Handout the CacheOut
Posted by Michael on 31/01/2020A recent finding of a microarchitectural Data Sampling (MDS) vulnerability within Intel’s CPU’s found by researchers have now released a Proof-of-Concept (PoC) code. This was not the only recent vulnerability found; however, it is the most severe with a Medium risk vulnerability.
This bug is capable of bypassing Intel’s overwrite countermeasure which is part of Intel’s security mechanism against attacks. This vulnerability can be used to exploit the Linux Kernel and extract sensitive kernel information from the kernel address space layout randomization (KASLR). Intel is calling this flaw an “L1D Eviction Sampling Issue” – CVE-2020-0549.
“CacheOut demonstrates that [previous] this mitigation [are] incomplete, as we can force the victim’s data out of the L1-D Cache into the microarchitectural buffers after the operating system clears them. We then subsequently leak the contents of the buffers and obtain the victim’s data,” researchers wrote.
The users that these vulnerability impacts are from users running CPUs released before Q4 2019. Intel plans on releasing a patch on the near future to mitigate these issues. The security bulletin issued Monday clarified that the medium rated vulnerability “has little to no impact in virtual environments that have applied L1 Terminal Fault mitigation.”