Skip to main content

Researchers: Intel CPUs are inherently flawed and open to a specific attack

intel 4th generation core i7 haswell
Image used with permission by copyright holder
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

Please enable Javascript to view this content

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Intel is bringing back one of its most frustrating types of CPUs
Intel Core Ultra Series 2 Lunar Lake chipset.

Intel's new Arrow Lake CPUs are a big deal. They utilize an entirely new architecture and come with a new socket, which will help them compete for a spot among the best processors. However, it looks like some upcoming Core 200-series CPUs (the non-Ultra versions) might not use the Arrow Lake/Lunar Lake architecture at all -- they might be rebranded CPUs sporting older CPU tech.

The assumption comes from results in the Crossmark benchmark that were posted to Bapco and first pointed out by Everest on X (formerly Twitter). The result shows the Core 5 210H, but it's not the performance that's interesting. It's the specs. The result shows that the CPU comes with eight cores and 12 threads. That's the rub. Arrow Lake and Lunar Lake don't come with Hyper-Threading, so each core only comes with a single thread.

Read more
Sorry, gamers — Intel’s new CPUs won’t deliver any gains
A render for an Intel Arrow Lake CPU.

Intel is setting expectations for its upcoming Arrow Lake-S desktop CPUs. Although the company is holding strong that the new generation will be competitive with the best processors when they release on October 24, the new range of CPUs won't deliver much, if any, performance gains for gamers -- and that's coming from Intel itself.

To kick off the Arrow Lake generation, now called Intel Core Ultra 200S, Intel is releasing five processors. You can see the standard Core Ultra 9, 7, and 5 models in the table below, along with Core Ultra 7 and 5 models that cut the integrated graphics for a slightly lower price. All five of the processors are unlocked for overclocking with the new LGA 1851 socket. Unlike AMD's new Zen 5 CPUs, Core Ultra 200S chips require a new motherboard as Intel retires its LGA 1700 socket.

Read more
Intel did the unthinkable with its new Arrow Lake CPUs
A render of an Intel Core Ultra 200-S chip.

It finally happened. Intel killed Hyper-Threading on its desktop CPUs. The new Arrow Lake range, called Core Ultra 200S, ditches the simultaneous multi-threading (SMT) feature that Intel has held onto for more than a decade. And according to Intel, it doesn't need the extra threads to still deliver a generational performance improvement, even up against the best processors.

Intel says the new range, which we break down in detail in our post focused its gaming potential, can deliver an 8% performance improvement in single-threaded workloads over the previous generation, and a 4% uplift compared to the Ryzen 9 9950X. Those are pretty small margins, but the real impressive stuff comes in multi-threaded performance.

Read more