News

New Intel processor bug leaks information from virtual machines

A couple of years ago, the emergence of the dangerous speculative execution vulnerability known as Spectre affected millions of Intel processor users; now, vulnerability testing experts report the finding of a new flaw of similar features that could be exploited to intercept data across hardware security boundaries.

The vulnerability, known as CacheOut,
is present on a wide variety of Intel processors, all available on the market
until the end of 2018. Several groups of researchers have worked on this flaw,
including a complete team at the Adelaide University, Australia, which
discovered that information leaks may occur from the processor cache.

Vulnerability testing experts mention that an
exploit for the vulnerability has not yet been developed, although it is
essential to address its existence, as its exploitation is undetectable to
victims. If exploited, the vulnerability would allow the interception of
information about the randomization of the operating system kernel address
space, in addition to the use of other attack variants, such as buffer
overflows
, using additional software. 

As if that’s not enough, the researchers say
CacheOut is also capable of leaking data from hypervisors and virtual machines,
as well as dumping the content of Intel Software Guard Extensions (SGX)
hardware enclaves. The final touch is the ability of this flaw to bypass the hardware
mitigations to prevent the exploitation of Spectre and Meltdown flaws,
installed by Intel.

The company released microcode updates to fix
this vulnerability, which will be implemented by the next operating system
update of the affected devices. According to vulnerability testing experts from
the International Institute of Cyber Security (IICS), AMD processors are not
affected by this security flaw.

Finally, researchers at the University of
Adelaide noted that ARM architecture and IBM processors have features similar
to Intel’s Transactional Synchronisation Extensions (TSX), so the vulnerability
is likely to be also present in one of these products. Official confirmation is
expected over the next few days.

You Might Also Like