CrossTalk is the latest Intel CPU security problem

By - | Views: 11,962

A fresh month, a fresh security problem. Today Intel disclosed "Special Register Buffer Data Sampling" (or SRBDS) which has been named CrossTalk by a bunch of researchers from VUSec. This is just another in the growing list of security problems Intel has suffered over the last few years.

For the first time this enables clever attackers to leak sensitive information across cores on many different generations on Intel CPUs, bypassing previous security fixes against previous issues like Spectre and Meltdown. You can see a list of affected CPUs here, it's unfortunately quite a large list covering a huge amount of Intel's different CPU brands.

The VUSec team built a profiler called CrossTalk, allowing them to inspect "the behavior of complex (“microcoded”) x86 instructions beyond the CPU core boundaries". Using it they found an undocumented "staging buffer" that contained a bunch of sensitive data (including that from the random number generator) that can be leaked across cores using MDS style attacks.

With responsible disclosure, the team told Intel of the issues back in September 2018, followed by more information in July 2019 and Intel rewarded them with the Intel Bug Bounty (Side Channel) Program. Intel requested it be under embargo until now, due to the difficulty of a fix.

There's microcode updates going out from Intel to clean up SRBDS, with Intel now locking the whole memory bus before it talks to the staging buffer and will only unlock it after clearing it. This way nothing should be exposed across cores. How's performance loss with it? Considerable apparently so Intel has only applied the fix to a few security instructions: RDRAND, RDSEED, and EGETKEY. Phoronix did a quick test and it's quite dramatic.

You can see the official Intel release here and the VUSec CrossTalk info dive here.

Article taken from GamingOnLinux.com.
Tags: Event, Game Sale
14 Likes
We do often include affiliate links to earn us some pennies. We are currently affiliated with GOG and Humble Store. See more here.
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
6 comments

sub 9 Jun, 2020
Quoting: HoriIntel-based PCs really do slow down over time, don't they?

It's converging towards a Z80 performance wise.
Getting close.
Intel is doing, indirectly, AMD advertising....
GustyGhost 9 Jun, 2020
Complexity is an enemy of security.
Avehicle7887 9 Jun, 2020
These days it's like Intel is optimizing their CPU's to combat the security flaws.
mylka 10 Jun, 2020
Quoting: HoriIntel-based PCs really do slow down over time, don't they?

i still like my old i5 6500. i cant say it got slower.
very low power consumption.

but today i wouldnt buy intel. too hot, too much power consumption, too expensive... and new security problems


Last edited by mylka on 10 June 2020 at 12:39 am UTC
FauconNoir 10 Jun, 2020
Glad I bought an AMD CPU recently.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: Liberapay or PayPal.

This ensures all of our main content remains totally free for everyone with no article paywalls. We also don't have tons of adverts, there's also no tracking and we respect your privacy. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.