Researchers find new Spectre-like cache leaks from Intel and AMD

Spread the love

Security researchers from two US universities have found new vulnerabilities in the caches of Intel and AMD CPUs. These are new forms of the well-known Specter exploits. Existing patches don’t help, but the exploits are hard to exploit.

The researchers from the University of Virginia and the University of California describe the vulnerabilities in a study it calls I See Dead μops. These are vulnerabilities in the way that chips from Intel and AMD do simultaneous multithreading or SMT, in which physical cores are divided into multiple virtual cores.

The research focuses specifically on micro-ops or μops caches. These are used in modern chips to optimize performance and energy consumption. The researchers have found three ways to eavesdrop on information exchanged between the caches. This can happen between different areas within the same thread with different user rights, between virtual threads on a physical thread, and an attack that can bypass Intel hardware and software mitigations such as Lfence.

The researchers say the vulnerabilities are in virtually all AMD chips as of 2017, and in all Intel chips made since 2011. The attack builds on previous research into chip vulnerabilities, most notably Spectre. There is, however, an important difference between the vulnerabilities. Because a μops cache is very small and is the only type of cache that is accessed, more information can be tapped than with a Specter attack. Specter required multiple types of caches to be viewed by malware rather than just one.

The researchers state that the only mitigation is to disable the micro-ops cache altogether or to disable speculative execution, but that would cost so much performance that it’s unrealistic, according to the discoverers. The researchers do say that it is very difficult to exploit the vulnerabilities in practice.

The new vulnerabilities are immune to the hardware and software patches that were released for Specter at the time, the researchers say. That’s also because the Specter patches didn’t always help because they are hardware problems that can’t be solved with a microcode patch. The researchers have also notified Intel and AMD of the new vulnerabilities, but there is little the companies can do about it now.

You might also like