2 is the CPU’s burst power consumption,

while tau is the amount of time the CPU is allowed to run at that increased power consumption level.

But motherboard companies are allowed to modify the settings that control how these features are implemented,

and the results can change the expected behavior of the CPU dramatically. It’s possible,

for example, to put a system into “PL2 forever” mode, where the CPU simply runs all-out,

at maximum frequency.

This tends to dramatically improve benchmark scores but not every CPU is stable in this configuration (ExtremeTech tests CPUs with this all-core boost behavior disabled, in all cases).

I don’t want to cut too deeply into Anandtech’s reporting,

but the site’s findings show that performance on a high-performance Intel chip can be dramatically different depending on which coolers and motherboard settings are in play.

Performance can shift by as much as 29 percent, depending on which configuration is used —

and some of these variables aren’t well explained in menus or particularly well-detailed.

Anand calls for Intel to disclose two values:

A TDP (Peak) corresponding to its PL2, and a TDP for sustained power for PL1.

Fixing the issue on consumer motherboards, where pushing the envelope is often a great way to one-up other vendors in benchmarking tests,

is going to be tougher. But if you’ve ever wondered why power consumption in modern chips seems tenuously connected to the numbers on the box, issues like this are why.

substantially higher clock speeds compared with the chips it launched a year ago.

At the top of the stack,

there’s the new Core i9-9980XE with a base clock of 3GHz and a boost clock of 4.4GHz (4.5GHz if Intel’s Turbo Boost Max 3.0 is enabled).

That’s a substantial jump from the Core i9-7980XE, the chip Intel launched in Q3 2017,

which came in at 2.6GHz base, 4.2GHz max and 4.4GHz with TB 3.0 enabled.

Below that point, the new chips generally feature larger caches,

higher base frequencies, and more PCIe lanes (in one case).

Here’s the entire product stack comparing Intel’s new 9th generation Core X CPUs,

the 7xxx parts they replace, and the relative competitive standing of AMD’s Threadripper, all organized by price.

The improvements vary depending on the CPU you compare,

but we can see clear trends. Every CPU’s base clock comes up, in some cases by significant margins.

The number of cores Intel is willing to sell at a given price point hasn’t changed at all —

while some of the new model numbers carry more cores than the chips they replace,

they all sell for higher prices.

If you wanted proof that Intel is manifestly unconcerned about Threadripper,

well, this is it right here. Intel might be offering higher frequency chips for the same amount of money with more L3 cache and PCIe lanes in some cases,

but it isn’t budging on its pricing stack. Intel has changed which Xeon silicon it’s using for some of its HEDT parts,

however,

which is why you see the sharp L3 cache increases on multiple parts. Intel has also gone back to using solder for its HEDT chips after using paste on the stack last year,

which probably also explains some of the frequency improvements,

along with the shift to using 14nm++ for these CPUs rather than its older 14nm process.

All parts now also offer 44 PCIe lanes,

whereas previous CPUs used a mixture of 44 PCIe lanes at the top end and 28 PCIe lanes farther down the stack.

Intel claims that its 14nm++ process offers an overall 15 percent efficiency gain,

though of course that’s an idealized best-case figure not necessarily applicable to every workload.

Tech Report notes that the Turbo Mode settings for the Core i9-9980XE are significantly higher than the 7980XE, however,

with the 9980XE holding an all-core boost frequency of 3.8GHz without AVX compared with 3.4GHz for the 7980XE.

How’s Performance?

I’ve read reviews from Anandtech, Tech Report, Hot Hardware, and Tom’s Hardware.

The results play out as a near-mirror of the Core i9-9900K. While Intel is the unabashed overall performance leader and is generally recognized as such,

AMD has stuck a Threadripper-sized rock down the company’s windpipe.

We can’t deny that Intel appears blissfully unconcerned about this —

the company is sticking to its guns as far as pricing is concerned and that doubtlessly reflects certain market realities that AMD fans might wish weren’t true.

In the long-term —

and I say this as someone who watched AMD’s original ramp from the K6-2 in 1998 to the Athlon 64 X2 — they won’t hold true. Workstation and enterprise companies are conservative, not stupid, and if AMD keeps improving year-on-year you’ll eventually start seeing more workstations built on AMD chips. AMD also keeps ECC as a feature for Threadripper, Intel deactivates it to defend its Xeon stack.

Tech Report has a slide that captures the situation fairly well:

Image by Tech Report

Obviously, any single chart won’t give you a breakdown of test-by-test results. Anandtech notes that in benchmarks where AMD can bring its full weight to bear, like dedicated rendering tests, AMD often leads the category. The bottom line, however, is that the Core i9-9980XE improves performance between 3-7 percent on average over the Core i9-7980XE. In the same way that the Core i9-9900K is faster than the Ryzen 7 2700X but not necessarily in a manner that justifies its price, the Core i9-9980XE leads the Threadripper 2950X without necessarily justifying its price. Tom’s Hardware certainly doesn’t think it does; the site’s review title is a straightforward: “Intel Core i9-9980XE Review: Still Too Expensive.”

More generally, reviewers aren’t satisfied with Intel’s efforts to mark time. It’s a sentiment I share. It’s also a consequence of the fact that Intel has spent years trying to fix its 10nm process, continually shoving off architectural changes and product launches in an effort to bring order to the largest derailment of its manufacturing plans in the past 20 years. It’s not surprising that people feel as if most of the energy in the proverbial room is coming from AMD’s side of the equation. As things stand, the Core i9-9980XE feels like yet another modest iteration on a product rather than a true step forward.

as they scramble to find a way to counteract AMD’s Ryzen and Threadripper surge.

