Security researchers from the University of Michigan have disclosed details regarding a new vulnerability affecting most Intel processors that could be exploited to leak sensitive data. The vulnerability (CVE-2020-0549) was dubbed as CacheOut and is rated medium severity by Intel, who said fixes for both flaws are on the way. The company noted that CacheOut has never been used outside of a laboratory environment.
CacheOut was inspired by previous attacks like Spectre and Meltdown. The new vulnerability offers better targeting than previous attacks of its type. And cannot be stopped with Intel’s Spectre/Meltdown mitigations.
An attacker can exploit this new vulnerability to select which data to leak rather than having to wait for the data to become available.
It allows an attacker to target data stored within the OS kernel, co-resident virtual machines and even within Intel’s Software Guard Extensions (SGX) enclave.
The director of communications for Intel Product Assurance and Security, said they are not aware of any use of the vulnerability outside of a controlled lab environment.
Processors made by IBM and ARM may be affected, but have not been confirmed. Intel has published a list of processors that are and aren’t affected by the vulnerability.
Researchers added that the CacheOut vulnerability can be used to exploit an unmodified Linux kernel. “More specifically, we demonstrate attacks for breaking kernel address space layout randomization (KASLR) and recovering secret kernel stack canaries,” the researchers wrote.
The researchers alerted Intel of the vulnerability before making it public; therefore the cloud providers have already deployed countermeasures against CacheOut.
Intel said that it plans to release mitigations to address the issue soon. These normally are sent to users in the form of BIOS or driver updates.
“Intel recommends that users of affected Intel Processors check with their system manufacturers and system software vendors and update to the latest microcode update when available,” according to the company.