Security News > 2020 > January > New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.
Dubbed CacheOut a.k.a. L1 Data Eviction Sampling and assigned CVE-2020-0549, the new microarchitectural attack allows an attacker to choose which data to leak from the CPU's L1 Cache, unlike previously demonstrated MDS attacks where attackers need to wait for the targeted data to be available.
More precisely, the attack enables a malicious program to force the victim's data out of the L1-D Cache into leaky buffers after the operating system clears them, and then subsequently leak the contents of the buffers and obtain the victim's data.
According to researchers, it's currently unlikely for Antivirus products to detect and block CacheOut attacks, and since the exploit does not leave any traces in the traditional log file, it's also "Very unlikely" to identify whether someone has exploited the flaw or not.
Based on researchers findings, Intel yesterday released new microcode updates for affected processors that eventually turns off Transactional Memory Extension on the CPUs.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-28 | CVE-2020-0549 | Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |