Skip to main content
  1. Home
  2. Computing
  3. News

Researchers: Intel CPUs are inherently flawed and open to a specific attack

By

intel 4th generation core i7 haswell
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

Related

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Intel’s Core i9-13900KS hits 6GHz out of the box, but there’s a catch
Intel Core i9-13900K held between fingertips.

Intel has just launched the Core i9-13900KS, a CPU to end all CPUs -- at least in this generation. This is Intel's most powerful chip right now, fully poised to top the list of the best processors on the market.

This doesn't just mark yet another entry into Intel's impressive CPU arsenal. The Core i9-13900KS stands out as the first consumer processor to hit 6GHz out of the box without extra overclocking. To hit that peak, however, it's going to consume a whole lot of power.

Read more
CES 2023: Intel’s new 13th-gen CPUs are faster, cheaper, and more efficient
Intel Core i9-13900K held between fingertips.

Intel is greatly expanding its Raptor Lake desktop processor lineup. As announced during CES 2023, the CPU range will receive some new entries, and these upcoming processors prioritize efficiency by zoning in on performance-per-watt.

The list of upcoming processors is huge, including models ranging from the high-end Core i9-13900 to the budget Core i3-13100F. There are six T-series models coming up too. Here's everything that Intel is preparing for desktop users.

Read more
Intel Core i9-13900K vs. Core i9-12900K: Is it worth the upgrade?
Intel Core i9-12900K in a motherboard.

Intel Raptor Lake is finally here, and although there's a handful of CPUs in this first wave of 13th-generation CPUs, it's hard not to focus on the flagship, the Intel Core i9-13900K. Equipped with a seemingly endless number of cores, capable of hitting those ultra-high clock speeds, and socket-compatible with Alder Lake, it checks most of the boxes as far as the top-shelf CPUs are concerned.

But the 13900K is mostly just a refinement of the 12900K with extra cores. Is getting a Core i9-13900K worth the splurge, or should you keep things more budget-friendly with a 12th-gen CPU? Below, we'll compare the two Intel flagships and help you choose a winner.
Pricing and availability

Read more