New 'CacheOut' attack targets Intel processors, with a fix arriving soon

[Flying Sausages]

https://www.pcworld.com/article/3516302/new-cacheout-attack-targets-intel-processors-with-a-fix-arriving-soon.html

Quote

Researchers have discovered and published information on what they’re calling CacheOut, a vulnerability in most Intel CPUs that allows an attacker to target more specific data, even stored within Intel’s secured SGX enclave.

Intel assigned what’s known as the CVE-2020-0549 vulnerability a threat level of “medium,” acknowledging the danger of a targeted attack. The company noted that CacheOut has never been used outside of a laboratory environment

Quote

Among the threats CacheOut poses is to cloud providers, and leaking data from hypervisors (virtual machine monitors) and the virtual machines running on them. Because the researchers disclosed the CacheOut vulnerability privately to Intel some time before making it public, those cloud providers have already deployed countermeasures against CacheOut

Quote

all Intel processors are potentially affected by CacheOut, save for processors released after the fourth quarter of 2019. AMD processors are not affected, according to details released on a dedicated CacheOut site

Another Intel vulnerability in the 1st month of 2020. Glad AMD is not affect by this. I keep seeing more Intel vulnerabilities than AMD. Are there any security experts work with Intel to produce secured processor? 

[TempestCatto]

I have a very serious question: how the fuck does this keep happening to Intel and not AMD? As if their luck couldn't get any worse - what with AMD actually pumping out hella good CPU's. Hopefully next gen Intel will solve at least most of these.

[Arika]

2 hours ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD 

I'm curious to see how many security firms are looking into both companies products. It could be as simple as ryzeb being fairly new any therefore less people looking for vulnerabilities or they just haven't found them yet. 

[Flying Sausages]

4 minutes ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD? As if their luck couldn't get any worse - what with AMD actually pumping out hella good CPU's. Hopefully next gen Intel will solve at least most of these.

Maybe AMD secretly pay these security firms to make Intel bad in security?

[Zando_]

1 minute ago, Arika S said:

I'm curious to see how many security firms are looking into both companies products. It could be as simple as ryzeb being fairly new any therefore less people looking for vulnerabilities or they just haven't found them yet. 

^^^ Intel's current arch can be traced back a really long ways, even before the OG 14nm (Broadwell). It's been a evolution and refinement over years, I don't think there's been massive arch changes for a good while. Whereas Zen is a much newer platform, less time for issues to come to light. You do notice that all these vulnerabilities came to light in the past couple years, they weren't even known about for the majority of the time affected CPUs have been out. Will be interesting to see if any issues come with Zen and it's evolutions in 5 years or so. 

 

Just now, Flying Sausages said:

Maybe AMD secretly pay these security firms to make Intel bad in security?

Press X to doubt. 

[SenKa]

4 minutes ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD? As if their luck couldn't get any worse - what with AMD actually pumping out hella good CPU's. Hopefully next gen Intel will solve at least most of these.

All theory, i know very little about how CPU's are designed at this level:

 

I would imagine that its because these researchers have been having so much time researching the manufacturing process, which architecturally hasn't changed much since 2013. Meanwhile, AMD has continued to change its process with every generation (save for FX 9000 series, but we dont discuss that).

[Arika]

3 minutes ago, SenKa said:

Meanwhile, AMD has continued to change its process with every generation

Which doesn't necessarily mean that its more secure, just means the same vulnerability most likely won't carry between generations, each generation could come with its own set of vulnerabilities

[SenKa]

5 minutes ago, Arika S said:

Which doesn't necessarily mean that its more secure, just means the same vulnerability most likely won't carry between generations, each generation could come with its own set of vulnerabilities

Of course, yeah, but most of these intel vulnerabilities are coming out recently as Intel's 14nm architecture ages.

[Arika]

3 minutes ago, SenKa said:

Of course, yeah, but most of these intel vulnerabilities are coming out recently as Intel's 14nm architecture ages.

correct. they have been around a lot longer and therefore more time has been put into finding such vulnerabilities. 

 

the thing about vulnerabilities is that they exist even before they are found. the current CPUs are exactly as "secure" as they always have been, in fact even more so since a lot of these vulnerabilities have been patched or fixed in the hardware in later generations. and this is on both sides, not just intel.

[spartaman64]

aw shit here we go again

[Morgan MLGman]

41 minutes ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD?

Remember that AMD is also less targeted, because it is less-widely used.

[spartaman64]

6 minutes ago, Morgan MLGman said:

Remember that AMD is also less targeted, because it is less-widely used.

