Additional Dangerous Vulnerabilities in Intel CPUs Manufactured Since 2015
upstart writes in with an IRC submission for Cowardly_Anonymizer:
More dangerous vulnerabilities in Intel CPUs:
Intel has released information about two potentially dangerous flaws in the processor architecture of its CPUs. The chip manufacturer had already provided security updates for similar gaps in May and November 2019. Although the new vulnerabilities seem to be less critical than the previous ones, side-channel attacks are still possible.
Intel will again be supplying updates for its processors in the coming weeks to increase security against modified side-channel attacks. Currently, the so-called "CacheOut" vulnerability (identifier: CVE-2020-0549) exists, through which data can leak out of the CPU's cache memory. A modification of Intel's microcode updates is intended to protect users with the new patch against the attack vectors Microarchitectural Data Samping (MDS) and Transactional Asynchronous Abort (TAA).
The current vulnerability allows the exploit to selectively choose which data it wants to access. The attack-referred to by Intel as L1D[*] Eviction Sampling (L1DES)-causes an exception: data loaded during a running process of a speculative execution is discarded due to a triggered error. The attackers have now modified their approach and can load the data to be read out into unused filling buffers.
Until now, reducing the vulnerability has been associated with a severe performance degradation because, according to VUSec (Systems and Network Security Group at the Vrije University of Amsterdam), the processor's L1D cache has to be completely emptied again at each context switch. This is mainly relevant for cloud operators, because attackers can read data beyond a virtual machine. With the help of the new microcode update, the flaws in the architecture can be corrected in the coming weeks.
[*] L1D is explained on Wikipedia as: "The first CPUs that used a cache had only one level of cache; unlike later level 1 caches, it was not split into L1d (for data) and L1i (for instructions)."
Read more of this story at SoylentNews.