Tuesday, January 28th 2020

CacheOut is the Latest Speculative Execution Attack for Intel Processors

by
AleksandarK
 Discuss (77 Comments)
Another day, another speculative execution vulnerability found inside Intel processors. This time we are getting a new vulnerability called "CacheOut", named after the exploitation's ability to leak data stored inside CPU's cache memory. Dubbed CVE-2020-0549: "L1D Eviction Sampling (L1Des) Leakage" in the CVE identifier system, it is rated with a CVSS score of 6.5. Despite Intel patching a lot of similar exploits present on their CPUs, the CacheOut attack still managed to happen.

The CacheOut steals the data from the CPU's L1 cache, and it is doing it selectively. Instead of waiting for the data to become available, the exploit can choose which data it wants to leak. The "benefit" of this exploit is that it can violate almost every hardware-based security domain meaning that the kernel, co-resident VMs, and SGX (Software Guard Extensions) enclaves are in trouble. To mitigate this issue, Intel provided a microcode update to address the shortcomings of the architecture and they recommended possible mitigations to all OS providers, so you will be protected once your OS maker releases a new update. For a full list of processors affected, you can see this list. Additionally, it is worth pointing out that AMD CPUs are not affected by this exploit.
Source: CacheOut

Related News

Add your own comment

77 Comments on CacheOut is the Latest Speculative Execution Attack for Intel Processors

#26
TheinsanegamerN
Vayra86No amount of patchwork will completely fix these leaks. They exist on such a basic level there will probably always be some way to get past any sort of bandaid fix. Intel said as much when the first leaks came out, too. Let's be realistic about it :)

The more interesting part of it is that Intel actually still keeps selling leaky architecture to us, I mean Cascade Lake isn't exactly ancient. Gotta keep that money rollin' ey

But... they're taking it seriously :roll::roll::roll: Business as usual and made a record year... guess what. The memo we gave them since those leaks is that we also really don't give a shit and buy Intel regardless. We're helpless really.
You contradict yourself. If these leaks will keep happening regardless of patches, yet intel shouldnt be selling chips with these patches needed (in your opinion), then should intel just pack up shop and go home? Call it quits? What do you expect them to do?

As you said: "lets be realistic about it". Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors. These flaws are not game ending, and intel going out of business voluntaraly so they dont sell a flawed CPU is just rediculous.
Posted on Reply
#27
R0H1T
Have to say great choice in terms of pic for the FP article :nutkick:
TheinsanegamerNIntel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors.
Not always, in fact the vast majority of the critical ones centered around spectre & meltdown - both didn't require admin access & weren't what you'd call remote escalation attacks.

Except you probably won't know about these attacks ever, especially if an attacker exploited smeltdown on a vulnerable system - this is why they are scary & yes I'm talking nation state level targeted attacks.

And that's where I have a huge issue with the corporate culture, they never really learn do they :shadedshu:
Posted on Reply
#28
Dave65
TotallyMan, I wonder how Intel fanbois are holding up being unable to remark about bug ridden AMD CPUs are .
Yeah, am sure they are breaking blood vessels at a record pace :roll:

Joking aside tho, this is getting pretty bad, have upgraded most of my PCs to AMD but not because of the vulnerabilities but bang for the buck. I do hope Intel gets it together for the sake of health and wellness:roll:
Posted on Reply
#29
Vayra86
TheinsanegamerNYou contradict yourself. If these leaks will keep happening regardless of patches, yet intel shouldnt be selling chips with these patches needed (in your opinion), then should intel just pack up shop and go home? Call it quits? What do you expect them to do?

As you said: "lets be realistic about it". Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors. These flaws are not game ending, and intel going out of business voluntaraly so they dont sell a flawed CPU is just rediculous.
One does not exclude the other, and the fact that it doesn't is a testament to our own helplessness. You say it well, and we wouldn't want Intel to pack up shop either. Its a contradiction... and yet we live it.

Intel knows this and that is why them 'taking it seriously' is accepted as an excuse. Also what's done is done. Everyone wants the easy way out of this, and its not just Intel or me bashing just Intel here; its just an observation. OTOH where is the class action for all our lost performance? Fair's fair...

This is one of those examples of 'too big to fail'.
Posted on Reply
#30
HD64G
I wonder who has been surprised by those news. Only surprise to forum members comes from the existense of Intel's tech admirers. Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.
Posted on Reply
#31
londiste
HD64GBtw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.
Bullshit.
Posted on Reply
#33
V3ctor
So my Pentium 3 500Mhz (Katmai) is safe!....
Posted on Reply
#34
HD64G
londisteBullshit.
Another ignorant for my ignore list...
Posted on Reply
#35
EarthDog
HD64GAnother ignorant for my ignore list...
Or, you know, help out the forums and those who do not know by supporting your assertion with some links, perhaps. :)

