Quote:Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way.
The more serious of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability that allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel’s Software Guard Extensions (SGX) enclave, a trusted execution environment on Intel processors.
“In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel’s buffer overwrite countermeasures,” wrote researcher Stephan van Schaik of the University of Michigan and colleagues in a research report made public Monday.
Those “countermeasures” refer to Intel’s mitigation efforts for prior speculative execution attacks RIDL, Fallout, and ZombieLoad. CacheOut is similarly a Microarchitectural Data Sampling (MDS) or Zombieload flaw. It comes on the heels of two separate MDS patches released this past May and November.
The CacheOut vulnerabilities impact users running CPUs released before Q4 2019, according to researchers. Also impacted are cloud providers, hypervisors and associated virtual machines. Researchers said CPUs made by IBM and ARM may also be affected.
In a security bulletin issued Monday, Intel clarified that the medium-severity vulnerability (CVE-2020-0549) “has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.”
Intel said patches to mitigate against CacheOut are forthcoming and that it will address the issue in the near future.
“Intel recommends that users of affected Intel Processors check with their system manufacturers and system software vendors and update to the latest microcode update when available,” according to the company.
Read more: https://threatpost.com/new-cacheout-atta...us/152323/
![[-]](https://www.geeks.fyi/images/collapse.png)
