Intel CPUs at risk from new ‘Snoop’ attack

A new attack that can leak data from a CPU’s internal memory or cache has been discovered which affects many popular Intel processors.

The “Snoop-assisted L1 Data Sampling” attack, or Snoop for short, was first found by a software engineer at AWS named Pawel Wieczorkiewicz.

Wieczorkiewicz promptly reported the issue to Intel and following its own investigations into the matter, the chipmaker realized that patches released back in August of 2018 to fix the Foreshadow vulnerability could also be applied to this new attack.

Many popular Intel processors, including those from the company’s Core and Xeon lines, are vulnerable to Snoop attacks and you can check this list to see all of the CPUs that are affected.

Snoop attacks

The new Snoop attack takes advantage of CPU mechanisms such as multiple cache levels, cache coherence and bus snooping in order to leak data from a CPU core to other cores.

Thankfully though, this new attack is very hard to pull off and does not leak large quantities of data. Intel explained that Snoop attacks require conditions that are hard to meet in the real world, saying:

“Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe Snoop Assisted L1 Data Sampling is a practical method in real world environments where the OS is trusted.”

For those running high-risk systems, the company recommends that you apply the Foreshadow (L1TF) patches from August 2018 to protect your systems from potential Snoop attacks. Additionally, disabling the Intel TSX (Transactional Synchronization Extensions) can greatly reduce the attack surface while also making this new attack harder to pull off.

Via ZDNet