Another security vulnerability appears to be plaguing Intel’s processors: notebook, desktop as well as server chips, called CrossTalk. With the earlier vulnerabilities, Spectre and Meltdown, speculative execution was targeted. Here, the CPU core would try to “predict” the flow of the micro-ops through the pipeline and then send them over to the EUs for execution.
Intel was able to take care of these issues by using firmware level patches, at the cost of performance. With the Comet Lake (10th Gen lineup) many of these vulnerabilities got hardware fixes, but it seems like Intel’s nightmare isn’t over just yet.
With Spectre and Meltdown, the attacker would run a piece of code on the same core as the target. CrossTalk goes a step ahead and executes the code on a different core, thereby overcoming the patches meant to protect the system against Meltdown and Spectre. This happens cos certain instructions such as RDRAND, RDSEED and SRBDS need to access off-core buffers shared across different cores. This allows data to essentially “leak” across cores. What makes this even worse is that these instructions are often used to generate secure random numbers for use as passwords and other encryption purposes
The university researchers even have a proof of concept implementation showing that the output of RDRAND/RDSEED can even be leaked from within Intel SGX enclaves on separate CPUs.
This flaw is especially crucial if you’re using a cloud-based platform or server with an Intel chip, as multiple users utilize a single CPU. Here an attacker can access the data of other uses on the same server node. Intel calls this flaw Special Register Buffer Data Sampling (SRBDS) or CVE-2020-0543 in the vulnerability identifier system.