CPUsNews

CrossTalk: Another Security Vulnerability that Affects only Intel CPUs

Another security vulnerability appears to be plaguing Intel’s processors: notebook, desktop as well as server chips, called CrossTalk. With the earlier vulnerabilities, Spectre and Meltdown, speculative execution was targeted. Here, the CPU core would try to “predict” the flow of the micro-ops through the pipeline and then send them over to the EUs for execution.

Intel was able to take care of these issues by using firmware level patches, at the cost of performance. With the Comet Lake (10th Gen lineup) many of these vulnerabilities got hardware fixes, but it seems like Intel’s nightmare isn’t over just yet.

With Spectre and Meltdown, the attacker would run a piece of code on the same core as the target. CrossTalk goes a step ahead and executes the code on a different core, thereby overcoming the patches meant to protect the system against Meltdown and Spectre. This happens cos certain instructions such as RDRAND, RDSEED and SRBDS need to access off-core buffers shared across different cores. This allows data to essentially “leak” across cores. What makes this even worse is that these instructions are often used to generate secure random numbers for use as passwords and other encryption purposes

The university researchers even have a proof of concept implementation showing that the output of RDRAND/RDSEED can even be leaked from within Intel SGX enclaves on separate CPUs.

This flaw is especially crucial if you’re using a cloud-based platform or server with an Intel chip, as multiple users utilize a single CPU. Here an attacker can access the data of other uses on the same server node. Intel calls this flaw Special Register Buffer Data Sampling (SRBDS) or CVE-2020-0543 in the vulnerability identifier system.


Areej

Computer Engineering dropout (3 years), writer, journalist, and amateur poet. I started Techquila while in college to address my hardware passion. Although largely successful, it suffered from many internal weaknesses. Left and now working on Hardware Times, a site purely dedicated to. Processor architectures and in-depth benchmarks. That's what we do here at Hardware Times!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
Close