'

New Crosstalk vulnerability can make Intel CPUs leak data from across CPU cores

CPUs as new as Coffee Lake are affected

New Crosstalk vulnerability can make Intel CPUs leak data from across CPU cores

New Crosstalk vulnerability can make Intel CPUs leak data from across CPU cores  

Today's not a good day for Intel, as a new vulnerability called "CrossTalk" has just been disclosed, impacting processors as new as Intel's 9th Generation Coffee Lake series of CPUs.  

CrossTalk, which is also known as Special Register Buffer Data Sampling (SRBDS), was discovered back in September 2018 and has taken 21 months to patch. The exploit is a new side-channel attack which allows attackers to leak sensitive data across the cores on Intel processors, something which makes this exploit more dangerous than other recently revealed vulnerabilities. 

SRBDS cannot be fixed by restricting software to specific cores or disabling features like Hyperthreading, CrossTalk doesn't work like that. This vulnerability exploits instructions which can perform off-core data access to shared buffers, and researchers have found that this exploit can even uncover data from Intel SGX enclaves on separate processors. 

Intel has released its own rundown on the exploit and had released a long list of affected processors. Microcode updates for Intel's Haswell to Coffee Lake processors have also been released, though at this time it is unknown if these fixes will impact system performance. 


New Crosstalk vulnerability can make Intel CPUs leak data from across CPU cores


Thankfully, Intel's new 10th Generation Comet Lake processors are unaffected by this exploit, and Intel's Xeon Scalable processor families (both the Skylike and Cascade Lake variants) are similarly unimpacted. 

Intel's mitigations for CrossTalk involves securing the processor's memory bus before its staging buffer is updated and unlocking it once its data can be cleared. This is an expensive process, so Intel has only enabled this fix for critical security instructions. These include RDRAND, RDSEEED and EGETKEY. Intel believes that CrossTalk is difficult to exploit during real-world use cases, and are content that their mitigations are adequate. 

The good news for Intel is that this exploit only impacts the company's older product lines, as Comet Lake, Ice Lake and Cascade Lake are unaffected. Even so, this is yet another flaw that has been uncovered for Intel processors, and that's not good for the company's image. 
 



A detailed write up on Intel's CrossTalk Vulnerability is available to read here

You can join the discussion on Intel's processors being impacted by a new vulnerability called "CrossTalk" on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

10-06-2020, 12:39:51

ImprovizoR
Clearly we should all buy a new Intel chip every year to get ahead of these vulnerabilities. What other possibility amd what other option could we possibly have?Quote

10-06-2020, 23:51:15

dwatterworth
Is it the architectural differences between AMD and Intel that gave Intel such a lead during bulldozer days while sacrificing security or is it that these exploits have been written for the most common CPUs in machine vulnerabilities most likely to return a profit for instigators?Quote

11-06-2020, 00:00:34

Kleptobot
Quote:
Originally Posted by dwatterworth View Post
Is it the architectural differences between AMD and Intel that gave Intel such a lead during bulldozer days while sacrificing security or is it that these exploits have been written for the most common CPUs in machine vulnerabilities most likely to return a profit for instigators?
In my non expert opinion the core series of cpus has not changed dramatically from it's early days. Sandy bridge came out in 2011 and still shares a lot of commonality with current gen comet lake, and suffers from being immensely popular. As such the idiosyncrasies of the architecture have been explored more because they have remained relevant for longer.

The level of research currently being done on these chips would not be carried out on a pentium 4.

EDIT: Just to expand on this, if the popularity of the zen architecture continues i would not be surprised to see a similar 'phenom'enon in AMD's future lineup of cpus occurring. Intel have traditionally produced very solid products and have more resources to identify potential exploits before release. As such i would wager there is some low hanging fruit of this regard in the zen architecture.Quote

11-06-2020, 00:26:35

dwatterworth
Quote:
Originally Posted by Kleptobot View Post
In my non expert opinion the core series of cpus has not changed dramatically from it's early days. Sandy bridge came out in 2011 and still shares a lot of commonality with current gen comet lake, and suffers from being immensely popular. As such the idiosyncrasies of the architecture have been explored more because they have remained relevant for longer.

The level of research currently being done on these chips would not be carried out on a pentium 4.

EDIT: Just to expand on this, if the popularity of the zen architecture continues i would not be surprised to see a similar 'phenom'enon in AMD's future lineup of cpus occurring. Intel have traditionally produced very solid products and have more resources to identify potential exploits before release. As such i would wager there is some low hanging fruit of this regard in the zen architecture.
Your post is nearly entirely null of substance. Also, no one researches on a p4 unless looking to collect on property fire insurance claims as most p4 systems active have never had a second thought to TIM degredation over 10 years nor dust cleanup.Quote

11-06-2020, 00:51:46

Kleptobot
Quote:
Originally Posted by dwatterworth View Post
Your post is nearly entirely null of substance. Also, no one researches on a p4 unless looking to collect on property fire insurance claims as most p4 systems active have never had a second thought to TIM degredation over 10 years nor dust cleanup.
P4 was probably a bad choice of example, but do you care to comment on the rest of the post in regard to its substance?Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.