• Mon. Aug 21st, 2023

Vulnerability found in Intel processors allows the stealing of user data

Jun 2, 2023
Vulnerability found in Intel processors allows the stealing of user data
Harper Stewart

Data leakage becomes possible by exploiting the EFLAGS flag register.

A vulnerability has been found in some models of Intel processors. It allows to carry out an attack through third-party channels. A loophole in several generations of processors allows cybercriminals to steal user data via the EFLAGS register. The vulnerability was revealed in a report by security researchers from Tsinghua University and the University of Maryland.

Typically, this type of attack relies on a caching system to carry out data theft. However, this case is atypical because it is based on a transient execution vulnerability. By exploiting this flaw, attackers can use timing analysis to steal data from the device.

The way this flaw works is similar to the Meltdown vulnerability. In the case of Meltdown, attackers were able to bypass the memory isolation mechanisms and gain access to information stored in kernel memory. Among other things, passwords and other sensitive information are stored there.

The main reason for this attack is a breach in the EFLAGS CPU register change mechanism. It does not correctly synchronize the JCC (jump on condition code) instruction. Thus, to perform a successful attack, an attacker must run a transient execution, which allows them to encode sensitive data through the EFLAGS register. They can then measure the execution time of the JCC instruction, which will allow them to decode the information received.

Newer generation processors are relatively safe

As the researchers pointed out, Intel i7-6700, i7-7700, and a relatively recent generation i9-10980XE processors are vulnerable to EFLAGS attacks. Security experts managed to achieve 100% data extraction on these devices.

Nevertheless, experts specified that Intel’s newer processors are relatively safe. To conduct a successful attack on the new machines, attackers would have to repeat their actions several thousand times.