• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

New Hardware Exploit for Intel CPUs

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.


Sep 24, 2001

I haven't had time yet to look at the actual research paper but definitely looks legit. They've named it SPOILER. A few highlights:

The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments
The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges
SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.
Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. Chip architecture fixes may work, they add, but at the cost of performance.

Intel is said to have been informed of the findings on December 1, 2018.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior. [They tested a Bulldozer based CPU and ARMv8-A CPU so latest architectures not tested]