Earlier this week, researchers with the University of Michigan, University of Adelaide, and Data61 uncovered yet another speculative execution attack affecting Intel CPUs: “CacheOut.” This new vulnerability, which lets attackers trigger selective data leaks by exploiting a processor’s cache eviction feature, is serious enough to violate “nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.”
Intel has a list of processors that are definitely affected, but researchers suggest that there could be quite a few more (“every Intel CPU released before Q4 2018”). While some of the company’s microcode updates mitigate CacheOut to some extent, Intel has announced that it is preparing stronger fixes for it and two related vulnerabilities, ZombieLoad and RIDL. According to an update on the former’s site, Intel’s initial mitigations weren’t good enough.
“On January 27th, 2020, an embargo ended showing that the mitigations against MDS attacks released in May 2019 are insufficient. With L1D Eviction Sampling, an attacker can still mount ZombieLoad to leak data that is being evicted from the L1D cache.”
“We disclosed this issue to Intel on May 16th, 2019. However, as microcode updates containing the necessary fixes are not yet available, we are not releasing any proof-of-concept code.”
Intel says that it is still conducting research, but the new mitigations should be available “in the near future.” The CacheOut flaw, which is being tracked as CVE-2020-0549, has been given a severity score of 6.5 (medium).