The bugs, first reported by The Register, can allow bad actors to leak information and escalate their privileges, and were labelled by Intel as “high severity”.
A full list of products the vulnerabilities may impact can be found here (opens in new tab), which includes 10th Generation Intel Core Processors and Intel Core X-series Processors.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
What should users do?
Intel recommends that users of the affected processors update to the latest versions provided by their system manufacturer to addresses these issues.
Unfortunately, the above was not the only set of bugs which Intel was able to announce.
A potential security vulnerability in Intel Processors which may allow information disclosure was also announced, though this was only dubbed “low severity” by Intel.
Intel said that “Observable behavioral discrepancy in some Intel processors may allow an authorized user to potentially enable information disclosure via local access.”
The bug could potentially affect all Intel processor families according to the hardware giant.
Intel recommends that any impacted product should utilize the LFENCE instruction “after loads that should observe writes from another thread to the same shared memory address”.
Firewalls may not be enough by themselves in today’s climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.
Anyone interested in outing more bugs and having information about a security issue or vulnerability with an Intel-branded product or technology can send it via e-mail to email@example.com (opens in new tab), after encrypting sensitive information using its PGP public key (opens in new tab).
The demand for greater hardware security is there according to Intel’s own research.
The survey, based on speaking to 1,406 people across the United States, Europe, the Middle East, Africa, and Latin America, found 75% of respondents expressed interest in hardware-based approaches to security, while 40% expressed interest in “security at a silicon level”.