Researchers from the University of Virginia and the University of California, San Diego discovered three Specter vulnerabilities in AMD and Intel processors while studying microoperation caches. These vulnerabilities bypass existing Specter mitigation measures, and the researchers predict that the low-level fixes they propose will result in costly performance losses. However, they admit that it can be difficult to justify harsh mitigation measures by taking advantage of these benefits.
The three newly discovered vulnerabilities are the design of the microoperation cache, which is a function of modern CPUs that have been around in AMD processors since 2017, and modern CPUs that have been around in Intel CPUs since 2011. The microoperation cache improves processor performance by storing low-level instructions generated when the processor decomposes complex instructions into computable algorithms. So far, it hasn’t been the subject of much research, because AMD and Intel have documented their micro-operation cache design to hide their poor ability to cover their proprietary designs.
The basis of the researchers’ attack is based on two types of code structures, which they call tigers and zebras. Both are in the microoperation cache. The tiger can move it by imitating the structure of a given code area and occupying the same positions. Zebras hide in all unoccupied places without being noticed. Together, they can use the macro cache sync effect to control the micro cache, just like the zebra leads a hungry tiger into a crowded store, and malicious code from researchers uses the micro cache structure to expose private memory. . Data through it. The first vulnerability can be used to leak information between domains on the same thread, the second vulnerability can be used to leak information between two threads running on the same physical core, and the third vulnerability can be revealed through two attacks.
Researchers said: “Because the size of the microoperation cache is relatively small, the (new) attack is much faster than the existing Specter variant which relies on launching and probing multiple sets of cache to transmit secret information “. It is also “much more incognito because it uses the microoperation cache as it’s only public primitive, introducing fewer accesses to the data cache, and much less lost.”
Using any method suggested by the researchers to mitigate new vulnerabilities may cause a “greater loss of performance” than Specter’s current mitigation measures. Their least susceptible to punishment is a strategy that uses detection but anticipates a considerable error rate. Its other two strategies (partitioning and flushing) lead to “substantial underutilization” of the microoperation cache and are largely equivalent to disabling the cache entirely (which is not feasible in and of itself). The vulnerabilities are believed to require high-level access to the target system, and standard security systems can prevent such access.
Although the researchers noted that additional work is needed to fully assess the risks posed by new vulnerabilities, they are not as worthy of attention as previous Specter vulnerabilities. Before launch, both AMD and Intel have received notifications about them, but have not announced that they are developing patches.