The security problems are coming thick and fast for Intel. With the Meltdown and Spectre mess now beginning to disappear into the rearview mirror, along comes Spoiler, an all-new security vulnerability for Intel CPUs.
The CPU flaw was discovered by the Worcester Polytechnic Institute and the University of Lübeck. Spoiler affects each and every Intel CPU from the 1st-Gen Core CPU to today. That’s nine generations of Intel CPUs which are affected. No AMD processors are known to be affected by this security vulnerability.
On paper, Spoiler sounds like a very similar issue to Meltdown and Spectre, relying as it does on speculative executions which can be manipulated in order to gain control of a system. It relies on a different hardware unit to achieve this though, namely the Memory Order Buffer.
“The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments,” reads the report from the Worcester Polytechnic Institute and the University of Lübeck.
“The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available. Physical address bits are security sensitive information and if they are available to userspace, it elevates the user to perform other microarchitectural attacks.”
Unfortunately, according to the report there is no software mitigation that will be able to completely eradicate the problem. This is a hardware-based issue and there is little that can be done from a software perspective. A hardware redesign of the memory disambiguator would solve the issue, but this would only be an option for Intel CPUs manufactured going forward, rather than those out in the wild.
Intel was notified of the situation on December 1st, 2018, and has issued a statement on the matter. “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”