Another month, another speculative execution vulnerability found in Intel processors.
If your computer is running any modern Intel CPU built before October 2018, itโs likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intelโs secured SGX enclave.
Dubbed CacheOut a.k.a. L1 Data Eviction Sampling (L1DES) and assignedCVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPUโs L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.
According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves.
โCacheOut can leak information from other processes running on the same thread, or across threads on the same CPU core,โ the researchers said. โCacheOut violates the operating systemโs privacy by extracting information from it that facilitates other attacks, such as buffer overflow attacks.โ
More precisely, the attack enables a malicious program to force the victimโs data out of the L1-D Cache into leaky buffers after the operating system clears them, and then subsequently leak the contents of the buffers and obtain the victimโs data.
Researchers at the universities of Adelaide and Michigan demonstrated:
Besides this, according to researchers, itโs currently unlikely for Antivirus products to detect and block CacheOut attacks, and since the exploit does not leave any traces in the traditional log file, itโs also โvery unlikelyโ to identify whether someone has exploited the flaw or not.
To be noted, CacheOut flaw canโt be exploited remotely from a web browser and also doesnโt affect AMD processors.
Based on researchers findings, Intel yesterday released new microcode updates for affected processors that eventually turns off Transactional Memory Extension (TSX) on the CPUs.
โSoftware [update] can mitigate these issues at the cost of features and/or performance. We hope that somewhere in the future, Intel will release processors with in-silicon fixes against this issue,โ the researchers said.
Though most cloud providers have rolled out patches to their infrastructures, other users can also mitigate the cross-thread leakage by disabling Intel hyper-threading for systems where security is more important.
Furthermore, neither Intel nor the researchers have released exploit code, which indicates thereโs no direct and immediate threat.
Found this article interesting? Follow THN on Facebook, Twitter ๏ and LinkedIn to read more exclusive content we post.