Intel announced in May that a microarchitecture vulnerability in their processor struck a way for hackers to bypass the processor’s built-in security measures to illegally access information within the processor, when Intel built users to disable hyperthreading to prevent attacks. But this vulnerability may be worse than you and I thought, because today Intel announced a new TSX Asynchronous Abort Vulnerability (TAA). In addition, Intel exposed a Conditional Jump Instruction (JCC) error and released a security update that would affect processor performance.
The researchers who discovered the two security vulnerabilities said they had informed Intel a year ago, the first time Intel had made the news public.
A vulnerability discovered by Intel itself (Picture: Intel)
The TSX asynchronous abort (CVE-2019-11135), disclosed today, is an alignment exception. More processors are affected by this vulnerability than expected. In a report for Intel, they expressed support for The Whisky Lake, Cascade Lake, and Coffee Lake R processors for Intel TSX technology. It also means that even Intel’s latest processor sits not immune.
Intel says that by exploiting this TSX asynchronous abort vulnerability, “malware executed by authenticated users will infer the data value being processed on a physical core.” This means that hackers can obtain information about other applications, operating systems, system management modes (SMs), Intel Software Protection Extensions (SGX), virtual machine administrators, and other users who use the virtual machine.
In addition to the TAA vulnerability, Intel today also exposed a conditional jump instruction error. Among those affected are Skylake-based processors and their derived processors. This is a “Decoded ICache” error with the processor decrypted, meaning that “unpredictable behavior may occur when the jump instruction is across the cache line.” “
Intel released a microcode update for this, but unsurprisingly, performance was affected. According to Phoronix, “Intel states that they have observed a performance decline of up to 4 percent after this microcode update is installed.” “