CacheOut is the Latest Speculative Execution Threat for Intel Processors
A new “medium severity” speculative execution threat has been revealed, with L1D Eviction Sampling detailed in a post from Intel on Monday. Officially CVE-2020-0549, this side-channel variant “may allow the data value of some modified cache lines in the L1 data cache to be inferred under a specific set of complex conditions,” according to Intel.
“On some processors under certain microarchitectural conditions, data from the most recently evicted modified L1 data cache (L1D) line may be propagated into an unused (invalid) L1D fill buffer. On processors affected by Microarchitectural Data Samping (MDS) or Transactional Asynchronous Abort (TAA), data from an L1D fill buffer may be inferred using one of these data sampling side channel methods. By combining these two behaviors together, it may be possible for a malicious actor to infer data values from modified cache lines that were previously evicted from the L1 data cache. This is called L1D eviction sampling.”
Intel says that “the list of processors affected by L1D eviction sampling are a subset of those affected by L1TF”, and a table of these affected CPUs is available from Intel here.
The initial discovery of this new speculative execution attack is credited to Stephan van Schaik, a researcher at the University of Michigan, and a website has been created at cacheoutattack.com with more information.
“We present CacheOut, a new speculative execution attack that is capable of leaking data from Intel CPUs across many security boundaries. We show that despite Intel’s attempts to address previous generations of speculative execution attacks, CPUs are still vulnerable, allowing attackers to exploit these vulnerabilities to leak sensitive data.
Moreover, unlike previous MDS issues, we show in our work how an attacker can exploit the CPU’s caching mechanisms to select what data to leak, as opposed to waiting for the data to be available. Finally, we empirically demonstrate that CacheOut can violate nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.”