Err, isn’t this just ZombieLoad?

The CacheOut exploit is said to share similarities with the previously disclosed ZombieLoad flaw

UPDATED Doubts have arisen over the significance of a speculative execution vulnerability affecting Intel CPUs that was announced with breathless excitement on Monday.

CacheOut – an exploit that was unveiled with a dedicated website and eye-catching logo – was said to trigger data leaks from the OS kernel, co-resident virtual machines (a common practice among cloud and hosting providers), and even SGX enclaves. The vulnerability was widely reported in the tech press.

CacheOut belongs to a family of vulnerabilities that stem from flaws in the speculative execution process of modern microprocessors to extract secrets (such as encryption keys and passwords).

This class of vulnerabilities was first uncovered by landmark research on the Meltdown and Spectre vulnerabilities that was published in January 2018.

Researchers at the University of Michigan and RIDL Team VUSec claimed credit for unearthing the CacheOut flaw, which they warn “bypasses the hardware mitigations released by Intel in response to Meltdown, thereby necessitating additional software fixes”.

However, the CacheOut researchers reference an Intel security advisory (INTEL-SA-00329) that makes no mention of the University of Michigan-led researchers behind CacheOut, but instead credits researchers at Graz University of Technology who were involved in the original landmark Spectre research.

The CacheOut team acknowledge that “Intel also informed us that Moritz Lipp, Michael Schwarz, and Daniel Gruss (TU Graz), as well as Jo Van Bulck (KU Leuven) also reported this issue”.

Phase delay

The Daily Swig understands that the researchers behind the CacheOut exploit disclosed the issue months after the TU Graz and KU Leuven researchers, and what they had discovered was a variant of the earlier ‘ZombieLoad’ set of vulnerabilities.

The ZombieLoad attack allows an attacker to steal sensitive data and keys while the computer accesses them.

This exploit was discovered in May 2019, with a paper following in November, after the embargo for one of the variants was lifted.

The CacheOut research was reported to Intel in October 2019 – five months after the initial discovery, but one month before the ZombieLoad paper came out.

Daniel Gruss of TU Graz, a member of the team of researchers who discovered both ZombieLoad and Spectre, told The Daily Swig that he and his colleagues had previously disclosed the issues contained in the CacheOut paper to Intel, but that given the similarity to ZombieLoad, they decided not to publish their research.

“We decided to not write a new paper about it, as it is just ZombieLoad,” Gruss said. “[W]e don’t even call it a new variant as there is no real difference.”

The CacheOut research covers questions already answered by the ZombieLoad paper, he added.

ZombieLoad security exploit can trigger memory leaks in Intel CPUsThe ZombieLoad exploit was discovered in May 2019

Exploits… Re-loaded

Both ZombieLoad and CacheOut track back to the same vulnerability identifier, CVE-2020-0549.

The ZombieLoad website was updated on Monday to say that mitigations against the flaw released by Intel last year were inadequate and needed revisiting.

“On January 27th, 2020, an embargo ended showing that the mitigations against MDS attacks released in May 2019 are insufficient,” the update explained.

“With L1D Eviction Sampling, an attacker can still mount ZombieLoad to leak data that is being evicted from the L1D cache.”

Asked to explain the difference between their vulnerability and ZombieLoad, CacheOut researcher Marina Minkin argued that the CacheOut methodology paves the way for the development of more powerful attacks.

“CacheOut and ZombieLoad, as well as RIDL [the Rogue In-Flight Data Load paper] originally all use the same vulnerability (CVE-2020-0549),” Minkin, part of the University of Michigan team that analysed CacheOut, stated.

“However, CacheOut is a combination of four techniques: eviction from the cache for line selection, use of TAA (part of RIDL and ZombieLoad) for the leak, a new technique for addressing sub-cache-line offsets and using VERW for cleaning the signal.

“Unlike ZombieLoad which has very limited control of the address, CacheOut offers much more control to the attacker on what to leak,” she concluded.

The first author on the CacheOut paper, Stephan van Schaik, was a part of the RIDL team (VU Amsterdam) that reported the Issue to Intel.

Asked to comment on CacheOut, Intel offered the following response:

Today, we published INTEL-SA-00329 concerning two vulnerabilities that were publicly disclosed by researchers. We are actively coordinating with industry partners and expect to release microcode updates for these vulnerabilities through our normal Intel Platform Update (IPU) process in the coming weeks.

We’re reliably informed that Intel is releasing firmware updates to mitigate the CVE-2020-0549 and the less serious CVE-2020-0548 vulnerabilities on March 10.

In a follow-up question, we asked the CacheOut researchers why they had gone public six weeks early. There’s no suggestion from anybody that the interesting, but somewhat esoteric vulnerabilities are under active attack.

The CacheOut team denied jumping the gun.

“Regarding the public disclosure date, the date that Intel chose was January 27th, and we cooperated with that. Had they asked us to wait until any other date, we would gladly do that,” Minkin told The Daily Swig.

This article has been updated to include additional comment from Marina Minkin.

YOU MIGHT ALSO LIKE Plundervolt attack unpins Intel chip security enclaves