A new speculative execution vulnerability affecting Intel processors was recently uncovered. Called “CacheOut,” it scores 6.5 on the CVSS (Common Vulnerability Scoring System).
What exactly does CacheOut do? It can leak data stored within the CPU’s L1 cache memory, selectively. CacheOut can choose which data to leak, not just whatever’s available on the L1 cache at the moment. It is particularly worrying because, as a low-level exploit, it can bypass security measures such as using Software Guard Extensions. Using a VM (virtual machine) isn’t a viable security measure either.
What’s Intel done to address CacheOut? A microcode update was recently rolled out to address the hardware-level vulnerabilities. Moreover, Intel provided guidelines to OS makers—Microsoft, Apple, Canonical, and others. You can expect a security update at the OS level soon to cement your protection. AMD CPUs are not affected by CacheOut, so you don’t need to worry if you’re running Ryzen.
It’s interesting to note that CacheOut requires authenticated local access. This means that it can’t be used to execute remote attacks. However, threat actors with physical access could use it to wreak havoc on target systems.
CacheOut is only one of a number of security flaws affecting Intel processors. Meltdown and Spectre garnered extensive media attention, but other exploits like the SWAPGS vulnerability are keeping security researchers up and night, and raise questions about diligence in Intel’s architecture design process.