Idk if that's an excuse anymore with the large amount of market share amd carved out. I think Intel just cut a lot of corners to get more performance 

[Morgan MLGman]

4 minutes ago, spartaman64 said:

Idk if that's an excuse anymore with the large amount of market share amd carved out. I think Intel just cut a lot of corners to get more performance 

Oh I didn't mean less widely used by PC builders like us - pretty much every institution or business you know is running Intel CPUs, whether it's in workstations, laptops or their server room. This is the main issue I think.

[Zando_]

1 minute ago, spartaman64 said:

Idk if that's an excuse anymore with the large amount of market share amd carved out. I think Intel just cut a lot of corners to get more performance 

They've been doing that for over a decade now then? Because some of these vulnerabilities effect back to Westmere-EP (32nm from 2010-2011) or maybe even before... Seems more like just exhausting every other attack process and by a process of slow elimination, finding ones nobody noticed so far. 

[rcmaehl]

Cache me Outside

[Arika]

47 minutes ago, rcmaehl said:

Cache me Outside

[mr moose]

1 hour ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD? As if their luck couldn't get any worse - what with AMD actually pumping out hella good CPU's. Hopefully next gen Intel will solve at least most of these.

 

Most likely because Intel's topology goes right back 20 plus years in some of it's products,  and it has taken the better part of a decade to find most of the vulnerabilities.  AMD had a 5 year absence form the market which effectively means noone is looking at their older stuff and Ryzen hasn't been around long enough to have anywhere near the same time span or product updates to work through.

[Arika]

4 minutes ago, valdyrgramr said:

Simply because Ryzeb doesn't exist.

shush you.

 

it's so new you just haven't even heard of it yet

*hipster glasses*

[Mira Yurizaki]

2 hours ago, TempestCatto said:

I have a very serious question: how the fuck does this keep happening to Intel and not AMD? As if their luck couldn't get any worse - what with AMD actually pumping out hella good CPU's. Hopefully next gen Intel will solve at least most of these.

Zen is a relatively new microarchitecture on the floor to poke at, and few companies are using AMD's older processors in any serious capacity any more so there's no real point in poking at them. It may be nice to poke at once you found something in a newer product, but that's about it. Intel, IBM, and ARM have likely been building on top of their older designs and the mantra of "if it ain't broke, don't fix it" applies. AMD built Zen pretty much from the ground up. Plus innocuous things may not look like a problem or may be glanced over. Heartbleed was in the OpenSSL code for two years before someone finally pointed it out. Two years, and it's open source software.

[justpoet]

There are a few things going on as to why Intel sees more of these, but the basic ones to make it easy are this.

1) Intel CPUs are iterations in process and design based on old architectures from before localized security was much considered.  If you could run on it, everything was considered owned already.  So security stuff in their current designs are more of an add on than a fundamental in most cases.  Cloud computing is the most obvious example of how this game of where the security boundary needs to be has changed.

2) When the question got asked if Intel engineers should speed it up or make it more secure, the directive was to just make it faster for a very long time.

3) It takes generations of re-designing to fix some of these things at fab level instead of just mitigate with microcode, which is why they affect so many products, even if they've been known for quite a while.  This is why several security issues aren't in their 10nm products, but are still in the iterative 14nm++++++++++++ based products.  Being stuck on process node for so long has hurt a lot here, since they've been holding back the redesign architecture process that would help a lot of these.

4) Contrast that with AMD who has pushed scale (cores) instead of speed as their goal, and most of the time answered the question in 2 with "try to speed it up as much as you can while not adding obviously big security risks".  Similar, but different from a development standpoint.  They've also been updating architecture with process fairly aggressively since Zen, and security has been a serious thing since even before Zen was in development.  So, this gives AMD an edge here for the time being.

 

This is why some of these sorts of things have affected AMD as well, but not nearly as many.  It is also why Intel will probably be fine and have most all of this fixed once they actually get to 10nm or beyond.  But until then, expect random blurbs like this to show up every so often.

[Crunchy Dragon]

2 hours ago, Arika S said:

 

I also have a question: can this attack be done remotely, or does the attacker have to be at the physical system?

[Arika]

2 minutes ago, Crunchy Dragon said:

I also have a question: can this attack be done remotely, or does the attacker have to be at the physical system?

Needs to have local access

 

Quote

may allow an authenticated user to potentially enable information disclosure via local access.

 

[Crunchy Dragon]

Just now, Arika S said:

Needs to have local access

Well that's certainly a small relief.

[Tempestwins]

im honestly glad i took the plunge and went Ryzen this year!

[mr moose]

1 hour ago, Arika S said:

Needs to have local access

 

 

Like many of the latest exploits, they need local access, however what actually defines local access is becoming hotly debated.