New Spoiler vulnerability affects Intel CPU chips

A team of security researchers have uncovered a flaw that could affect every single Intel CPU chip, according to a recent report published last Friday (March.1st).

According to researchers at Worcester Polytechnic Institute and the University of Lübeck, there is a flaw caused by a “weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem”.

Spoiler flaw

The researchers point out that the vulnerability, which they’ve dubbed ‘Spoiler’, is similar to the critical Spectre and Meltdown flaws that were uncovered in January 2018.

However, the researchers said that Spoiler is not another Spectre attack.

“Spoiler is not a Spectre attack,” researchers wrote in their white paper. “The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behaviour due to physical address conflicts. Existing spectre mitigations would therefore not interfere with Spoiler.”

The researchers believe that the flaw affects all operating systems, as it is a ‘microarchitectural attack’ and not an OS related attack.

Apparently, based on the report, Spoiler only affects Intel processors and not chips from AMD and ARM.

The flaw is also independent of the OS and can even work from within a virtual machine and sandboxed environments.

“Spoiler can be executed from user space and requires no special privileges,” said the researchers. “Broadly put, the leakage described in this paper will enable attackers to perform existing attacks more efficiently, or to devise new attacks using the novel knowledge.”

Intel was made aware of the Spoiler exploit at the start of December.

No software fix

However, researchers said, Intel won’t be able to use a software patch to fully address the problem.

They said the only way to fully protect a system from the flaw is by redesigning the silicon, but this could likely impact performance, researchers said.

Despite how widespread the problem is, an Intel spokesperson downplayed the severity of the vulnerability.

“Intel received notice of this research, and we expect that software can be protected against such issues by employing side-channel safe software development practices,” an Intel spokesperson told TechRadar. “This includes avoiding control flows that are dependent on the data of interest.

“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected,” Intel reportedly said. “Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”

, , , ,

Related Posts

Menu