The other day, Intel released a notification about assigning an official identifier for the Spoiler vulnerability. The Spoiler vulnerability became known a month ago after a report by specialists from the Worcester Polytechnic Institute in Massachusetts and the University of LΓΌbeck (Germany). If it's any consolation, Spoiler will be listed as vulnerability CVE-2019-0162 in the vulnerability databases. For pessimists, we report: Intel is not going to release patches to reduce the risk of an attack using CVE-2019-0162. According to the company, conventional methods of dealing with a side-channel attack can protect against Spoiler.
Note that the Spoiler vulnerability (CVE-2019-0162) itself does not allow obtaining sensitive data for the user without his knowledge. This is just a tool to amplify and make it more likely to be hacked using the long-known Rowhammer vulnerability. This attack is a type of side channel attack and is carried out against DDR3 memory with ECC (Error Correction Code) checking. It is also possible that DDR4 memory with ECC is also affected by the Rowhammer vulnerability, but this has not yet been empirically confirmed. In any case, if we did not miss anything, there were no messages on this subject.
With Spoiler, you can associate virtual addresses with physical addresses in memory. In other words, to understand which specific memory cells need to be attacked using Rowhammer in order to replace data in physical memory. Changing only three bits of data in memory at a time bypasses ECC and gives the attacker freedom of action. Access to the address mapping requires access to the computer at the level of an unprivileged user. This circumstance reduces the danger of Spoiler, but does not eliminate it. According to experts, the danger of Spoiler is 3,8 points out of 10 possible.
Spoiler vulnerabilities affect all Intel Core processors up to the first generation. Changing the microcode to close it would lead to a sharp decrease in processor performance. βAfter careful study, Intel has determined that existing kernel protection such as KPTI [Kernel Memory Isolation] reduces the risk of data leakage through privileged levels. Intel recommends that users follow common practice to mitigate the exploitation of such vulnerabilities [with side-channel attacks]."
Source: 3dnews.ru