Skip to main content

Researchers: Intel CPUs are inherently flawed and open to a specific attack

intel 4th generation core i7 haswell
Image used with permission by copyright holder
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Intel may have accidentally leaked the release date for Windows 12
Someone typing on the Surface Laptop Studio 2's touchscreen.

Did we just get a confirmation about the release time frame for Windows 12 -- and from Intel, of all sources? It seems that way. Intel spoke about its predictions for 2024, indicating that it expects 2024 to be a good year for client processors. That's huge for Intel because the next generation of its top processors, Meteor Lake, is set to come out in 2024. However, if Intel is right, it might be a big year for Microsoft, too.

The information comes from a transcript of the Citi 2023 Global Technology Conference. Most of it wasn't too exciting -- fireside chats aren't often that interesting to the masses -- but there's a little comment in there that piqued our interest.

Read more
Intel’s Raptor Lake refresh prices have leaked, and hikes are on the way
An Intel processor over a dark blue background.

We're most likely just a couple of weeks away from the release date for the Intel Raptor Lake refresh, and while Intel itself hasn't said much about it, interesting tidbits of information leak out pretty frequently. Today, we got a good look at what might be the pricing of almost the entire lineup. And it looks like price increases are coming, however minor they may be.

We expected that a price hike was likely for the Raptor Lake refresh, and that's exactly what seems to be happening. As per a tip sent to VideoCardz, the majority of the 14th-Gen lineup appeared briefly at a Canadian retailer known as Canada Computers. While the CPUs weren't listed, they could be found by searching for the product names, and that gives an idea of what to expect. Keep in mind that these prices are in Canadian dollars.

Read more
Intel Meteor Lake is coming to desktop, but there’s a big catch
Intel announcing the Meteor Lake release date on Intel Innovation.

It's been a real roller coaster ride with Intel Meteor Lake. First, it was coming to desktops, then it wasn't, then it was, and now ... it isn't, but it is. If you're as confused as we are, don't worry -- Intel has set things straight and we now know that Meteor Lake chips will be available in desktops, but they won't become some of the best processors for desktop PCs, all because they're not socketed.

Intel spoke about the future of its 14th-Gen Meteor Lake chips in a statement made to ComputerBase, revealing that, yes, Intel Meteor Lake will come to desktop PCs, but only all-in-one (AIO) computers like the Intel NUC or small form-factor PCs. It won't be available in socketed form, which means that you won't be able to install it in a future LGA1851 motherboard. In short, Meteor Lake chips are laptop CPUs, through and through.

Read more