New ‘CacheOut’ Attack Targets Intel CPUs

2020-01-28 22:58

Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs.

The more serious of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability that allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel's Software Guard Extensions enclave, a trusted execution environment on Intel processors.

"In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel's buffer overwrite countermeasures," wrote researcher Stephan van Schaik of the University of Michigan and colleagues in a research report made public Monday.

Intel said patches to mitigate against CacheOut are forthcoming and that it will address the issue in the near future.

Intel describes the flaw as a Vector Register Sampling bug.

News URL

https://threatpost.com/new-cacheout-attack-targets-intel-cpus/152323/

#attack #cacheout #CPU #intel #CVE-2020-0549

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-28	CVE-2020-0549	Improper Resource Shutdown or Release vulnerability in multiple products Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel opensuse debian canonical fedoraproject CWE-404	5.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Intel		6314	31	755	708	45	1539

News URL

Related news

Related Vulnerability

Related vendor