Another month, another speculative execution vulnerability found in Intel processors.
If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel’s secured SGX enclave.
Dubbed CacheOut a.k.a. L1 Data Eviction Sampling (L1DES) and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU’s L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.
According to a team of academic researchers, the newly-discovered speculative execution attacks can leak information across multiple security boundaries, including those between hyper-threads, virtual machines, and processes, and between user space and the operating system kernel, and from SGX enclaves.
“CacheOut can leak information from other processes running on the same thread, or across threads on the same CPU core,” the researchers said. “CacheOut violates the operating system’s privacy by extracting information from it that facilitates other attacks, such as buffer overflow attacks.”
More precisely, the attack enables a malicious program to force the victim’s data out of the L1-D Cache into leaky buffers after the operating system clears them, and then subsequently leak the contents of the buffers and obtain the victim’s data.
images from Hacker News