Security News > 2023 > April > Intel CPUs vulnerable to new transient execution side-channel attack

Intel CPUs vulnerable to new transient execution side-channel attack
2023-04-24 19:38

A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register.

Instead of relying on the cache system like many other side-channel attacks, this new attack leverages a flaw in transient execution that makes it possible to extract secret data from user memory space through timing analysis.

The new side-channel attack presented in a technical paper published on Arxiv.org describes a flaw in the change of the EFLAGS register in transient execution, affecting the timing of JCC instructions.

The attack is carried out in two phases, the first being to trigger transient execution and encode secret data through the EFLAGS register, and the second is to measure the execution time of the KCC instruction to decode the data.

The experimental data showed that the attack achieved 100% data retrieval for the Intel i7-6700 and Intel i7-7700 and had some success against the newer Intel i9-10980XE CPU. The experiment was conducted on Ubuntu 22.04 jammy with Linux kernel version 5.15.0.

The researchers admit that the root causes of the attack remain elusive and hypothesize that there's a buffer in the execution unit of the Intel CPU, which needs time to revert if the execution should be withdrawn, a process that causes a stall if the ensuing instruction depends on the target of the buffer.


News URL

https://www.bleepingcomputer.com/news/security/intel-cpus-vulnerable-to-new-transient-execution-side-channel-attack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6832 278 786 430 28 1522