Tuesday, January 28th 2020
CacheOut is the Latest Speculative Execution Attack for Intel Processors
Another day, another speculative execution vulnerability found inside Intel processors. This time we are getting a new vulnerability called "CacheOut", named after the exploitation's ability to leak data stored inside CPU's cache memory. Dubbed CVE-2020-0549: "L1D Eviction Sampling (L1Des) Leakage" in the CVE identifier system, it is rated with a CVSS score of 6.5. Despite Intel patching a lot of similar exploits present on their CPUs, the CacheOut attack still managed to happen.
The CacheOut steals the data from the CPU's L1 cache, and it is doing it selectively. Instead of waiting for the data to become available, the exploit can choose which data it wants to leak. The "benefit" of this exploit is that it can violate almost every hardware-based security domain meaning that the kernel, co-resident VMs, and SGX (Software Guard Extensions) enclaves are in trouble. To mitigate this issue, Intel provided a microcode update to address the shortcomings of the architecture and they recommended possible mitigations to all OS providers, so you will be protected once your OS maker releases a new update. For a full list of processors affected, you can see this list. Additionally, it is worth pointing out that AMD CPUs are not affected by this exploit.
Source:
CacheOut
The CacheOut steals the data from the CPU's L1 cache, and it is doing it selectively. Instead of waiting for the data to become available, the exploit can choose which data it wants to leak. The "benefit" of this exploit is that it can violate almost every hardware-based security domain meaning that the kernel, co-resident VMs, and SGX (Software Guard Extensions) enclaves are in trouble. To mitigate this issue, Intel provided a microcode update to address the shortcomings of the architecture and they recommended possible mitigations to all OS providers, so you will be protected once your OS maker releases a new update. For a full list of processors affected, you can see this list. Additionally, it is worth pointing out that AMD CPUs are not affected by this exploit.
77 Comments on CacheOut is the Latest Speculative Execution Attack for Intel Processors
As you said: "lets be realistic about it". Intel will need some time to completely revamp their architecture to prevent these flaws in the future, these flaws rely on local admin access, and remote escalation attacks have yet to be seen in the wild, and intel is selling a record number of CPUs because there is still huge demand and growth in professional sectors. These flaws are not game ending, and intel going out of business voluntaraly so they dont sell a flawed CPU is just rediculous.
Except you probably won't know about these attacks ever, especially if an attacker exploited smeltdown on a vulnerable system - this is why they are scary & yes I'm talking nation state level targeted attacks.
And that's where I have a huge issue with the corporate culture, they never really learn do they :shadedshu:
Joking aside tho, this is getting pretty bad, have upgraded most of my PCs to AMD but not because of the vulnerabilities but bang for the buck. I do hope Intel gets it together for the sake of health and wellness:roll:
Intel knows this and that is why them 'taking it seriously' is accepted as an excuse. Also what's done is done. Everyone wants the easy way out of this, and its not just Intel or me bashing just Intel here; its just an observation. OTOH where is the class action for all our lost performance? Fair's fair...
This is one of those examples of 'too big to fail'.
Intel is patching its Zombieload CPU security flaw for the third time
I don't know why, with any certainty, AMD is slower, but I recall it having something to do with AMD's chiplet design and latency between the CCXs and IO die. If this isn't correct, help us out, eh?
"Btw, the lower latency of Intel CPUs mainly exists because of their security holes with the last one being a very big one."
You just said above that regardless its faster, but..........still I didn't see any proof of low latency intel due to security holes (or missed it).
There is proof of the opposite in Phoronix's performance tests for mitigations and hardware fixes where fixed hardware is essentially at the same performance as pre-Spectre (and by essentially I mean there is a general overall 2-4% perf hit from Spectre mitigations in software). Higher latency is direct consequence of chiplet design. If you look at these same reviews 2700X also has lower latency than 3700X. The reason is simple, cores need to go across package to a different die to memory controller for memory access. This is done over IF which (while very fast) adds an additional bit of delay to every memory access. This is why Zen2 has such a huge L3 cache to hide as much of that latency as possible.
XP2K on. That problem will likely be swiftly rectified with a Kernel update. However, and more importantly, it's still not exploitable remotely. So even on Linux, you have to be at the system in question.Down
Loadable
CVE
Patch