Intel ATM Chipset Vulnerability Chain

As a fan of Intel’s, one might find it difficult to remain with the industry leader in processor manufacturing. There have been a series of events leading up to the release of the CacheOut (or L1DES) vulnerability that was disclosed by a research team from the University of Michigan and the University of Adelaide. While Intel claims that CVE-2020-0549 has medium severity, it is more likely that the words “little to no” apply to the amount of people who have proceeded in disabling hyperthreading or applied L1 terminal fault mitigations.

Virtualization has become the way for computing over the last decade. It allows for the deployment of a diverse environment using minimal resources. The author of this post has been researching virtualization technologies over the last 3 years, and deploying test environments for cybersecurity training and research. The impact for recommendations mitigating the vulnerability chains come at a significant cost to performance.

For details surrounding CacheOut the whitepaper released on Monday, January 27th, is available here: https://cacheoutattack.com/CacheOut.pdf. The authors of this paper go in great detail to describe aspects of the attack and why Intel’s patchwork mitigations have not been succesful to this point. They also cover the impacts that this type of exploit have on virtualized processes including the inherint risks in sharing resources within a hypervisor.

The likelihood of symptoms being compromised by these vulnerabilities depends on the controls that are in place within the systems being used. The severity for the impact that can be caused by the exploit once realized should be considered moderatley-high. Risk analysis for the vulnerability chain itself should be conducted by professionals that are familiar with the systems architecture and the exploit methodologies.

This was labeled “Intel ATM Chipset Vulnerability Chain” because of the frequent distributions of Cache from the exploits. The likelihood of organizaitons being able to switch to another manufacturer is not significantly high because of the lack for corporate level hardware bearing Ryzen processors. The good news would be that Intel will issue a patch soon, and will probably continue to do so until they posess one of the most secure chips available in the market. Organizations should look for these patches, and apply the mitigations already available as soon as possible. If your organizaiton is still employing a perimeter/edge defense strategy, this might be a reason to consider alternate methods.

Leave a Reply

%d bloggers like this: