Researchers disclose new CacheOut attack that targets Intel processors

[Shawn Knight]

What just happened? Security researchers from the University of Michigan have disclosed details regarding a new vulnerability affecting most Intel processors that could be exploited to leak sensitive data.

CVE-2020-0549, dubbed CacheOut by the researchers, is a speculative execution attack that carries a severity rating of 6.5 (medium risk). As Intel highlights in its disclosure, this side channel variant could allow the data value of some modified cache lines in the L1 data cache to be inferred under the right set of circumstances.

Unlike previous Microarchitectural Data Sampling (MDS) issues, an attacker can exploit this new vulnerability to select what data to leak rather than having to wait for the data to become available. Worse yet, the researchers demonstrate that it can “violate nearly ever hardware-based security domain” including co-resident virtual machines, the OS kernel and even Software Guard Extensions (SGX) enclaves.

Jerry Bryant, director of communications for Intel Product Assurance and Security, said they are not aware of any use of the vulnerability outside of a controlled lab environment.

Intel has published a list of processors that are and aren’t affected by the vulnerability. Notably, the researchers say that AMD chips are not affected by CacheOut as the company doesn’t offer any feature similar to Intel’s Transactional Synchronization Extensions (TSX). ARM and IBM products do have a feature similar to TSX although the researchers said they don’t know if any of them are affected.

Intel is planning to release microcode updates for affected processors through its Intel Platform Update (IPU) in the near future. Those interested in digging deeper are invited to check out the full paper (PDF) on the issue.

Masthead credit: CPU by Mau47. CacheOut logo by Marina Minkin.

Permalink to story.

https://www.techspot.com/news/83754-researchers-disclose-new-cacheout-attack-targets-intel-processors.html

 

[GeforcerFX]

6, 7, 8, & 10th gen are affected, all before are listed as unaffected. Man I keep seeing all this crap pop up for intel lately makes me happy I got my hands on a older AMD APU laptop recently as well, something a bit more secure for using.

 

[antiproduct]

So basically it'll be updated if your motherboard manufacturer still puts out BIOS updates. Which most of them generally abandon after a year.

 

[wiyosaya]

So basically it'll be updated if your motherboard manufacturer still puts out BIOS updates. Which most of them generally abandon after a year.

That has been sIntel's basic longevity for chipsets, so I am not so sure that MB manufacturers are a just target of blame.

IMO this is a symptom of sIntel's business strategy where they simply do not care how much you spend each time you buy one of their CPUs. They are pursuing profits only, just like IoT manufacturers could care less about the security of their devices as long as they cash in on the fad.

 

[Evernessince]

Good for Intel. They made record profits last quarter thanks to partners having to buy new server chips thanks to these exploits. They should keep them rolling, people are still buying.

 

[antiproduct]

That has been sIntel's basic longevity for chipsets, so I am not so sure that MB manufacturers are a just target of blame.

IMO this is a symptom of sIntel's business strategy where they simply do not care how much you spend each time you buy one of their CPUs. They are pursuing profits only, just like IoT manufacturers could care less about the security of their devices as long as they cash in on the fad.

It really does depend on the motherboard manufacturer. At work I got lots and lots of Dell computers, we have some old ivy bridge systems and they still got BIOS updates for some of these vulnerabilities. I don't know if that's a deal with Dell or what, but I think most motherboard manufacturers quickly abandon updates for their products much sooner. Which is really sad for the home builders.

 

[yeeeeman]

6, 7, 8, & 10th gen are affected, all before are listed as unaffected. Man I keep seeing all this crap pop up for intel lately makes me happy I got my hands on a older AMD APU laptop recently as well, something a bit more secure for using.

More secure you say....riiiight.

 

[kira setsu]

More secure you say....riiiight.

in the future AMD will be just as notorious when they get big and have their equipment attacked too, the big fish will always be the target, hopefully AMD realizes this and is actively working to protect things early.

 

[Irata]

More secure you say....riiiight.

Got any proof to the contrary, e.g. that AMD was cutting corners in order to increase IPC like Intel did?

 

[BadThad]

It never ends.....I don't know the details of the exploit but it likely requires physical access to a machine. I suspect this is another *yawn* exploit that we're unlikely ever to see.

 

[Ravalo]

It really does depend on the motherboard manufacturer. At work I got lots and lots of Dell computers, we have some old ivy bridge systems and they still got BIOS updates for some of these vulnerabilities. I don't know if that's a deal with Dell or what, but I think most motherboard manufacturers quickly abandon updates for their products much sooner. Which is really sad for the home builders.

I also think it depends on the mb manufacturer, since some A320 boards support 3rd gen ryzen, while amd said it wouldn’t support that chipset

 

[wiyosaya]

It really does depend on the motherboard manufacturer. At work I got lots and lots of Dell computers, we have some old ivy bridge systems and they still got BIOS updates for some of these vulnerabilities. I don't know if that's a deal with Dell or what, but I think most motherboard manufacturers quickly abandon updates for their products much sooner. Which is really sad for the home builders.

My bet is that Dell likely sells most of their systems to businesses - which is substantially more lucrative than the enthusiast/consumer market. IT managers might think twice about buying from Dell if they simply dropped support for older procs and MBs. This would be bad for their business and bottom line.

I also think it depends on the mb manufacturer, since some A320 boards support 3rd gen ryzen, while amd said it wouldn’t support that chipset

AMD is also offering a radically different model for chipset longevity. In the case of the A320 chipset it sounds like AMD left it up to MB manufacturer to support Ryzen 3 or not.

With sIntel, its one or maybe two CPU generations at best being compatible with a particular chipset.

I would expect that each different chipset also has a different instruction set requiring somewhat different microcode for each. I am not necessarily defending them; however, when you have a large number of sets of code that has to be maintained, it can become a source code management nightmare - for which they receive nothing in return - perhap an attaboy at best from sIntel.

 

[Evernessince]

It really does depend on the motherboard manufacturer. At work I got lots and lots of Dell computers, we have some old ivy bridge systems and they still got BIOS updates for some of these vulnerabilities. I don't know if that's a deal with Dell or what, but I think most motherboard manufacturers quickly abandon updates for their products much sooner. Which is really sad for the home builders.

On the consumer side very few older motherboards are getting updated.

 

[OortCloud]

Poor Intel, the hits just keep on coming!

 

[Athlonite]

Oh what a wicked web sIntel weaves when first it planed to exploit you for greed