Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon

Cache(me)Out(side), how 'bout dat?

50 Reg comments Got Tips?

Intel on Monday issued a processor data leakage advisory, describing two chip architecture flaws, one of which it tried to fix twice before.

The memo, INTEL-SA-00329, covers two security vulnerabilities: CVE-2020-0548, dubbed Vector Register Sampling, and rated 2.8 low severity, and CVE-2020-0549, described as L1D Eviction Sampling (L1Des) Leakage, and rated 6.5 medium severity.

The flaws allow the potential disclosure of privileged information, which is of particular concern in multi-tenant cloud environments. For example, server hosting biz DigitalOcean warned that the issue "means a malicious actor could theoretically use a Droplet to infer partial data used by another Droplet on the same physical host."

In short, the design flaws can be exploited by rogue users or malware on a system to snoop on private data, such as passwords and keys, that should be off limits. As with Meltdown and Spectre, we've yet to see any meaningful malicious exploitation of these holes in the wild, though that doesn't mean they can be ignored.

CacheOut logo

The more serious of these latest vulnerabilities, CVE-2020-0549, has been designated CacheOut by researchers who detailed the security stumble in this paper [PDF]. They are Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin (University of Michigan, US), and Yuval Yarom (University of Adelaide, Oz, and Data61). A group of researchers at VU Amsterdam, in the Netherlands, also looked into this issue: Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida.

And a separate group of computer science boffins – Moritz Lipp, Michael Schwarz, and Daniel Gruss (TU Graz, Austria), with Jo Van Bulck (KU Leuven, Belgium) – found CVE-2020-0549, aka CacheOut, separately because it's related to a set of side channel attacks they and others disclosed in May last year.

This class of vulnerability is known as microarchitecture data sampling (MDS) to Intel, or ZombieLoad and to researchers.

a chip and a lock

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws


MDS allows an attacker on a local system to infer sensitive data held in a processor's internal structures, like as its store buffers, fill buffers, and load buffers. Intel's microcode fix involved using the VERW instruction and the L1D_FLUSH command to overwrite the store buffer value, to prevent buffer data from being read.

But Intel's initial fix in May failed. A ZombieLoad eavesdropping variant that uses Intel's Transactional Synchronization Extensions (TSX) Asynchronous Abort (TAA) mechanism was reported in November. It worked even on Intel silicon treated for Meltdown and Foreshadow. So there was another fix in November, and now that fix also needs fixing because it was only a partial mitigation against this class of vulnerability.

"The issue is that the VERW-based mitigation is not complete," explained Daniel Gruss in an email to The Register today. "An attacker can still mount an MDS attack on data that is being evicted from the L1D cache."

The CacheOut paper details "a transient execution attack that is capable of bypassing Intel’s buffer overriding countermeasures as well as allowing the attacker to select which cache sets to read from the CPU’s L1 Data cache."

The reason overwriting doesn't work is that CacheOut evicts the victim's data from the L1 cache before the victim can read it.

In their paper, van Schaik, Minkin, Kwong, Genkin, and Yuval report they can employ their technique to violate process isolation and recover AES keys and plaintext from a victim using OpenSSL, to de-randomize Linux kernel ASLR and recover secret stack canaries from the kernel, and to violate isolation between two VMs running on the same physical core. And they claim this works on some CPUs with the latest Meltdown patches.

The list of vulnerable Intel CPUs is extensive. The researchers say Intel customers are probably affected unless they have a CPU released after Q4 2018 – but that's purely accidental. Some processors released in 2019 and onward have a partial mitigation built in.

"For a select number of processors released after Q4 2018, Intel inadvertently managed to partially mitigate this issue while addressing a previous issue called TSX Asynchronous Abort (TAA)," they state on the CacheOut website, referring to this TSX bug.

AMD is not affected by CacheOut, the researchers say. While Arm and IBM have a feature that's similar to Intel TSX, the eggheads don't know whether any chips from those companies are vulnerable.

In the meantime, to address CVE-2020-0548 and CVE-2020-0549, Intel reckons it "will release Intel processor microcode updates to our customers and partners as part of our regular Intel Platform Update process. Intel recommends that users of affected Intel processors check with their system manufacturers and system software vendors and update to the latest microcode update when available."

So, sit tight and check for updates. Disabling TSX also helps (see section 9 of the CacheOut paper). ®


Biting the hand that feeds IT © 1998–2020