In recent years, researchers have discovered a multitude of vulnerabilities in x86, POWER and even ARM processors. In most cases, these problems have been resolved, with the detriment of performance, through patches at the level of firmware or software that have mitigated or canceled possible damages.
For example, Meltdown, a security vulnerability that affects a wide range of systems, including all devices running any but the most recent and patched versions of iOS, Linux, macOS, or Windows. Some months ago, researchers discover a troubling new security flaw in all modern Intel processors that could permit an adversary to access the computer’s kernel memory, which could potentially result in them gaining access to sensitive information, like passwords, tokens, and private conversations.
Since the publication of Meltdown and Spectre, researchers have scrutinized the speculative-execution feature of modern CPUs, particularly side-channel attacks targeting the performance-focused feature of modern CPUs. The SWAPGS Attack affects newer Intel CPUs that use speculative execution.New Side-Channel Attack Bypasses Spectre and Meltdown Defenses | BitDefender
These days, a new flaw hits Intel’s newest Cascade Lake processors that allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. We posted here only a few of the Intel’s CPUs’ security issues, but the real number is large. In general, Intel CPUs have been found to be vulnerable to a series of exploits collectively known as Microarchitechtural Data Sampling. You should notice that all these issues do not affect AMD processors or affect them only in a less problematic way.
The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites.
The attacks affect all modern Intel CPUs in servers, desktops and laptops. This includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.
Processors from other vendors (AMD and ARM) do not appear to be affected. Official statements from these vendors can be found in the RIDL and Fallout papers.MDS: Microarchitectural Data Sampling | mdsattacks.com
We can affirm that, in general, Intel processors are much more susceptible to certain attacks compared to AMD. If security is important for you, the priority is AMD over Intel. To make a better idea of what we are talking about, compare the security vulnerability data source (CVE Details) of Intel and of AMD. Also, pay attention to last years security issues and look at the gravity of the danger.
Linux distros have been already patched the latest Intel vulnerabilities in the last Linux kernel. Red Hat recommends all users to update their systems immediately to mitigate these new security vulnerabilities affecting Intel CPUs. The latest three new security Intel vulnerabilities are CVE-2018-12207 (Machine Check Error on Page Size Change), CVE-2019-11135 (TSX Asynchronous Abort), as well as CVE-2019-0155 and CVE-2019-0154 (i915 graphics driver-related vulnerabilities). Fedora already released The 5.3.11 stable kernel update (for F29, F30 and F31) that contains a number of important security updates across the tree, including mitigations for the most recent hardware issues disclosed on Nov 12. Ubuntu also proposed immediately the mitigations for these issues through an updated Linux kernel and a combination of firmware and kernel driver updates for the GPUs issue.
The Debian Project released new Linux kernel security updates for its supported Debian GNU/Linux releases (patches are available for Debian GNU/Linux 9 and 10 systems) to fix the latest vulnerabilities affecting Intel CPU microarchitectures.
Users are urged to update their systems immediately, The Debian Project recommends all users of the Debian GNU/Linux 9 “Stretch” and Debian GNU/Linux 10 “Buster” operating systems to update their installations as soon as possible to the new Linux kernel versions.Debian Project Releases Linux Security Updates to Patch Latest Intel CPU Flaws | Softpedia.com
Greg Kroah-Hartman, a maintainer of the stable Linux kernel, says we’re going to see Intel chip security problems for years to come.
These problems are going to be with us for a very long time, they’re not going away. They’re all CPU bugs, in some ways they’re all the same problem, but each has to be solved in its own way. MDS, RDDL, Fallout, Zombieland: They’re all variants of the same basic problem.Top Linux developer on Intel chip security problems: ‘They’re not going away.’ | zdnet.com
You can find an interesting debate on Slashdot about the Intel’s Cascade Lake CPUs impacted by the new Zombieload v2 attack, here the link.
Intel, like a big company usually does, is working fast on patches and mitigation. The engineers and the developers are continuously releasing documents, firmware fixes, and drivers. But is it enough? And also remember that every patch produces a decay of performance.
Far from the security issues, Intel CPUs are now behind the AMD ones: less performance, more consumptions, and higher costs. These are only our 2 cents, but we are sure that AMD Ryzen, Threadripper or Epyc are really good choices now.