CVE-2020-0549, dubbed CacheOut by the researchers, is a speculative execution attack that carries a severity rating of 6.5 (medium risk). As Intel highlights in its disclosure, this side channel variant could allow the data value of some modified cache lines in the L1 data cache to be inferred under the right set of circumstances.
Unlike previous Microarchitectural Data Sampling (MDS) issues, an attacker can exploit this new vulnerability to select what data to leak rather than having to wait for the data to become available. Worse yet, the researchers demonstrate that it can “violate nearly ever hardware-based security domain” including co-resident virtual machines, the OS kernel and even Software Guard Extensions (SGX) enclaves.
Jerry Bryant, director of communications for Intel Product Assurance and Security, said they are not aware of any use of the vulnerability outside of a controlled lab environment.
Intel has published a list of processors that are and aren’t affected by the vulnerability. Notably, the researchers say that AMD chips are not affected by CacheOut as the company doesn’t offer any feature similar to Intel’s Transactional Synchronization Extensions (TSX). ARM and IBM products do have a feature similar to TSX although the researchers said they don’t know if any of them are affected.
Intel is planning to release microcode updates for affected processors through its Intel Platform Update (IPU) in the near future. Those interested in digging deeper are invited to check out the full paper (PDF) on the issue.