Skip to main content

Researchers: Intel CPUs are inherently flawed and open to a specific attack

Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Intel CEO says that Lunar Lake was ‘a one-off’
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

Intel's CEO Pat Gelsinger talked about the future of its top processors in the company's latest earnings call. Apart from reporting a huge $16.6 billion loss, the earnings call revealed a bit about next-gen products like Panther Lake and Nova Lake. According to Gelsinger, those two generations of laptop CPUs will not follow in Lunar Lake's footsteps. In fact, Gelsinger referred to Lunar Lake as "a one-off."

Lunar Lake introduced a first for Intel -- at least in terms of consumer processors. It came with on-package LPDDR5X memory, which brought Intel closer to some of the highly successful M chips manufactured by Apple. On-package memory can improve data transfer speeds and boost efficiency, and Lunar Lake was also proven to have solid battery life. Despite these benefits, Intel isn't going to give Lunar Lake a direct successor.

Read more
AMD vs. Intel: which makes the best CPUs?
Pads on the bottom of the Ryzen 9 7950X.

When it comes to desktop and laptop processors, the two biggest names in town are Intel and AMD. Qualcomm is making inroads, but if you want peak performance, Intel and AMD make the best processors for gaming and serious productivity.

Still, it's not all sunshine and rainbows for these industry titans. AMD's most recent Ryzen 9000 CPUs were met with a lukewarm reception, but then Intel's Core Ultra 200-series were even less impressive. It may be up to X3D CPUs and turbo modes to save the day.

Read more
Not this again: Intel Arrow Lake may have instability issues
A render for an Intel Arrow Lake CPU.

Intel's Arrow Lake is just a couple of days from hitting the market, and we've been inundated with various reports and leaked benchmarks. Today's news doesn't sound good, though. YouTuber Moore's Law Is Dead reports that Arrow Lake, also referred to as Core Ultra 200-S, may have some instability issues -- much like what we've seen Intel battle for months on end with Raptor Lake.

Before we dive in, keep in mind that all of this is yet to be confirmed, and we're mere days away from finding out whether it's true or not. However, it could give some buyers a reason to hold off and read the reviews before preordering the CPUs. Moore's Law Is Dead talked about various reviewers and tech YouTubers who had something bad to say about Arrow Lake's stability. The issues are twofold: A wild discrepancy between benchmarks, and running into crashes.

Read more