Researchers have identified yet another speculative execution attack method against Intel processors.
Multiple academic researchers working together have discovered new attack methods targeting vulnerabilities in Microarchitectural Data Sampling (MDS) on Intel chips. CacheOut, which bypasses the hardware protections present in many Intel processors, would allow attackers to select what data they want to leak. Even data stored within Intel’s secured SGX enclave can potentially be exposed.
Intel refers to the method as L1D Eviction Samples (L1DES) as it allows the attacker to read from the CPU’s L1 Data Cache.
CacheOut/L1DES was independently discovered by the VUSec group at VU Amsterdam and by a team from the TU Graz and KU Leuven universities. A researcher from the University of Michigan previously affiliated with VU Amsterdam also published a separate research paper in conjunction with a researcher at Australia’s University of Adelaide.
Intel tracks the vulnerability as CVE-2020-0549 and assigned a CVSS score of 6.5, which is of a "medium" severity. Virtually all Intel processors are affected, with the exception of some recent models (released after the fourth quarter of 2019). The new models include new mitigations which were introduced as a way to address other speculative execution attacks.
AMD processors are not affected, and researchers have not yet confirmed the impact on processors made by IBM and ARM.
Modern Chip Attacks
Intel is working on microcode updates to address the issue, but noted there have been no known attacks using this method other than in the laboratory. Existing mitigations for Meltdown and Spectre would not stop CacheOut, the researchers said.
Meltdown and Spectre turned out to be just the tip of the iceberg as researchers have uncovered various other speculative execution side-channel attack methods since January 2018. In May, researchers disclosed ZombieLoad, RIDL, and Fallout—new attack methods based on Microarchitectural Data Sampling (MDS) vulnerabilities—which affected Intel processors made in the last decade. ZombieLoad Variant 2 in November worked against processors that had the hardware mitigations in place for MDS attacks, including Intel Xeon Gold and Core i9 processors.
These MDS attacks could allow malicious applications to obtain information such as passwords, website content, encryption keys, and browser history from applications, operating system, virtual machines, and trusted execution environments. CacheOut is the latest along those lines.
The earlier speculative execution attacks would have resulted in data dumps, but CacheOut could be used in more targeted attacks, the researchers said. CacheOut can be used against the unmodified Linux kernel, specifically kernel address space layout randomization (KASLR). Attackers could force Intel’s Software Guard Extensions (SGX) to flush out decrypted data into a cache and then use data-cleaning techniques to analyze the output to find the data they are interested in.
CacheOut/L1DES requires local access to the targeted system and attacks from a web browser are not possible, which means this method, if it is ever used in an attack, would likely be chained with other techniques and vulnerabilities as part of a larger operation.
That said, CacheOut is bad news for cloud providers, as the attack could be used to leak data from hypervisors and the virtual machines running on those hypervisors. Intel had already worked with major cloud providers to deploy countermeasures.