I don't know why, with any certainty, AMD is slower, but I recall it having something to do with AMD's chiplet design and latency between the CCXs and IO die. If this isn't correct, help us out, eh?
Posted on Reply
#36
trparky
Intel performance is great and all but if they had to take shortcuts to get that performance then what good is the performance? The fact that AMD is within striking distance of Intel performance while not having to take shortcuts that have lead to these security flaws is simply amazing. It makes me question if Intel has ran out of ideas and it lends even more credence to just why Intel hired Jim Keller who was instrumental in the creation of the Zen architecture.
Posted on Reply
#37
lewis007
Whats up with Intel CPU's and vulnerabilities?
Posted on Reply
#38
HD64G
EarthDogOr, you know, help out the forums and those who do not know by supporting your assertion with some links, perhaps. :)

I don't know why, with any certainty, AMD is slower, but I recall it having something to do with AMD's chipset design and latency between the CCXs and IO die. If this isn't correct, help us out, eh?
There are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.
Posted on Reply
#39
EarthDog
HD64GThere are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.
So, excuse me, but how does this answer your previous statement...

"Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one."

You just said above that regardless its faster, but..........still I didn't see any proof of low latency intel due to security holes (or missed it).
Posted on Reply
#40
trparky
HD64GThere are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal. That is the only big advantage that allow Intel to stay a bit ahead in low res gaming and (now old-school) single threading apps. And this latest vulverability affects the cpu cache. What more do we need to result in this opinion I posted above.
Apparently this won't be an issue with Zen 2 though.
Posted on Reply
#41
londiste
HD64GBtw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one.
This keeps coming up again and again while being simply incorrect and by now is more of a FUD than anything.
HD64GAnother ignorant for my ignore list...
Any proof of lower latency being due to security holes?
There is proof of the opposite in Phoronix's performance tests for mitigations and hardware fixes where fixed hardware is essentially at the same performance as pre-Spectre (and by essentially I mean there is a general overall 2-4% perf hit from Spectre mitigations in software).
HD64GThere are reviews out there that test exactly that thing by using both of or just one of the chiplets of the 3900X or 3950X (in order to avoid chiplet interconnection latency penalty) and proving that Zen Core latency is still higher than the Intel's core one even when RAM speeds and timings are equal.
Higher latency is direct consequence of chiplet design. If you look at these same reviews 2700X also has lower latency than 3700X. The reason is simple, cores need to go across package to a different die to memory controller for memory access. This is done over IF which (while very fast) adds an additional bit of delay to every memory access. This is why Zen2 has such a huge L3 cache to hide as much of that latency as possible.
Posted on Reply
#42
lexluthermiester
londisteDescription of what they refer to seems to be 5. Cross Process Attacks (on page 9).
Ok, read through that and the Linux problem is Kernel based and does not exist in Windows from XP 2K on. That problem will likely be swiftly rectified with a Kernel update. However, and more importantly, it's still not exploitable remotely. So even on Linux, you have to be at the system in question.
Posted on Reply
#43
moproblems99
lexluthermiesterHowever, and more importantly, it's still not exploitable remotely. So even on Linux, you have to be at the system in question.
Haven't read the paper yet but does that mean ssh in combined with a PE does not work?
Posted on Reply
#44
EarthDog
trparkyApparently this won't be an issue with Zen 2 though.
Zen 3, you mean? Zen 2, 3000 series, is already out and has these issues.
Posted on Reply
#45
trparky
EarthDogZen 3, you mean? Zen 2, 300 series, is already out and has these issues.
That’s what I meant. Oops. :ohwell:
Posted on Reply
#47
lexluthermiester
moproblems99Haven't read the paper yet but does that mean ssh in combined with a PE does not work?
The fact that it wasn't mentioned specifically very likely rules it out. However the research is ongoing so the jury might still be out on that scenario. My hypothesis is that it will ultimately not be possible.
Posted on Reply
#48
moproblems99
lexluthermiesterThe fact that it wasn't mentioned specifically very likely rules it out. However the research is ongoing so the jury might still be out on that scenario. My hypothesis is that it will ultimately not be possible.
I don't see why it wouldn't. In general, sitting in front of the box or SSH is no different.
Posted on Reply
#49
Steevo
lexluthermiesterThere is no one to blame. Like all of the vulnerabilities found in CPU's in the past few years, Intel created a CPU function that was intended to be of benefit. They had no expectation or foresight that it would be used in such a way.


That is incorrect.
If I had to guess at the possibility of Intel knowing these exploits existed and they made the conscious decision to ignore the risk for some performance.... 99% sure they knew and just didn't and don't care.
Posted on Reply
#50
moproblems99
SteevoIf I had to guess at the possibility of Intel knowing these exploits existed and they made the conscious decision to ignore the risk for some performance.... 99% sure they knew and just didn't and don't care.
Honestly, I don't suspect they did. In having been employed in both sectors (development and security), engineers don't always have the thought process of the 'other side'. Additionally, these were largely a new class of vulnerabilities that might not have even been conceptualized when Intel was creating the initial architecture. I surmise, that initial architecture has not changed much over the last two decades considering how far back some of these exploits work. Also, considering that some of them work on AMD as well, it seems to be an inherent risk in specific algorithms or components (ie: speculative execution) to some extent.
Posted on Reply
Add your own comment
Apr 19th, 2024 01:43 EDT change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts