Numerous Core, XEON, Pentium and Celeron processors from Intel receive microcode updates to protect against further developed security. Again, security researchers of the University of Michigan and the VRije University of Amsterdam attentively attentively to the problems within the Intel CPU.
Special tab Buffer Data Sampling (SRBDS, CVE-2020-0543) sets like SpectRe on MicroRarchitectural Data Sampling (MDS), but by the previously large limited limitation for attackers: certain instructions can be used over several CPU cores within the level 3- Read caches, but attacks do not have to run on the same core – therefore the name Crosstalk. The instructions include the random number generators of RDRand and RDSEED, whose results can read attackers.
Crosstalk is particularly relevant for operators of data centers, on whose processors several virtual machines run. The CVSS score is 6.5 (medium). According to Intel, all processors are concerned "Coffee Lake-S Refresh" (Core I-9000) whose microcode updates are distributed to the art through new BIOS versions or Windows or Linux patches. at "Comet Lake-S" (Core I-10000) should pinpire in the chip design.
- Intel-SA-00320: Special Register Buffer Data Sampling Advisory
Safety slaves bypass
The second of the researchers, the security problem brought on the name SGAXE represents a further development of Cacheout Alias Ridl (Rogue In-Flight Data Load) Alias L1D Eviction Sampling (L1Des), but is now also Intel’s security slaves in the form of the Software Guard Extensions ( SGX) can handle.
The Security Researcher of the University of Michigan contradicts in her paper to Sgaxe Intel’s opinion that updates for cacheout were also protected against SGAXE: "Our work shows that the safety of the SGX OKOSystem completely collapses, even when you play all previously available countermeasures". Unlike in the case of CVE-2020-0543, there are no microcode updates from Intel due to the disagreements.
In the context of yesterday’s patchday, Intel has closed next to CVE-2020-0543 further security swagen, which we have discussed in a separate our site message: