New Intel processor bug leaks information from virtual machines

A couple of years ago, the emergence of the dangerous speculative execution vulnerability known as Spectre affected millions of Intel processor users; now, vulnerability testing experts report the finding of a new flaw of similar features that could be exploited to intercept data across hardware security boundaries.

The vulnerability, known as CacheOut, is present on a wide variety of Intel processors, all available on the market until the end of 2018. Several groups of researchers have worked on this flaw, including a complete team at the Adelaide University, Australia, which discovered that information leaks may occur from the processor cache.

Vulnerability testing experts mention that an exploit for the vulnerability has not yet been developed, although it is essential to address its existence, as its exploitation is undetectable to victims. If exploited, the vulnerability would allow the interception of information about the randomization of the operating system kernel address space, in addition to the use of other attack variants, such as buffer overflows, using additional software. 

As if that’s not enough, the researchers say CacheOut is also capable of leaking data from hypervisors and virtual machines, as well as dumping the content of Intel Software Guard Extensions (SGX) hardware enclaves. The final touch is the ability of this flaw to bypass the hardware mitigations to prevent the exploitation of Spectre and Meltdown flaws, installed by Intel.

The company released microcode updates to fix this vulnerability, which will be implemented by the next operating system update of the affected devices. According to vulnerability testing experts from the International Institute of Cyber Security (IICS), AMD processors are not affected by this security flaw.

Finally, researchers at the University of Adelaide noted that ARM architecture and IBM processors have features similar to Intel’s Transactional Synchronisation Extensions (TSX), so the vulnerability is likely to be also present in one of these products. Official confirmation is expected over the next few days.