CacheOut: Intel Processors Data Leakage Advisory (INTEL-SA-00329, CVE-2020-0548, CVE-2020-0549)

IPAS: INTEL-SA-00329

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html

https://software.intel.com/security-software-guidance/software-guidance

Acknowledgements: Intel would like to thank the following individuals for finding, reporting and coordinating these vulnerabilities to us. Intel thanks TU Graz and KU Leuven for disclosure of CVE-2020-0549. Graz University of Technology: Moritz Lipp, Michael Schwarz, Daniel Gruss. KU Leuven: Jo Van Bulck. Intel thanks VU Amsterdam, for disclosure of CVE-2020-0548 and CVE-2020-0549. VUSec group at VU Amsterdam: Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida. Researchers from TU Graz and Ku Leuven provided Intel with a Proof of Concept (POC) in May 2019 and researchers from VU Amsterdam provided Proof of Concept (POC) in October 2019. Intel subsequently confirmed each submission demonstrates CVE-2020-0549 individually.

https://cacheoutattack.com/

Finally, the disclosure is over! We present CacheOut, a new speculative execution attack to leak data on Intel CPUs via cache eviction despite current mitigations: https://t.co/ruHkCY2eiQ #intel #cacheout #l1des @MarinaMinkin, Andrew Kwong, Daniel Genkin and @yuvalyarom

— Stephan van Schaik (@themadstephan) January 27, 2020

Just published a blog on INTEL-SA-00329 concerning L1D Eviction Sampling. This vulnerability has little to no impact in virtual environments that have applied L1 Terminal Fault mitigations. https://t.co/4SD1GXHOI6

— Jerry Bryant (@jnabryant) January 27, 2020