'

Intel CPUs hit by new "CacheOut" attack

AMD processors are unaffected

Intel CPUs hit by new

Intel CPUs hit by new "CacheOut" attack

Researchers have uncovered a new speculative execution vulnerability that affects Intel processors, an attack vector which can exploit Intel's caching mechanisms to leak data from "nearly every hardware-based security domain". 

This new vulnerability is called "CacheOut", and it has been rated as a "medium" severity threat by Intel, who plan to release microcode-based mitigations for the flaw in the near future. Thankfully, this flaw cannot be exploited via web browsers, limiting the potential damage that the vulnerability can cause. 

Pre Q4 2018 processors from Intel are affected by CacheOut, as Intel has "inadvertently managed to partially mitigate" CacheOut while addressing another vulnerability.

AMD processors are known to be unaffected by CacheOut, though there is a chance that IBM and ARM processors could also be affected by the flaw. IBM and ARM processors may be affected, as they contain features that are similar to Intel TSX (Transactional Synchronization Extensions), which are what can be used to exploit CacheOut.  
 

Researchers had privately disclosed CacheOut to Intel before making revealing information about the vulnerability to the public. This has allowed Intel to deploy countermeasures to cloud providers and prepare other mitigations in advance of their public disclosure. CacheOut has been given the CVE-2020-0549 ID, which is discussed on Intel's latest vulnerability advisory

The recommended course of action is for users of Intel processors to apply the company's microcode mitigations, which will be released in the form of new platform updates (BIOS updates) or applied at the OS level for Windows users. At this time it is unknown if Intel's microcode mitigations will have a notable performance impact. 

Intel CPUs hit by new  


You can join the discussion on Intel processors being impacted by a new hardware vulnerability called "CacheOut" on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

27-01-2020, 18:55:14

NeverBackDown
I'll be honest I've lost count and the names of all the vulnerabilities. I should just switch to AMD at this point and not have to worry. Problem is Intel is still faster for me for my programming work... Bummer.Quote

27-01-2020, 19:45:18

Dark NighT
This is almost comical how many times intel keeps getting hit by new vulnerabilities, its like a bad joke and them sticking to 14nm++++++ doesn't help their cause.Quote

27-01-2020, 20:59:11

Kleptobot
I am by no means an expert in x86 architecture but it seems to me that this avalanche of exploits makes sense for several reasons:

1) This type of exploit, speculative execution exploits, had not previously been used. And so with the first instance of these attacks there has been massive interest in what other ones are possible

2) Intel had a larger share of the market and so offered a bigger target

3) Intel had a much more mature architecture, and had made massive IPC gains through speculative execution to improve the efficiency of their pipeline

4) this one is pure conjecture but maybe the ring bus architecture is more vulnerable to this type of exploit because of the way each core is connected to the cache

So if anything i would say there are only going to be more of these exploits, each with their own name Quote

28-01-2020, 04:42:44

Gothmoth
Quote:
Originally Posted by NeverBackDown View Post
I'll be honest I've lost count and the names of all the vulnerabilities. I should just switch to AMD at this point and not have to worry. Problem is Intel is still faster for me for my programming work... Bummer.

are you sure?
is the compiler advantage still that great even when you consider buying at the same price point?


i do 3d rendering not coding but when compiling under linux the 3950x seems to blow intel out of the water.

in a linux compiling benchmark (3950x vs. 9980xe) i have seen recently, not one test was won by intel.


but i know when compiling it depends a lot on the benchmark (compiler used).
is are you depended on AVX512?Quote

28-01-2020, 06:11:26

tgrech
Quote:
Originally Posted by Gothmoth View Post
are you sure?
is the compiler advantage still that great even when you consider buying at the same price point?


i do 3d rendering not coding but when compiling under linux the 3950x seems to blow intel out of the water.

in a linux compiling benchmark (3950x vs. 9980xe) i have seen recently, not one test was won by intel.


but i know when compiling it depends a lot on the benchmark (compiler used).
is are you depended on AVX512?
Yeah most compilation tasks in a typical stack are defined as embarrassingly parallel so the top end AMD parts should wipe the floor here, especially with modern or open source software/compilers.

My old FX8320 would even outperform my friends i7 6700K in many C/C++ compilation tasks.

But there's still a lot of old proprietary software out there still used heavily in some compilation stacks, Microsofts C++ linker was a point of contention for a while.

Quote:
Originally Posted by Kleptobot View Post
I am by no means an expert in x86 architecture but it seems to me that this avalanche of exploits makes sense for several reasons:

1) This type of exploit, speculative execution exploits, had not previously been used. And so with the first instance of these attacks there has been massive interest in what other ones are possible

2) Intel had a larger share of the market and so offered a bigger target

3) Intel had a much more mature architecture, and had made massive IPC gains through speculative execution to improve the efficiency of their pipeline

4) this one is pure conjecture but maybe the ring bus architecture is more vulnerable to this type of exploit because of the way each core is connected to the cache

So if anything i would say there are only going to be more of these exploits, each with their own name
Points 1 and 2 hold a lot of truth, but regarding point 3), speculative execution itself has been around for decades and is widely used in everything from ARM processors up, and Intel's current performance lead is from process, they're behind AMD when you peg them clock for clock, so AMD are likely using speculative execution more widely and effectively (As the branch predictor is the key component when it comes to performance nowadays), however the maturity of their architecture does mean that it is very well studied and people have had much longer to find vulnerabilities in Intel's methods.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.