Just when we thought that the worst was over with respect to speculative execution hardware exploits like Spectre, we get hit with another whopper. Such is the case with a new Intel processor vulnerability dubbed Spoiler. Spoiler is similar in concept to Spectre, and was discovered by researchers at the Worcester Polytechnic Institute.
But while Spoiler relies on speculative execution (i.e., a processor performing tasks that it “predicts” may be requested by the user in the future, and storing that data in memory), existing Spectre mitigation solutions are not applicable. This is not only bad news for Intel, but also customers that rely on Intel processor platforms that could be vulnerable to attack.
The research paper [PDF] clearly points out, “Spoiler is not a Spectre attack. The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler.”
As with Spectre, this new speculative execution attack would allow nefarious parties to pilfer passwords, secure keys and other critical data from memory. However, we should note that an attacker would need physical access to a system – which may be simply impossible in many cases – or somehow inject a piece of malware onto the system by other means to gain access.
Interestingly, the researchers say that they have probed both ARM and AMD processor architectures and have not found them susceptible to Spoiler, noting that, “Intel uses a proprietary memory disambiguation and dependency resolution logic in the processors to predict and resolve false dependencies that are related to the speculative load.”
Diving even further, it appears that nearly all modern Intel processors are affected, regardless of what operating system is running on a PC. “The leakage can be exploited by a limited set of…