Processor Security ViolationIntel was once again identified by experts who gave the problem the name CacheOut. This name is due to the principle of operation, based on the extraction of information stored in the chip cache.
According to the Common Vulnerabilities and Exposures (CVE) classification, the new vulnerability is designated CVE-2020-0549: L1D Eviction Sampling (L1Des) Leakage with a degree of danger of 6.5.
Hearts of technical ability when usingCacheOut vulnerabilities include the ability to selectively retrieve data from L1 cache. Attackers get the opportunity, without waiting for a leak of specific data, to independently select the necessary information. In addition, the vulnerability is able to pass through all security systems and poses a threat to the kernel, shared virtual machines, and SGX enclosures (Software Guard Extensions).
Intel experts recognized the vulnerabilityCacheOut and distributed a list of processors that are at risk of a security breach. At risk: first and second generation Intel Xeon Scalable on Skylake and Cascade Lake microarchitecture, sixth generation Intel Core processors, Intel Xeon E3-1500m v5 and E3-1200 v5 on Skylake microarchitecture, seventh and eighth generation Intel Core processors on Kaby microarchitecture Lake and Coffee Lake, the eighth generation Intel Core processors on the Whiskey Lake (ULT) and Whiskey Lake (ULT refresh) microarchitectures, and the tenth generation Intel Core processors on the Amber Lake Y microarchitecture.
To eliminate the vulnerability, Intel experts created a microcode update and recommendations for OS vendors. In AMD processors, no such vulnerability has been identified.