Skip to main content
  1. Home
  2. Computing
  3. News

Researchers: Intel CPUs are inherently flawed and open to a specific attack

Mark Coppock
By

intel 4th generation core i7 haswell
Image used with permission by copyright holder
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

Related

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Intel just launched the ‘world’s fastest’ CPU
Intel's 14900K CPU socketed in a motherboard.

Intel just announced a new CPU that is bound to rank high among some of the best processors -- the Intel Core i9-14900KS. A follow-up to the Core i9-14900K, the new CPU pushes the frequency out of the box beyond what any other chip can deliver right now, reaching a massive 6.2GHz. Intel estimates that it should deliver a sizeable upgrade over its predecessor, and we now know its specs, release date, and price.

The newly released Core i9-14900KS comes with 24 cores (eight P-cores and 16 E-cores) and 32 threads, 36MB of Intel Smart Cache, and a TDP of 150 watts. Much like the other CPUs in the Raptor Lake refresh lineup, it supports both DDR4 and DDR5 RAM, and it can handle up to 192GB of DD4-3200 MT/s memory or DDR5-5600. It can be paired with either a Z690 or a Z790 motherboard and offers 20 PCIe lanes, 16 of which are PCIe 5.0, while the rest are PCIe 4.0.

Read more
Intel’s CPUs just got way more confusing
Intel Core i5-14600K processor inside its socket.

Intel announced a slew of new processors during CES 2024, including mobile and desktop CPUs and the new Intel Core Series 1 made for thin-and-light laptops. Some are destined to make the list of the best processors, but Intel's naming conventions are only getting more confusing, with machines sporting both its old naming convention and the new Core Ultra rebrand in 2024.

Starting with the Intel Core HX series, Intel is introducing five new CPUs made for gamers and creators, starting with the high-end Intel Core i9-14900HX, followed by the Core i7-14700HX, the Core i7-14650HX, the Core i5-14500HX, and lastly, the Core i5-14450HX. The top chip in the lineup sports a whopping 24 cores and 32 threads.

Read more
Intel 14th-gen Meteor Lake: architecture, specs, and performance
On-package memory on Intel Meteor Lake processors.

Intel's 14th-gen Meteor Lake processors are here, and they're ready to compete against some of the best processors for laptops. While they don't currently -- and may never -- have desktop counterparts, Meteor Lake chips bring improved graphics performance, AI capabilities, and high core counts to thin and light laptops.

What's new in Meteor Lake, and what will these CPUs excel at? With Intel's announcement, we now know the answers to those questions.
Pricing and release date

Read more