Slashdot Mirror

← Back to Stories (view on slashdot.org)

All Intel Chips Open To New 'Spoiler' Non-Spectre Attack (zdnet.com)

Posted by msmash on from the security-woes dept.

Spoiler is the newest speculative attack affecting Intel's micro-architecture. From a report: Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache. Researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lubeck in north Germany detail the attack in a new paper, 'Spoiler: Speculative load hazards boost Rowhammer and cache attacks'. The paper [PDF] was released this month and spotted by The Register. The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

5 of 132 comments (clear)

  1. Here we go again! by Anonymous Coward · · Score: 5, Funny

    Here we go again! I'm going to go make more popcorn.

  2. It's nice to see by mandark1967 · · Score: 5, Funny

    Intel's committment to backward compatiblity

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  3. Re:Actual Link to Register Article by TFlan91 · · Score: 5, Informative

    And what should've been the summary:

    The researchers – Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth and Berk Sunar – have found that "a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

    The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

    "We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

    "The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."

    Also, in before f**k JavaScript. The researchers just chose to use this has a means to demonstrate the weakness in Intel processors, not a weakness in JS.

  4. Re:Back To The Abacus. by Fly+Swatter · · Score: 5, Funny

    Pretty sure the Abacus is vulnerable to the table shake attack. Also anyone walking by can see your current value.

  5. Re:Please explain the rowhammer relationship by DamnOregonian · · Score: 5, Informative

    It's a good question. I'll answer.
    Rowhammer allows you to flip bits in memory with specific relationships to memory you can access.
    If one of the bits you're able to flip happens to be bits in a page table, and enough stars line up, allows you to flip access bits on pages you're interested in, the MMU will let you read them as you will. Meltdown addresses this problem by completely swapping out the kernel pagetables between context switches.
    However, if even more stars line up, then you can potentially map pages back in.
    Leaking information about the page tables does make that a much faster process.
    To be clear: Rowhammer is a problem on all CPUs. This accelerates the speed at which Rowhammer can try to brute force a page table entry.