Security News > 2020 > January > Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon

Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon
2020-01-28 21:46

Intel on Monday issued a processor data leakage advisory, describing two chip architecture flaws, one of which it tried to fix twice before.

Intel's microcode fix involved using the VERW instruction and the L1D FLUSH command to overwrite the store buffer value, to prevent buffer data from being read. But Intel's initial fix in May failed.

The CacheOut paper details "a transient execution attack that is capable of bypassing Intel's buffer overriding countermeasures as well as allowing the attacker to select which cache sets to read from the CPU's L1 Data cache."

The researchers say Intel customers are probably affected unless they have a CPU released after Q4 2018 - but that's purely accidental.

In the meantime, to address CVE-2020-0548 and CVE-2020-0549, Intel reckons it "Will release Intel processor microcode updates to our customers and partners as part of our regular Intel Platform Update process. Intel recommends that users of affected Intel processors check with their system manufacturers and system software vendors and update to the latest microcode update when available."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/28/intel_processor_data_leak/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-01-28 CVE-2020-0548 Improper Resource Shutdown or Release vulnerability in Intel products
Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-404
5.5
2020-01-28 CVE-2020-0549 Improper Resource Shutdown or Release vulnerability in multiple products
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5