‘Spoiler’ flaw in Intel CPUs is similar to Spectre – yet dangerously different

Intel Core i7 8086K
Image Credit: TechRadar

Update: An Intel spokesperson has provided us with the following statement on the Spoiler vulnerability: “Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest.

“We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”

Original story follows below…

There’s another nasty speculative execution hole in Intel’s processors – similar to the infamous Spectre vulnerability – which goes by the name of Spoiler.

The flaw was highlighted in a research report written by computer scientists at Worcester Polytechnic Institute in Massachusetts, and the University of Lübeck in Germany, who made it clear that while this vulnerability runs along the same lines as Spectre attacks, it works differently – which makes it more dangerous.

The paper observes: “Spoiler is not a Spectre attack. The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts. Existing spectre mitigations would therefore not interfere with Spoiler.”

However, like Spectre, this vulnerability allows an attacker to exploit the way the PC’s memory works to glimpse data from running programs and potentially other critical data which should otherwise not be accessible.

Note that Spoiler only affects Intel silicon – that’s all processors from first-gen Core models and onwards – and not AMD or ARM chips which the researchers also tried to exploit.

As the Register reports, any attacker would need some kind of foothold on your PC to drive the exploit, such as malware, or potentially a piece of malicious JavaScript running on a dodgy website.

Silicon significance

And worryingly, the researchers believe that not only is Spoiler unaffected by any existing countermeasures for the likes of Spectre, but that it can’t be easily mitigated against without, in their words, “significant redesign work at the silicon level”.

So it seems like this is a threat Intel will have to be seriously evaluating with a view to baking in protection when designing upcoming chips.

As we already mentioned, the exploit is a danger to all of Intel’s Core processors from the first-generation models onwards, and it works against all operating systems, and also can be leveraged from within virtual machines or sandboxes.

Spoiler isn’t an acronym, and doesn’t stand for anything, except the first two letters ‘sp’ which refer to ‘speculative’ execution – and of course it also underlines the fact that this nasty critter could really spoil your day.

In recent times, speculative execution vulnerabilities have come to be viewed as a new class of highly dangerous threats, and the likes of Microsoft have already implemented bug bounty schemes to try to detect and stamp out such flaws before they can be exploited on a wider level.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).