Skip to main content
  1. Home
  2. Computing
  3. News

Researchers: Intel CPUs are inherently flawed and open to a specific attack

By

intel 4th generation core i7 haswell
Image used with permission by copyright holder
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

Related

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors’ Recommendations

Topics
Mark Coppock
Mark Coppock
Former Digital Trends Contributor
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Intel’s upcoming Arrow Lake CPUs might run into cooling trouble
The cold plate and heat pipes on the Noctua NH-D15 G2 CPU cooler.

By nearly all accounts, Intel is gearing up to release its 15th-gen Arrow Lake CPUs in a matter of weeks. The new generation, which will compete for a slot among the best processors, will use the new LGA 1851 socket, and the redesigned package might be problematic when it comes to keeping the CPU cool.

According to famed overclocker and YouTuber der8auer, the hot spot on Arrow Lake CPUs is "quite a bit further north," meaning that the hottest part of the CPU is situated at the top of the package. Different hot spot locations is nothing new -- for instance, AMD's Ryzen 9 9950X has a hot spot more toward the southern part of the package -- but it's something that cooling companies will need to account for in order to get the best performance.

Read more
Intel Arrow Lake is right around the corner
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

Intel's upcoming Arrow Lake processors have been the topic of much speculation in the last few months, but we're finally at the finish line. Multiple sources are reporting that the release date we've been hearing about for weeks is now final, meaning that Intel's next-gen processors are now less than a month away. Here's what we know.

With no Intel Innovation event this year, things have been quiet as far as Arrow Lake goes -- but the leaks never cease. The initial Arrow Lake (also known as Intel Core Ultra 200 series) release date that various tipsters spoke about was always said to be October 10, but a few weeks ago, it was revealed to be October 24. Now, with today's new information, we can say with some confidence that it appears to be the final release date.

Read more
Do CPUs require drivers?
AMD Rizen CPU 3 next to box

Your CPU is an important component in your PC, so like graphics cards, it should probably have its own CPU drivers, right? Not in this case. While there are drivers that are called chipset drivers, and technically there is microcode that runs on the chips themselves, processors of any budget can be installed without drivers.

There are plenty of drivers you should keep on top of, but the processor is not one of them.
Do CPUs have drivers?

Read more