Intel CPUs: newly disclosed data leak vulnerability

[Canoe]

Looks like Intel has some more issues with CPU vulnerability.

 

And my older hexcore i7 970 CPU is not on the list. I get to dodge this bullet due to running older tech! Bonus for getting a high performer that still handles most modern tasks, well or well enough.

 

Classed as "microarchitecture data sampling"

 

 

Found this article describing the issues. Includes links to various researcher's work

https://www.theregister.co.uk/2020/01/28/intel_processor_data_leak/

 

Quote

Intel on Monday issued a processor data leakage advisory, describing two chip architecture flaws, one of which it tried to fix twice before.

 

The memo, INTEL-SA-00329, covers two security vulnerabilities: CVE-2020-0548, dubbed Vector Register Sampling, and rated 2.8 low severity, and CVE-2020-0549, described as L1D Eviction Sampling (L1Des) Leakage, and rated 6.5 medium severity.

The flaws allow the potential disclosure of privileged information, which is of particular concern in multi-tenant cloud environments. For example, server hosting biz DigitalOcean warned that the issue "means a malicious actor could theoretically use a Droplet to infer partial data used by another Droplet on the same physical host."

In short, the design flaws can be exploited by rogue users or malware on a system to snoop on private data, such as passwords and keys, that should be off limits. As with Meltdown and Spectre, we've yet to see any meaningful malicious exploitation of these holes in the wild, though that doesn't mean they can be ignored.

 

 

Microcode updates expected in the future.

Quote

... to address CVE-2020-0548 and CVE-2020-0549, Intel reckons it "will release Intel processor microcode updates to our customers and partners as part of our regular Intel Platform Update process. Intel recommends that users of affected Intel processors check with their system manufacturers and system software vendors and update to the latest microcode update when available."

 

Intel's release

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html

 

Affected processors include some from Skylake/Cascade Lake, Kaby/Coffee Lake, Whiskey Lake and Amber Lake.

 

Quote

06_55H	<=7	First/Second generation Intel® Xeon® Processor Scalable Family based on Skylake/Cascade Lake microarchitecture
06_4EH, 06_5EH	All	6th generation Intel® Core™ processors and Intel® Xeon® processor E3-1500m v5 product family and E3- 1200 v5 product family based on Skylake microarchitecture
06_8EH	<=A	7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture
06_9EH	<=B	7th/8th generation Intel® Core™ processors based on Kaby/Coffee Lake microarchitecture
06_9EH	0xC	Coffee Lake
06_8EH	0xB	8th generation Intel® Core™ processors based on Whiskey Lake(ULT)
06_8EH	0xC	Whiskey Lake (ULT refresh)
06_9EH	0xD	Whiskey Lake (Desktop)
06_8EH	C	10th Generation Intel® Core™ processors based on Amber Lake Y

 

https://software.intel.com/security-software-guidance/insights/processors-affected-l1d-eviction-sampling

[Canoe]

Sorry,

Didn't recognize prior thread on this from Monday

[SansVarnic]

5 minutes ago, Canoe said:

Sorry,

Didn't recognize prior thread on this from Monday

No worries it happens.

 

 

-= Topic Locked =-

See the following topic to continue the conversation;