Intel Says It’s Working on a Fix for New Speculative Execution Attack, “CacheOut”

[Tsing]

Image: Intel



Earlier this week, researchers with the University of Michigan, University of Adelaide, and Data61 uncovered yet another speculative execution attack affecting Intel CPUs: “CacheOut.” This new vulnerability, which lets attackers trigger selective data leaks by exploiting a processor’s cache eviction feature, is serious enough to violate “nearly every hardware-based security domain, leaking data from the OS kernel, co-resident virtual machines, and even SGX enclaves.”



Intel has a list of processors that are definitely affected, but researchers suggest that there could be quite a few more (“every Intel CPU released before Q4 2018”). While some of the company’s microcode updates mitigate CacheOut to some extent...

Continue reading...

 

[Grimlakin]

Thanks for working on a new fix. How about you stop taking security as a second thought to performance mmmkay?

 

[Zarathustra]

Wow.

It's just one after another.

Has anyone done a good performance review comparing initial launch performance of Intel CPU's, and then trended it over time as patch upon patch against speculative hardware attacks pile up?

Would be interesting to see just how much performance has been hit.

 

[Uvilla]

Wow.

It's just one after another.

Has anyone done a good performance review comparing initial launch performance of Intel CPU's, and then trended it over time as patch upon patch against speculative hardware attacks pile up?

Would be interesting to see just how much performance has been hit.

Bulldozer territory?