CacheOut Intel CPU vulnerability detailed

by Mark Tyson on 28 January 2020, 10:11

Tags: Intel (NASDAQ:INTC)

Quick Link: HEXUS.net/qaeh7s

Add to My Vault: x

Please log in to view Printer Friendly Layout

Another vulnerability has been discovered in Intel CPUs. Again, Intel CPUs have been found to be prey to a speculative execution attack, but previous generation software and hardware patches haven't closed off this particular vulnerability. The Researchers who discovered 'L1D Eviction Sampling' vulnerability have dubbed it CacheOut as the side-channel weakness exploited is in the CPU caching mechanism.

Before we go on, it is worth noting that Intel CPUs released before SkyLake and after Q4 2018 will not be vulnerable to CacheOut. AMD processors aren't affected, according to the researchers. IBM and ARM processors might be affected but were outside the scope of the paper.

Intel has previously made efforts to limit the chance of side cannel attacks and hackers 'drinking from the data firehose' by overwriting data buffers in the CPU. However, CacheOut is a new Microarchitectural Data Sampling (MDS) technique that can bypass these countermeasures.

Researchers at the University of Michigan and University of Adelaide observed that "as data is being evicted from the CPU L1 cache, it is often transferred back to the leaky CPU buffers where it can be recovered by the attacker." An attractive aspect of CacheOut for hackers is that it allows choice of which data to leak from the CPU’s L1 cache, as well as which part of a cache line to leak. The researchers demonstrated that it is possible to "leak information across multiple security boundaries, including those between hyperthreads, processes, and virtual machines, and between user space and the operating system kernel, and from SGX enclaves." Intel has classed CacheOut, or L1D Eviction Sampling / CVE-2020-0549 / INTEL-SA-00329 - as a medium severity level 6.5 vulnerability.

The security researchers got in touch with Intel last year before making their research public. This helped Intel get patches ready, and cloud providers have already deployed countermeasures against the flaw. Disabling hyperthreading or disabling TSX within Intel’s processors can mitigate against the flaw for now. However, Intel says it expects to release microcode updates for affected processors shortly.



HEXUS Forums :: 28 Comments

Login with Forum Account

Don't have an account? Register today!
So many vulnerabilities that have come out over time and continue to come out that are Intel only, it just adds another reason for me to be glad that I chose AMD again for my new build.

I shudder to think of the presumable cumulative impact that all of the patches would have on performance.
Output
I shudder to think of the presumable cumulative impact that all of the patches would have on performance.

It is doing wonders for Intel's economic performance. All those servers that dropped 40% in performance, now companies have to go out and buy 40% more Xeon servers to make up the shortfall. I couldn't make this stuff up.

And no, they can't buy AMD servers, “we only buy Dell here”.
Does anyone know of anyone in the private world, who has ever been “hacked” through any of these vulnerabilities?

There have been so many, over so long…what are the real world impacts of these?

Does my gran (not a real person) using her 3 year old PC run the risk of a good bank hack, if she obeys every other rule of internet safety? If she never clicks a link in an email, never falls for a phishing scam, never unzips a mystery attachment etc…is she at risk?
Zak33
Does anyone know of anyone in the private world, who has ever been “hacked” through any of these vulnerabilities?

There have been so many, over so long…what are the real world impacts of these?

Does my gran (not a real person) using her 3 year old PC run the risk of a good bank hack, if she obeys every other rule of internet safety? If she never clicks a link in an email, never falls for a phishing scam, never unzips a mystery attachment etc…is she at risk?

Yes, she would be at risk…

She goes to her favourite knitting website.
The website serves up an advert
Someone using the ad network serves up some javascript along with that picture of a kitten (awww).
Now when you log into something on another tab, they can read your password.

Updating your web browser fixes this. Keeping your OS up to date fixes this. Just let stuff update itself, and she will be fine. But it's these fly-by attacks that are the problem. Nothing is stored on the PC, so “my virus scanner didn't find anything” isn't surprising, but when some of these vulnerabilities are demonstrated with just javascript then you are wide open.

Which reminds me, I need to go around the house and update all the graphics drivers. I haven't verified the idea that webgl can access sensitive memory through shader programming, but why risk it.
Disabling hyperthreading … essentially my i3 becomes a Celeron.