Jump to content

SPOILER ALERT - New side channel vulnerability in Intel CPUs


exile360

Recommended Posts

Another nasty side channel vulnerability has been found in modern Intel Core CPUs.  You may recall Spectre and Meltdown side channel vulnerabilities making headlines last year; well now a new vulnerability has joined their ranks which appears to be specific to Intel CPUs exclusively and it may not be as simple to mitigate as the previously reported vulnerabilities meaning Spoiler may not end up being addressed until a new microarchitecture is made available in the market that does not include the kinds of speculative execution techniques that make Intel's CPUs vulnerable to these attacks.

You can read more about Spoiler in the following articles:

The Register - SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
OC3D.NET - SPOILER Alert - Intel CPUs Impacted by New Vulnerability
TechRadar - ‘Spoiler’ flaw in Intel CPUs is similar to Spectre – yet dangerously different

Based on my reading, it seams the only hope here (aside from new CPU architectures that don't include this 'feature') will be DRAM manufacturers and software developers who may be able to at least somewhat mitigate this vulnerability through their own security practices, but I would speculate (pun very much intended) that this will be another driving factor pushing many in the market for new systems to turn to AMD, who have shown themselves to have performance on par with Intel with their most recent Ryzen and Threadripper parts and their upcoming Ryzen 3000 series CPUs that promise even better performance and higher core counts than any of Intel's current offerings (though Intel's own 10NM chips, which have been delayed countless times, should hit the market late this year to provide some competition, hopefully including hardware level mitigations for these speculative execution attack vectors, but only time will tell; we know Intel's 10NM parts will be immune to Spectre and Meltdown, but given how recent the discovery of Spoiler is, the first wave of Intel 10NM chips may be afflicted by this new vulnerability given how late in the game it was reported, but we'll see).

On the upside, this vulnerability apparently cannot be exploited without the attacker already successfully launching some malicious code on the system such as a malicious browser exploit or some malware process in memory according to the articles:

This security shortcoming can be potentially exploited by malicious JavaScript within a web browser tab, or malware running on a system, or rogue logged-in users, to extract passwords, keys, and other data from memory. An attacker therefore requires some kind of foothold in your machine in order to pull this off.

Be sure to keep your anti-malware software up-to-date and your Exploit Protection active; I know I will ;) 

Link to post
Share on other sites

If DRAM manufacturers would start producing and selling Pseudostatic DRAM, the mitigations could happen a lot more quickly, since the memory controllers would be built-in to the memory modules themselves rather than the CPUs... as if there weren't enough advantages to Pseudostatic DRAM anyway. That would keep people from having to switch platforms to upgrade!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.