A flaw has been discovered that allows for data to be leaked from the internal memory of Intel CPUs.
Under a specific set of complex conditions, a malicious party could infer the data values of some modified cache lines in the L1 data cache, Intel explained.
Intel added that with certain processors, and under specific conditions, data in a modified cache line that is being returned after the use of this exploit may allow for the construction of a “covert channel to infer modified data in the L1D cache that the victim intends to protect from the malicious adversary”.
The flaw, known as Snoop-assisted L1 data sampling, is able to access the data from cache lines that were modified on the same core by the following agents:
- Other applications
- Operating System
- System Management Mode
- Virtual Machine Monitor
“In all of these scenarios, a local adversary is restricted to seeing only cache lines that were non-speculatively modified by entities with legitimate access to that data,” Intel said.
Protecting against the exploit
Intel said that because of a flaw that was addressed previously – the L1 Terminal Fault (L1TF) – some users may already have mitigation measures in place that also protect against this flaw.
Users who have not implemented these patches – which were made available in 2018 – are recommended to do so to protect from all types of snoop attacks.
Alternatively, users can flush the L1D cache between when secrets are accessed, as well as when software that could be malicious is run on the same core.
Finally, users are encouraged to disable the Intel Transactional Synchronisation Extensions (TSX) to “greatly reduce the attack surface while also making this new attack harder to pull off”.
Intel explained that exploiting this flaw is very challenging, and it does not leak large amounts of data – leading the company to believe the flaw will not be used by malicious parties in the wild.
“Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe Snoop Assisted L1 Data Sampling is a practical method in real-world environments where the OS is trusted,” said Intel.