Some Intel CPUs are at risk from serious cybersecurity flaw

News
By Sead Fadilpašić
published

Multiple Intel CPUs are vulnerable to data leaks

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

A team of researchers have discovered a security vulnerability in multiple Intel CPUs which could result in data leaks. 

Cybersecurity researchers from the University of Maryland and Tsinghua University, together with a lab within the Chinese Ministry of Education (BUPT), uncovered a side-channel attack, somewhat similar to Meltdown which, if exploited, could allow threat actors to leak sensitive data from endpoints through the EFLAGS register.

The team published their findings in a paper released on Arxiv.org, explaining the attack abuses a flaw in transient execution “that makes it possible to extract secret data from user memory space through timing analysis”. A change in the EFLAGS register in transient execution affects the timing of Jump on Condition Code (JCC) instructions. 

Different chips, different results

The FLAGS register is described as “the status register that contains the current state of a x86 CPU”, while the JCC is a “CPU instruction allowing conditional branching” based on the contents of the EFLAGS register.

In absolute layman’s terms, to pull off the attack, one should first trigger transient execution of encoded secret data through the EFLAGS register, and then measure the execution time JCC instruction to read the contents of that encoded data. 

The researchers tested the flaw on multiple chips, and found that it was 100% successful on i7-6700 and i7-7700, as well as “somewhat successful” on i9-10980XE. All tests were done on Ubuntu 22.04 jammy/Linux kernel version 5.15.

Read more

> AMD and Intel chips are at risk from another major vulnerability

> Spectre returns - Intel and ARM-based CPUs hit by serious vulnerability

> Here are the best malware removal tools right now

To get more consistency on newer chips, the researchers found, the attack would need to be run thousands of times.

“In our experiment, we found that the influence of the EFLAGS register on the execution time of Jcc instruction is not as persistent as the cache state,” the researchers said in the paper. “For about 6-9 cycles after the transient execute, the Jcc execute time will not be about to construct a side-channel. Empirically, the attack needs to repeat thousands of times for higher accuracy.”

They still don’t know what is causing the bug.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.