There is a flaw in Intel CPUs that makes it easy for data in its internal memory to leak.
Intel explained that if the system is under a specific condition, an external party with malicious intent could deduce the data values of some cache line in the L1 data cache.
Intel went on to add that under particular conditions, in cases of some processors, data in a modified cache line, when returning after a malicious party exploits it, can construct a “covert channel to infer modified data in the L1D cache that the victim intends to protect from the malicious adversary”.
This flaw is the Snoop-assisted L1 data sampling. It has the ability to access cache line data that went through modification by other applications, operation system, system management mode, or virtual machine monitor.
In all cases, a local adversary can only see cache lines that did not undergo modification by legitimate entities.
What should users do to protect themselves?
Intel said that they addressed the flaw earlier – the L1 Terminal Fault (L1TF). Some users already have measures that mitigate the flaw and thus, serve as protection.
Users who do not have these measures, available in 2018, received the recommendation to obtain them and protect themselves from such snoop attacks.
As an alternative, users can wipe out their L1D cache after accessing sensitive information from time to time. They should do this when running potentially malicious software as well.
As another step, users should disable their Intel Transactional Synchronization Extensions (TSX). This works to reduce the attack surface. It also makes it harder for malicious parties to pull off attacks.
What is the potential for harm?
According to Intel, this flaw does not allow for large leaks in data, and exploiting it is also pretty challenging. Therefore, they believe that malicious parties will most likely not use it in the future.
Intel said that to carry out any attacks, malicious parties have to satisfy a number of complicated criteria. Thus, Intel does not think Snoop Assisted L1 Data Sampling is practical.