New Intel CPU vulnerability

joepie91joepie91 OGServices Provider

Time to reset the "It's been __ days since the last Intel CPU vulnerability" counter!

We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

Moreover, unlike previous MDS issues, we show in our work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. Finally, we empirically demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.

Source

Microcode updates are supposedly already available. Best update ASAP, if you're running Intel and haven't yet... you know the drill.

«134

Comments

Sign In or Register to comment.