A flaw has been discovered that allows for data to be leaked from the internal memory of Intel CPUs.<\/p>\n
Under a specific set of complex conditions, a malicious party could infer the data values of some modified cache lines in the L1 data cache, Intel explained.<\/p>\n
Intel added that with certain processors, and under specific conditions, data in a modified cache line that is being returned after the use of this exploit may allow for the construction of a “covert channel to infer modified data in the L1D cache that the victim intends to protect from the malicious adversary”.<\/p>\n
The flaw, known as Snoop-assisted L1 data sampling, is able to access the data from cache lines that were modified on the same core by the following agents:<\/p>\n
“In all of these scenarios, a local adversary is restricted to seeing only cache lines that were non-speculatively modified by entities with legitimate access to that data,” Intel said.<\/p>\n
Intel said that because of a flaw that was addressed previously – the L1 Terminal Fault (L1TF) – some users may already have mitigation measures in place that also protect against this flaw.<\/p>\n
Users who have not implemented these patches – which were made available in 2018 – are recommended to do so to protect from all types of snoop attacks.<\/p>\n
Alternatively, users can flush the L1D cache between when secrets are accessed, as well as when software that could be malicious is run on the same core.<\/p>\n
Finally, users are encouraged to disable the Intel Transactional Synchronisation Extensions (TSX) to “greatly reduce the attack surface while also making this new attack harder to pull off”.<\/p>\n
Intel explained that exploiting this flaw is very challenging, and it does not leak large amounts of data – leading the company to believe the flaw will not be used by malicious parties in the wild.<\/p>\n
“Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe Snoop Assisted L1 Data Sampling is a practical method in real-world environments where the OS is trusted,” said Intel.<\/p>\n
A flaw has been discovered that allows for data to be leaked from the internal memory of Intel CPUs.<\/p>\n","protected":false},"author":341039,"featured_media":291188,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[28218,131,63711,17780,15511],"class_list":["post-343419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cpu","tag-intel","tag-intel-cpu","tag-security-exploit","tag-security-flaw"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/343419"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341039"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=343419"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/343419\/revisions"}],"predecessor-version":[{"id":343443,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/343419\/revisions\/343443"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/291188"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=343419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=343419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=343419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}