New CacheOut Speculative Execution Vulnerability Hits Intel Processors
Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.
Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.
They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely.
Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.
Senior Member
Posts: 212
Joined: 2019-04-15
There is NO case where that could happen. In addition, I have not read of any exploit where the data acquired was from the same process as the exploit. It is always left over from the context switches of other processes. I have not read that disabling HT can mitigate the attack either. It just might make it occur less frequently since fewer threads would run simultaneously when HT is disabled.
Personally, I view this is a chicken-and-egg type of problem. There will no exploits of this nature what so ever if no malicious code ever runs on your machine. That is the place to take preventative measures.
Senior Member
Posts: 1466
Joined: 2017-02-14
Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
Senior Member
Posts: 917
Joined: 2003-06-10
its true, maybe with more 3 or 4 security fixes and losing performance, finally amd can beat the i7 8700k
Senior Member
Posts: 209
Joined: 2015-09-26
:-, post: 5755124, member: 173592"]The following specifically states that physical admin access(authenticated local access) is required;
https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/
An attack to exploit this vulnerability can not be rendered remotely, IE through a network share or web browser.
I can do alot with all cpus/systems if i have physical admin access(authenticated local access) U better patch me

Here we go again. This is another case where you need to run the exploit as admin and really at that point I think you got larger issues than someone trying to mine the CPU's cache for hidden gems.
The paper literally says u DONT need privileged access (heck, the world privileged is not even used while unprivileged appears like 5+ times).
Just in case, privileged means u are the OS or an admin/root user. Unprivileged means any common user.
Intel says "requiring authenticated local access", that just means u are logged into an OS an able to run "normal" programs.
--------------
So no, a js script won't hick-jack your pc, but if u ever get some malware, it can get data from the whole system w/o having to gain admin access, which is quite difficult in itself.
The real threat is u can launch an azure/aws/google VM for 1 USD and use this attack to steal data from other VMs running on the same physical CPU.
"Attacking Virtual Machines. Another security domain we explore in this paper is the isolation of different virtual machines running on the same physical core. We show that CacheOut is effective at leaking data from both co-resident machines as well as hypervisors. Experimentally evaluating this, we are able to completely de-randomize the Address Space Layout Randomization (ASLR) used by the hypervisor, as well as recover AES keys from another VM."
Senior Member
Posts: 231
Joined: 2016-03-18
No worries mate, intel will take care of that security issue, it will just take some CPU performance from you, as always. I think thats not a problem for you, you can always buy a better intel CPU and be prepared for new issues, which will come