Intel CPUs hit by new “CacheOut” attack

Intel CPUs hit by new

Intel CPUs hit by new “CacheOut” attack

Researchers have uncovered a new speculative execution vulnerability that affects Intel processors, an attack vector which can exploit Intel’s caching mechanisms to leak data from “nearly every hardware-based security domain”. 

This new vulnerability is called “CacheOut”, and it has been rated as a “medium” severity threat by Intel, who plan to release microcode-based mitigations for the flaw in the near future. Thankfully, this flaw cannot be exploited via web browsers, limiting the potential damage that the vulnerability can cause. 

Pre Q4 2018 processors from Intel are affected by CacheOut, as Intel has “inadvertently managed to partially mitigate” CacheOut while addressing another vulnerability.

AMD processors are known to be unaffected by CacheOut, though there is a chance that IBM and ARM processors could also be affected by the flaw. IBM and ARM processors may be affected, as they contain features that are similar to Intel TSX (Transactional Synchronization Extensions), which are what can be used to exploit CacheOut.   

Researchers had privately disclosed CacheOut to Intel before making revealing information about the vulnerability to the public. This has allowed Intel to deploy countermeasures to cloud providers and prepare other mitigations in advance of their public disclosure. CacheOut has been given the CVE-2020-0549 ID, which is discussed on Intel’s latest vulnerability advisory. 

The recommended course of action is for users of Intel processors to apply the company’s microcode mitigations, which will be released in the form of new platform updates (BIOS updates) or applied at the OS level for Windows users. At this time it is unknown if Intel’s microcode mitigations will have a notable performance impact. 

Intel CPUs hit by new  

You can join the discussion on Intel processors being impacted by a new hardware vulnerability called “CacheOut” on the OC3D Forums.