New CacheOut Speculative Execution Vulnerability Hits Intel Processors
Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.
Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.
They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely.
Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.
Senior Member
Posts: 261
Joined: 2014-03-30
Yes they do need a architecture change, but this doesn't make a new architecture invulnerable, it just means it's too new to find the appropriate exploits.
There will be some exploits that AMD have overlooked, but given how new their architecture is it will take time to fined it, same if Intel change theirs.
Personally I applaud Intel/AMD for getting one board with the researches, it shows they are willing to learn from their mistakes and innovate, everything takes time, everything is exploitable given the right circumstances.
Senior Member
Posts: 13368
Joined: 2003-05-24
eh what ever at this point I dont care, I use my pc to game and visit a handfull of websites, that it
The whole meltdown/spectre flaw open the gates and since then they all looking for security issue to out, and cause panic just to have there time in the news. Should flaws and security issue be fix yes, should they be outed to the public so everyone knows? no it shouldnt it just causing panic and witch hunts.
Even then most flaws arnt even know to majoirty of people nor do they care.
Senior Member
Posts: 695
Joined: 2003-11-19
Just another reason to like my 3950X.
Senior Member
Posts: 2315
Joined: 2016-01-29
just an fyi i have not suffered this problem on linux, performance is largely the same maybe 10% loss max. using a penryn quad.
Senior Member
Posts: 1432
Joined: 2014-07-22
Intel's vulnerability list in the CPUs it's shipped in just the past five years seems a clear warning on the perils of milking architectures. Intel is going to have to do what AMD has already done: design an entirely new x86 CPU architecture from the ground up. I cannot see a logical rationale for anyone buying Intel's CPUs at the present time.