Security researchers at Worcester Polytechnic Institute and the University of Lübeck have published a paper outlining a speculative vulnerability affecting nearly every Intel processor dating back to the first generation of Core CPUs, once upon a time the best CPUs for gaming. According to the researchers, the potential attack vector is similar to Spectre, but not subject to the same mitigations.
To be clear though, the researchers point out that the vulnerability, which they've dubbed Spoiler, is not a Spectre attack.
"The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts," the researchers wrote (PDF).
You may recall that there was an industry wide effort to deal with Spectre and Meltdown, the names give to speculative vulnerabilities that, between the two, affected nearly every processor made in the past two decades. Those resulted in numerous software patches and firmware updates. You can read more about Spectre and Meltdown here.
Similar to Spectre, the researchers say Spoiler could allow an attacker to exploit how a PC's memory works, exposing data from running programs in the process. This data should not be accessible on a whim.
Apparently this only affects Intel processors, and not chips from AMD or ARM. Spoiler is also independent of the OS and can even work from within a virtual machine and sandboxed environments.
The researchers seemingly conclude that the only way to completely protect against Spoiler is by redesigning the actual silicon, albeit potentially at the expense of overall performance.
"There is no software mitigation that can completely erase this problem," the researchers said.
Intel was made aware of Spoiler at the beginning of December. In a comment provided to our friends at TechRadar, the chipmaker downplayed the severity of it all.
"Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest," Intel said.
"We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research," Intel added.
In other words, the situation is not as dire as perhaps the paper makes it sound, from Intel's vantage point. But then we'd expect Intel to take that stance. We'll be keeping an eye on this and will report any significant updates.
