Geeks for your information News Privacy & Security News v
New ‘CacheOut’ Attack Targets Intel CPUs
New ‘CacheOut’ Attack Targets Intel CPUs
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Exclamation  29 January 20, 15:05
Quote:Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way.
 
The more serious of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability that allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel’s Software Guard Extensions (SGX) enclave, a trusted execution environment on Intel processors.
 
“In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel’s buffer overwrite countermeasures,” wrote researcher Stephan van Schaik of the University of Michigan and colleagues in a research report made public Monday.
 
Those “countermeasures” refer to Intel’s mitigation efforts for prior speculative execution attacks RIDL, Fallout, and ZombieLoad. CacheOut is similarly a Microarchitectural Data Sampling (MDS) or Zombieload flaw. It comes on the heels of two separate MDS patches released this past May and November.
 
The CacheOut vulnerabilities impact users running CPUs released before Q4 2019, according to researchers. Also impacted are cloud providers, hypervisors and associated virtual machines. Researchers said CPUs made by IBM and ARM may also be affected.
 
In a security bulletin issued Monday, Intel clarified that the medium-severity vulnerability (CVE-2020-0549) “has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.”
Intel said patches to mitigate against CacheOut are forthcoming and that it will address the issue in the near future.
“Intel recommends that users of affected Intel Processors check with their system manufacturers and system software vendors and update to the latest microcode update when available,” according to the company.

Read more: https://threatpost.com/new-cacheout-atta...us/152323/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes
26.4.5  Fixed a p...Kool — 07:41
AxCrypt 3.0.0.85
AxCrypt 3.0.0.85: ...harlan4096 — 06:52
Sumatra PDF 3.6.1
Changes in 3.6.1: ...harlan4096 — 06:50
Microsoft Edge 146.0.3856.109
Version 146.0.3856...harlan4096 — 06:49
Ventoy 1.1.11
Ventoy 1.1.11 2...harlan4096 — 06:48

[-]
Birthdays
Today's Birthdays
avatar (47)creatralGuelm
avatar (38)procnipsut
avatar (44)accenwibly
avatar (41)ahyvily
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (38)urumahiz
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)burntLaw
avatar (41)MrDoorsskibheeds
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (39)vemedProkbior
avatar (38)RobertUtelt
avatar (36)Kiran78

[-]
Online Staff
There are no staff members currently online.

>