Print this page
Published in PC Hardware

Another security bug found in Intel chips

by on10 June 2020


CrossTalk attack

Dutch boffins have found another flaw in Intel processors which enables attacker-controlled code executing on one CPU core to leak sensitive data from other software running on a different core.

Vrije University's Systems and Network Security Group (VUSec) dubbed the flaw CrossTalk and claimed it was yet another type of MDS (microarchitectural data sampling) attack  target user data while in a "transient" state, as it's being processed inside the CPU and its many data-caching systems.

CrossTalk attacks data while it's being processed by the CPU's Line Fill Buffer (LBF), one of these CPU cache systems.

crosstalk-scheme.png
Image: VUSec

According to the VUSec team, the LBF cache actually works with a previously undocumented memory "staging buffer" that is shared by all CPU cores.

In a demo video published today, the VUSec research team showed how they employed a CrossTalk attack to attack this undocumented staging buffer via the LBF cache, and leak data processed by apps on other cores.

The VUSec team said that patching this bug took more than the standard 90 days because of the complexity of the issue and because they initially didn't thoroughly investigate the possibility of a cross-core leak.

Intel has already made significant changes to the hardware design of its CPUs, and most of its recent products are not vulnerable to this attack.

For all the older Intel CPU lines, the chipmaker has released today microcode (CPU firmware) updates to patch the CrossTalk vulnerability -- which Intel refers to as "Special Register Buffer Data Sampling" or SRBDS (CVE-2020-0543, Intel-SA-00320).

Intel said in its bog that:"As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment,.

The VUSec team has also published proof-of-concept code and a technical paper and website on the CrossTalk attack. Intel has its own technical write-up, here.

Last modified on 10 June 2020
Rate this item
(4 votes)