Security News > 2020 > January > CacheOut/L1DES: New Speculative Execution Attack Affecting Intel CPUs

CacheOut/L1DES: New Speculative Execution Attack Affecting Intel CPUs
2020-01-28 12:32

Intel on Monday informed customers that researchers have identified yet another speculative execution attack method that can be launched against systems that use its processors.

The disclosure of the Meltdown and Spectre vulnerabilities back in January 2018 paved the way for the discovery of several speculative execution side-channel attack methods impacting modern processors.

In May 2019, researchers disclosed the existence of new attack methods that rely on Microarchitectural Data Sampling vulnerabilities.

According to researchers at the University of Michigan, which have dubbed the vulnerability CacheOut, this attack can bypass the hardware protections in many Intel CPUs and allows the attacker to select what data they want to leak rather than waiting for the data to be available.

Processors made by AMD are not impacted and the researchers said they have yet to determine if CacheOut attacks can be launched against chips from Arm and IBM. VUSec researchers, who have described L1DES as a new variant of the RIDL attack, have also disclosed a second vulnerability, which they and Intel track as Vector Register Sampling.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/TPZ696zjmdc/cacheoutl1des-new-speculative-execution-attack-affecting-intel-cpus

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539