SPOILER Alert - Intel CPUs Impacted by New Vulnerability

SPOILER, the latest exploit to spoil Intel's day

SPOILER Alert - Intel CPUs Impacted by New Vulnerability

SPOILER Alert - Intel CPUs Impacted by New Vulnerability

In early 2018, the world of processor design was shaken to its core. Spectre and Meltdown had arrived, and the world of processor security would never be the same again. 

Spectre and Meltdown were the first of a new breed of processor vulnerability, taking advantage of speculative execution to allow hackers to access previously inaccessible data. Thankfully, these vulnerabilities are extremely difficult to exploit and has not been utilised by any known malware, at least as far as we are aware.  

SPOILER is the latest speculative attack to be uncovered, with a recent academic paper describing how "Speculative Load Hazards Boost Rowhammer and Cache Attacks". The name "SPOILER" comes from the Speculative (Sp) nature of the exploit and how the issue spoils existing security measures. At this time SPOILER is only known to affect Intel processors, specifically their 1st Generation Core series CPUs and newer CPUs. 

Both AMD and ARM processors were investigated as part of the academic paper, which can be read here, though neither were found to exhibit the same behaviours as Intel's chips. The issue was found to impact Intel processors regardless of the OS used and was functional both within virtual machines and sandboxed environments.   

An Intel Spokesperson released the following statement regarding SPOILER. 

     Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.


SPOILER Alert - Intel CPUs Impacted by New Vulnerability


"The root cause for SPOILER is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behaviour due to physical address conflicts," reads the paper, marking Intel's memory subsystem as the cause for the issue. This makes it possible that future hardware generations will address SPOILER, but for today's CPUs Intel is going to have to create a software or firmware-level mitigation for the issue, which may come with a performance cost. SPOILER does not appear to be addressed by any of today's Spectre/Meltdown software/firmware mitigations. 

According to the paper, Intel was informed about SPOILER on December 1st 2018, and so far the company doesn't appear to have any mitigations for the exploit. When speaking to The Register, Ahmad Moghimi, one of the writers of the SPOILER paper, stated that "My personal opinion is that when it comes to the memory subsystem, it's very hard to make any changes and it's not something you can patch easily with a microcode without losing tremendous performance", later adding "I don't think we will see a patch for this type of attack in the next five years and that could be a reason why they haven't issued a CVE." 

You can join the discussion on Intel's SPOILER exploit on the OC3D Forums.  

«Prev 1 Next»

Most Recent Comments

09-03-2019, 14:47:25

I guess the real question is whether this is just a string of bad luck or have Intel been really neglecting security for performance gains?Quote

09-03-2019, 14:56:07

Originally Posted by wozza365 View Post
I guess the real question is whether this is just a string of bad luck or have Intel been really neglecting security for performance gains?
I really hope it's the former...Quote

09-03-2019, 14:56:25

I'm not sure if it can be called negligence since when these CPUs were designed no-one considered branch prediction an attack vector.Quote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.