Jump to content
Sign in to follow this  
sman

New 'CacheOut' attack leaks data from CPUs, VMs and hardware enclaves

Recommended Posts

New 'CacheOut' attack leaks data from CPUs, VMs and hardware enclaves

https://www.itnews.com.au/news/new-cacheout-attack-leaks-data-from-cpus-vms-and-hardware-enclaves-537102

Intel drops processor microcode fixes again.

Researchers at the universities of Adelaide and Michigan have come up with a new Spectre-style speculative execution attack against Intel processors that can be used to intercept data across several hardware security boundaries.

Named CacheOut, the flaw is found in a large number of Intel processors released up until the fourth quarter of 2018.

Several researchers have been working on the vulnerability [pdf], including Yuval Yarom from the University of Adelaide, discovering that it's possible to leak data from eviction of processor caches.

While there's no known CacheOut exploits currently, exploitation of the vulnerability is undetectable.

It could be used to intercept information on operating system kernel address space randomisation and secret "stack canaries" values, which in turn can enable full exploitation using other software attacks such as buffer overflows, the researchers said.

Furthermore, CacheOut can leak data from hypervisors and co-resident virtual machines, and dump the contents of Intel Software Guard Extensions (SGX) hardware enclaves.

CacheOut bypasses existing hardware mitigations by Intel against the earlier Spectre and Meltdown flaws.

Microcode updates from Intel are available for vulnerable processors, and can be deployed via operating system and hypervisor updates.

AMD processors do not contain similar features to Intel's Transactional Synchronisation Extensions (TSX) and are not vulnerabile to CacheOut.

The researchers noted that ARM architecture and IBM processors have a feature similar to Intel TSX, but the reaserchers don't currently know if any of those products are affected by CacheOut.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.