New CacheOut Speculative Execution Vulnerability Hits Intel Processors
Intel is not spared when it comes to the number of vulnerabilities that keep hitting their processors. The latest one is CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. All processors up-to-the recent Coffee lake refresh are effected.
Despite Intel's attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data. Unlike previous MDS issues, the researchers show in their work how an attacker can exploit the CPU's caching mechanisms to select what data to leak, as opposed to waiting for the data to be available.
They then demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves. CacheOut can bypass software fixes. Making it possible to extract data from both the kernel of the OS and from virtual machines, and also from something that Intel calls 'software guard extensions' (SGX) that normally is stored securely.
Researchers from the University of Michigan and the University of Adelaide have found this new bug, and posted a paper on it. Read the paper. It seems that once again only Intel processors are affected including Core, Xeon and Atom models. AMD is save from this vulnerability.
Senior Member
Posts: 1309
Joined: 2003-09-14
At this point I'm just numb to endless barrage of vulnerabilities that Intel keeps receiving. What can even be said at this point.

Hey, at least the older CPU's like my i5-3570K aren't involved for once

Member
Posts: 55
Joined: 2019-02-25

But the older cpus are also affected lol including the 3570K. It is a "Core" series cpu and therefore you are not spared. lol One of the many reasons why i decided to go AMD
Senior Member
Posts: 1870
Joined: 2007-01-16
Yup, and this includes the Core2 line as well, so ye olde Q6600 as an example... Heck when the Spectre and Meltdown software mitigations were released, it tanked performance on the Q6600 tremendously... So much so that a 3.5GHz overclock was necessary to maintain 2.4GHz stock performance, it really did cut performance by about 40%.
Senior Member
Posts: 2068
Joined: 2017-03-10
I've said this before, but Intel needs a brand new architecture to stop these exploits. The Core architecture is fundamentally insecure and these exploits will keep popping up (and patching them is like putting a bandaid on a gaping wound). Hopefully they have something in the works.
This must be good for for their bottom line though. Businesses will order more Intel CPUs to make up for the performance loss from patching their current Intel CPUs, and each exploit leads to more sales. Hurray for Intel!

Senior Member
Posts: 827
Joined: 2013-11-23
At this point I'm just numb to endless barrage of vulnerabilities that Intel keeps receiving. What can even be said at this point.