CacheOut - Another day, another CPU attack!
A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs.
The attack, dubbed CacheOut (CVE-2020-0549), is a "speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries".
According to official website [1]:
We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.
and also:
CacheOut is related to, and inspired by, previous work in speculative execution, including Spectre and Meltdown. Moreover, CacheOut bypasses the hardware mitigations released by Intel in response to Meltdown, thereby necessitating additional software fixes.
For more technical info, please read the researchers' paper [5].
Which CPU models are vulnerable?
Currently, all Intel's CPU released before Q4 2018.
For a select number of processors released after Q4 2018, Intel inadvertently managed to partially mitigate this issue while addressing a previous issue called TSX Asynchronous Abort (TAA) [2].
A list of affected products can be found on Intel Developer Zone [3]:
| Family_Model | Stepping | Processor family/Processor number series | Affected |
|---|---|---|---|
| 06_55H | <=7 | First/Second generation Intel® Xeon® Processor Scalable Family based on Skylake/Cascade Lake microarchitecture | Yes |
| 06_4EH, 06_5EH | All | 6th generation Intel® Core™ processors and Intel® Xeon® processor E3-1500m v5 product family and E3- 1200 v5 product family based on Skylake microarchitecture | Yes |
| 06_8EH | <=A | 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture | Yes |
| 06_9EH | <=B | 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture | Yes |
| 06_9EH | 0xC | Coffee Lake | Yes |
| 06_8EH | 0xB | 8th generation Intel® Core™ processors based on Whiskey Lake(ULT) | Yes |
| 06_8EH | 0xC | Whiskey Lake (ULT refresh) | Yes |
| 06_9EH | 0xD | Whiskey Lake (Desktop) | Yes |
| 06_8EH | C | 10th Generation Intel® Core™ processors based on Amber Lake Y | Yes |
Is there a fix?
Intel has already provided CPU microcode updates [4]: more information can be found at Intel's Software Guidance on L1D Eviction Sampling [3].
As usual, i suggest to install asap all software updates provided by operating system and/or hypervisor vendor.