New Snoop Vulnerability Threats Intel Processors

Amazon Web Services (AWS) engineer Pavel Vizorkevich discovered a vulnerability in Intel processors. The attack described by the researcher was called Snoop Assisted L1 Data Sampling (or simply Snoop) and the identifier CVE-2020-0550. A list of processors vulnerable to this problem can be found here.

The new attack exploits the advantages of modern processor mechanisms, such as several cache levels, cache coherence and bus tracking (bus snooping, hence the name of the attack). So, at present, most processors use several cache levels to store data during their processing. The most used level is L1, which is divided into two parts: one is dedicated for processing user data (L1D), and the second is for processing CPU instruction code (L1I). Due to the use of multi-core architectures and several cache levels, data is often stored simultaneously in several CPU caches and even in RAM.

Vizorkevich discovered that under certain conditions, malicious code can connect to the bus tracking operation and cause errors to occur, which ultimately leads to data leakage through cache coherency. At the same time, the researcher notes that the attack is extremely difficult to implement in practice, and in any case, it will not allow to steal large amounts of data (unlike the original vulnerabilities Meltdown and Specter).

After studying the problem, Intel developers came to the conclusion that the fixes released back in August 2018 for the Foreshadow vulnerability (L1TF) will help against it. It is also reported that disabling the Intel TSX (Transactional Synchronization Extensions) function will help to protect, which will make the implementation of Snoop even more difficult and unlikely.