- The more severe of the two bugs, tracked as CVE-2020-0549, was given a CVSS rating of 6.5 (medium risk).
- Intel recommended affected users to update to the latest microcode patch when available.
Yet another speculative execution attack method has surfaced recently that targets most Intel processors. Academic researchers have also released the proof-of-concept exploits for the ‘CacheOut’ bugs.
Researchers have identified the new speculative execution type attack that could allow attackers to trigger data leaks from Intel CPUs.
- The more severe of the two CacheOut bugs, tracked as CVE-2020-0549, is a CPU vulnerability with a CVSS rating of 6.5 (medium risk).
- The flaw is capable of bypassing Intel’s buffer overwrite countermeasures, as mentioned in the research report.
- It could allow an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel’s Software Guard Extensions (SGX) enclave.
Which CPUs are affected?
- The CacheOut vulnerabilities impact users running CPUs released before Q4 2019.
- It also impacts cloud providers and hypervisors and associated virtual machines.
- Researchers further said that the CPUs made by IBM and ARM may also be affected.
So far, Intel hasn’t reported any attacks exploiting the new flaws.
The vulnerability can be used to exploit an unmodified Linux kernel, as per researchers. “More specifically, we demonstrate attacks for breaking kernel address space layout randomization (KASLR) and recovering secret kernel stack canaries,” researchers noted.
About the less severe flaw
The second and less severe vulnerability was tracked as CVE-2020-0548 with a CVSS rating of 2.8 or low.
- Intel describes the vulnerability as a Vector Register Sampling bug.
- “Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access,” according to the Intel advisory.
Offering better clarity on the medium-severity vulnerability (CVE-2020-0549), Intel said it “has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations.”
- The silicon giant declared that patches to mitigate against CacheOut attacks are on the way, and asserted that it will address the issue in the near future.
- Meanwhile, Intel recommended affected users to check with their system manufacturers and software vendors and update to the latest microcode patch when available.