Intel has released information about two potentially dangerous flaws in the processor architecture of its CPUs. The chip manufacturer had already provided security updates for similar gaps in May and November 2019. Although the new vulnerabilities seem to be less critical than the previous ones, side-channel attacks are still possible.
The third Intel patch in one year
Intel will again be supplying updates for its processors in the coming weeks to increase security against modified side-channel attacks. Currently, the so-called “CacheOut” vulnerability (identifier: CVE-2020-0549) exists, through which data can leak out of the CPU’s cache memory. A modification of Intel’s microcode updates is intended to protect users with the new patch against the attack vectors Microarchitectural Data Samping (MDS) and Transactional Asynchronous Abort (TAA).
The hacker is able to select data for themselves
The current vulnerability allows the exploit to selectively choose which data it wants to access. The attack—referred to by Intel as L1D Eviction Sampling (L1DES)—causes an exception: data loaded during a running process of a speculative execution is discarded due to a triggered error. The attackers have now modified their approach and can load the data to be read out into unused filling buffers.
Until now, reducing the vulnerability has been associated with a severe performance degradation because, according to VUSec (Systems and Network Security Group at the Vrije University of Amsterdam), the processor’s L1D cache has to be completely emptied again at each context switch. This is mainly relevant for cloud operators, because attackers can read data beyond a virtual machine. With the help of the new microcode update, the flaws in the architecture can be corrected in the coming weeks.
it is mainly CPUs manufactured after 2015 that are affected: the weakness has existed in Intel processors since the Skylake generation (Core i-6000), as well as in the current desktop generation Coffee Lake Refresh (Core i-9000) and all Xeon SP CPUs (Skylake SP, Cascade Lake SP). Only Ice Lake is not affected.
It remains to be seen whether the vulnerability, similar to Meltdown/Spectre, will make a big splash.