Intel Patches Two New Security Flaws (tomshardware.com) 42
This week Intel announced two new patches, according to Tom's Hardware:
The flaw in the processor diagnostic tool (CVE-2019-11133) is rated 8.2 out 10 on the CVSS 3.0 scale, making it a high-severity vulnerability. The flaw [found by security researcher Jesse Michael from Eclypsium] "may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access," according to Intel's latest security advisory. Versions of the tool that are older than 4.1.2.24 are affected.
The second vulnerability, found by Intel's internal team, is a medium-severity vulnerability in Intel's SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.
As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.
The second vulnerability, found by Intel's internal team, is a medium-severity vulnerability in Intel's SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.
As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.
Re: (Score:1)
Pretty soon after loading all the required security patches on my shiny new i7 CPU it will be almost as fast as my 1990's 80486 (with math coprocessor of course).
The scatter graph doesnt lie. [cpubenchmark.net] Intel is doomed. Sell your Intel stock. Make sure your ROTH's and 401K's arent anywhere near it. No magic 3D trigates this time.
Re: (Score:1)
As the new Ryzen 3000 reviews proved Intel still has shady tactics at their disposal. They "bribed" reviewers by suggesting no new free hardware for them if they benchmark correctly. A few examples:
Anandtech benchmarked Ryzen with Windows 1903, but conveniently used Intel results from 1703 without MDS/Zombieload mitigations AND without new microcode while using some bullcrap excuse about the microcode not being available (it's been available from Microsoft Update since May 13th). They have not corrected the
Re: (Score:2)
As the new Ryzen 3000 reviews proved Intel still has shady tactics at their disposal.
This time they wont get away with it. The internet is in full bloom now. As you have noted, problems with various benchmarking setups are immediately called out now. For the most part I trust cpubenchmarks.net the most because its crowd-sourced, with folks mostly benchmarking actual systems instead of built-for-the-benchmark ones.
.. well thats a good thing in my book .. hopefully they also didnt use "the provided processor" (could be on purpose the best
As far as Gamers Nexus not using "the provided ram"
Re: (Score:2, Interesting)
Reviewers are routinely benchmarking the boxed cooler for Ryzens against i9-9900K with an expensive cooler since it doesn't come with one.
That should be considered standard practice. The box cooler for the high end Ryzens are quite frankly awesome performers with the Wraith Prism cooler outdoing many others in every test other than sound (it's frigging loud). As for your Anandtech benchmarks it looks like the benchmarked an i9-9900K with a Thermalright true copper, a very much middle of the run cooler for Intel, against a Ryzen 3700x with a Wraith Prism designed for a Ryzen 2700x which had a 30% higher TDP requirement. Sounds like the cards a
Re: (Score:1)
Don't equate Intel's TDP to AMD's. Intel is specifying TDP at *base* clocks, while operating almost all the time at turbo. It doesn't matter if they benchmarked Intel with a mid or top cooler. There is no cooler in Intel's box, while AMD has one. They prices of both are equal, so AMD wins by far on the perf/cost.
How is AMD prividing a mid range RAM kit "cheating"?
Speculative Execution mitigations are enabled by default on Windows, so... everyone is running them unless they specifically disabled them. That a
Re: (Score:2, Informative)
Don't equate Intel's TDP to AMD's.
I didn't. I equated AMD's TDP shipping a cooler designed for high end Ryzen 2000s with Ryzen 3000s that produce 30% less heat.
How is AMD prividing a mid range RAM kit "cheating"?
AMD knows their infinity fabric is highly sensitive to RAM and timings. This is the reason they so graciously provided some RAM. Providing a level playing field is why that was so graciously ignored in favour of a known set of RAM sticks with a known configuration.
Speculative Execution mitigations are enabled by default on Windows
Don't talk in generalities. There are a few specific mitigations that are enabled by default. Many are not universally. T
Re: (Score:2, Insightful)
Yes, we all know that "standard practice" is to make Intel look as good as humanly possible.
I think you need to take some reading comprehension classes.
) deliberately trying to skew the numbers normal people will see
Interesting statement. As a normal person running Windows 10 version 1809, what numbers am I going to see? Please tell me. Microsoft's 10 advisories and blogs on the topic say "LOL you may or may not be running various code in a different way than other people". They say I may be part of a phased rollout. They say I may or may not be using Retpoline already. Who knows.
You seem to like "benchmarking" with as many variables as possible so you can pus