While it was more than evident that Team Blue was caught flat-footed by all things Zen,

they’re obviously now racing out both new and refreshed processors.

The first salvo was last month’s 9th Gen Coffee Lake CPUs and

now we’re about to move on to the HEDT market with a refresh of Skylake-X.

Unfortunately,

Intel’s once-darling 14nm manufacturing process is now their worst enemy since moving beyond it has proven to be a titanic undertaking.

There’s no better example of this than the 9th generation high end desktop parts which Intel has simply described as “products formerly known as Skylake”.

Basically,

that means Intel’s “new” flagship CPUs are simply utilizing the three year old Skylake architecture rather than Coffee Lake or even Kaby Lake for that matter.

While the underlying microarchitecture of these “9th Gen” CPUs may is a senior citizen by today’s standards,

this old dog is still learning new tricks.

Endless 14nm enhancements have lead to improved clock speeds without overtly impacting TDP values.

There’s also been a significant shift in some of the mid and lower priced SKUs so they’re more competitive with Threadripper alternatives.

Soldered TIM has also been utilized to lower overall temperatures and potentially improve overclocking.

However,

despite the fact motherboard manufacturers are releasing “new” X299 boards, there’s really nothing different with the platform itself.

This is simply an excuse to refresh their respective lineups.

Sitting right at the top of Intel’s HEDT lineup will be the 18 core,

36 thread i9-9980XE which is basically a clone of the i9-7980XE but with a significantly higher Base Clock and slightly better Turbo frequencies.

Through testing I noticed that it was able to hit consistently better frequencies than its predecessor regardless of how many cores were engaged.

As you’ll see in the benchmarks, that led to a pretty impressive performance bump in some situations.

That same narrative of better speeds alongside identical specifications (and prices for that matter)

continues with the i9-9960X and i9-9940X but stops when our chart hits the i9-9920X.

Personally I think this CPU is one of the most interesting of this generation since it boasts a base clock that’s a whopping 600MHz higher than the outgoing 7920X and Intel has equipped it with more L3 Smart Cache.

This combination could make it a potent competitor against the Threadripper 2950X despite a cost that’s a good $300 higher than AMD’s alternative.

The 9920X will require more power than the 7000-series CPU it replaces but that’s a small price to pay.

Moving further down into the lineup and things continue to get interesting.

The 9900X gets a 200MHz boost in its Base Clock rates but that move from 13.75 to 19.25MB of Smart Cache will likely benefit performance more than any frequency modification could have.

Remember,

in many ways the 7900X was Skylake-X’s darling since

it combined a somewhat reasonable price with great frequencies and 20 concurrent threads.

I still use one in my primary gaming and editing PC.

The next stop on our whirlwind tour is the oddball of Intel’s new lineup:

the i9-9820X. Like the 9900X it has 20 threads but it

also operates at significantly lower clock speeds and it

has nearly 3MB less L3 cache. And yet it costs just $100 less.

Its obvious Intel wants this CPU to run up against AMD’s 2950X but

I have to wonder why they didn’t just lower the 9900X’s price by $100 for a more convincing alternative.

Sure it has 44 CPU-based PCIe lanes but that’s par for the course these days.

Intel has chosen the i7-9800X as the i7-7820X’s true replacement and with it

comes the expected price increase to $600 (versus the 7800X’s $400) and 44 PCIe lanes.

Honestly,

it seems these two 9800X-series processors are positioned in such a way to make room for the i9-9900K rather than being reactive to anything within the competitive landscape.

So that’s the quick and dirty look at Intel’s refreshed lineup and in all reality,

if the original Skylake-X processors didn’t appeal to you, there’s likely nothing here to change your opinion.

But let’s go through the motions of benchmarking the i9-9980XE to see if there are any surprises in store.

Intel and AMD both have two high-powered server processors launches coming up next year which are set to shake up the enterprise market.

Intel is the runaway market leader with its Xeon family of processors,

but AMD is making slow and steady progress to challenge that market share with its EPYC processors.

During the first half of 2019, the fight will continue with the 14nm++ Cascade Lake-AP Xeon processors,

while AMD will be fielding its 7nm Zen 2-based “Rome” EPYC processors.

Much to our pleasure, leaked Cinebench R15 numbers have made their way to the internet courtesy of HKEPC.

Not only do we have results from the range-topping 48-Core Cascade Lake-AP Xeon,

but also the 64-core Zen 2 EPYC.

Both results are in a 2P (dual CPU) configuration, which means that we’re looking at a total of 96 cores and 192 threads for the Intel rig along with 128 cores and 256 threads for the AMD system.

No matter which way you look at it,

this is some rather serious processing muscle that will be at the disposal of customers in the coming months.

The Intel system has two Xeon processors with a reported clock speed of 2.5GHz along with 24-channel DDR4-2667 memory. When all was said and done, the Intel Xeon 2P system put up a Cinebench R15 score of 12,482.

Although we don’t have any particulars with regards to the memory configuration of the EPYC 2P system, the processors are reportedly running at just 1.8GHz. Even so, the AMD rig pulled down a result of 12,861 putting it slightly ahead of the Intel offering. Now of course, there are a lot of variables to consider here (Intel’s clock speed advantage versus AMD’s core/thread advantage and the fact these likely aren’t production chips), but either processor at this point is a beastly offering.

We’re bound to see more benchmarks leak as we close out 2018 and creep into 2019, but the server battle between Intel and AMD is shaping up to be an exciting one for bystanders.