A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs.

The attack, dubbed CacheOut (CVE-2020-0549), is a "speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries".

According to official website [1]:

We show that despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.

and also:

CacheOut is related to, and inspired by, previous work in speculative execution, including Spectre and Meltdown. Moreover, CacheOut bypasses the hardware mitigations released by Intel in response to Meltdown, thereby necessitating additional software fixes.

For more technical info, please read the researchers' paper [5].

Which CPU models are vulnerable?

Currently, all Intel's CPU released before Q4 2018.

For a select number of processors released after Q4 2018, Intel inadvertently managed to partially mitigate this issue while addressing a previous issue called TSX Asynchronous Abort (TAA) [2].

A list of affected products can be found on Intel Developer Zone [3]:

Family_Model Stepping Processor family/Processor number series Affected
06_55H <=7 First/Second generation Intel® Xeon® Processor Scalable Family based on Skylake/Cascade Lake microarchitecture  Yes
06_4EH, 06_5EH All 6th generation Intel® Core™ processors and Intel® Xeon® processor E3-1500m v5 product family and E3- 1200 v5 product family based on Skylake microarchitecture Yes
06_8EH <=A 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture Yes
06_9EH <=B 7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture Yes
06_9EH 0xC Coffee Lake Yes
06_8EH 0xB 8th generation Intel® Core™ processors based on Whiskey Lake(ULT) Yes
06_8EH 0xC Whiskey Lake (ULT refresh) Yes
06_9EH 0xD Whiskey Lake (Desktop) Yes
06_8EH C 10th Generation Intel® Core™ processors based on Amber Lake Y Yes

Is there a fix?

Intel has already provided CPU microcode updates [4]: more information can be found at Intel's Software Guidance on L1D Eviction Sampling [3].
As usual, i suggest to install asap all software updates provided by operating system and/or hypervisor vendor.


  1. CacheOut
  2. Deep Dive: Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort
  3. Processors Affected: L1D Eviction Sampling
  4. INTEL-SA-00329
  5. CacheOut: Leaking Data on Intel CPUs via Cache Evictions