Researchers discover SPOILER, new vulnerabilities in Intel processors

Last year, many industries around the world were plagued by high-risk security holes called Spectre and Meltdown. However, Spectre and Meltdown have not been fixed until now. Security researchers have also discovered a new SPOILER vulnerability in Intel processors that have not been fixed. This vulnerability is different from previous Spectre and Meltdown vulnerabilities. However, the new vulnerabilities discovered this time will not affect the ARM and AMD processors, that is, only the Intel series processors have problems.

Modern processors use speculation to perform automatic prediction and execution commands to improve efficiency, but design-level vulnerabilities can expose speculative execution. SPOILER is speculatively executed similarly to the Spectre series vulnerability that was exposed last year. The difference is that these two types of vulnerabilities work completely differently. Because Spectre and Meltdown are flaws in modern processor design, the SPOILER vulnerability is purely a weakness of Intel itself. The root cause of SPOILER is that there is a weakness in address guessing implemented by Intel’s proprietary memory subsystem, which is why it only affects Intel.

Spectre and Meltdown holes are issues at the processor design level and therefore cannot be solved by software. Currently, the solutions provided by vendors can only be mitigated. Mitigation of vulnerabilities affects processor performance. Last year, it caused a lot of controversies, but such mitigation measures could not alleviate the SPOILER security vulnerability. Researchers say the vulnerability involves a novel micro-architecture leak that does not require any special permissions by interfering with the storage buffer after speculative execution.

Intel confirmed this vulnerability at the end of last year and told researchers that it will release patches to fix it, but Intel stressed that should be able to alleviate the vulnerability only. At least until now, Intel has not issued a public statement, so it is not sure whether the vulnerability can be fixed. Otherwise, it can only be gradually migrated by patching. In an interview, the researchers said that Intel’s response was very embarrassing because the memory subsystem involved could not be easily fixed by microcode. Obviously, if the microcode is repaired, it will affect the performance of the processor.

According to the researchers, if the vulnerability is to be exploited, it needs to be operated locally, that is, it cannot be triggered directly by remote means. However, an attacker can use a JavaScript script on a malicious web page or pre-populate the user with malware before exploiting the SPOILER security vulnerability. Successful exploitation of this vulnerability can steal confidential information from memory and cause user information to be leaked, such as passwords or other sensitive information stored in memory.