Multiple generations of Intel CPUs are vulnerable to a new side channel of the Meltdown security flaw.
The flaws were tracked by researchers from the University of Maryland, Tsinghua University, and a lab run by the Chinese government.
- The attack works as a side channel to Meltdown, a critical security flaw discovered in 2018 that impacts x86-based microprocessors.
- The campaign enables hackers to extract secret data from user memory space.
- While the Meltdown bug was mostly patched in 2018, it has never been completely patched by any security vendor.
-
The attack is carried out in two phases:
- Firstly, execution is launched through the EFLAGS register.
- Secondly, data begins to be decoded.
- Security researchers so far have been unable to determine the cause of the flaw, but they have recommended users change the implementation of the JCC instruction and rewrite EFLAGS after transient execution to reduce its influence over the JCC instruction.