The Core family is full of holes like Swiss cheese. The dust with Meltdown and Spectre vulnerabilities did not settle down … and another critical vulnerability in the security of Intel chips was found. It’s about the vulnerability known by researchers as Spoiler, recognized in all Intel processors, from the first series of Core units. According to scientists responsible for finding flaw, its simple patching is almost impossible, because you need changes at the hardware level.
The team consisting of researchers from the American Worcester Polytechnic Institute and the German University of Lube is responsible for the discovery of the Spoiler. Researchers report that they have found a flaw in speculative data loading that can provide information about physical page mapping. In this way, data can be transferred to processes available in the user’s space. The leak may take place by using a specific set of instructions present in all Intel Core processors. Importantly, the Spoiler does not concern AMD and ARM units in any way, so their owners can feel safe.
According to the researchers, it does not matter which operating system we use. The spoiler can be executed even inside virtual machines and in a closed sandbox environment. The operation of the vulnerability itself is quite interesting. When the processor uses speculative data loading, false dependencies may occur if the physical address information is not available. Then the “memory disambiguation” function enters the action to prevent the calculation of incorrect data. The spoiler looks at the leakage times resulting from physical address conflicts.
The developed algorithm fills the storage buffer inside processes with addresses with the same offset, but other virtual pages. Then the loading is carried out with the same offset, but from a different side of the memory. Then the time of charging itself is measured, and repeating these steps using many virtual pages allows you to get to know all the information about errors. In this way, the Spoiler makes room for other attacks such as Rowhammer.
I am William, I live in Roubaix, France, I have two wonderful children and also a beautiful wife whom I love the most in the world. I work in a French company on a daily basis and deals with the administration of computer systems, on my blog you will find entries on various topics but mainly on topics related to mobile technologies, computer systems, news and more.