"Intel CPUs Vulnerable to New Transient Execution Side-Channel Attack"

Researchers have discovered a new side-channel attack impacting multiple generations of Intel CPUs. It allows data leakage via the EFLAGS register. Researchers from Tsinghua University, the University of Maryland, and a computer lab operated by the Chinese Ministry of Education discovered the new side-channel attack that differs from most other side-channel attacks. Rather than relying on the cache system like many other side-channel attacks, this new attack exploits a vulnerability in transient execution that enables the extraction of secret data from user memory space via timing analysis. The attack functions as a side-channel for Meltdown, a critical security vulnerability discovered in 2018 that affects many x86-based microprocessors. Meltdown exploits a performance optimization feature known as "speculative execution" to allow attackers to circumvent memory isolation mechanisms and access passwords, encryption keys, and other private data stored in kernel memory. Meltdown has been mitigated by software patches, microcode updates, and hardware redesigns, but no solution has addressed the issue in its entirety, and the most recent attack method may work on fully patched systems depending on hardware, software, and patch configurations. The new side-channel attack described in a technical paper involves a vulnerability in the modification of the EFLAGS register in transient execution, which affects the timing of Jump On Condition Code (JCC) instructions. This article continues to discuss the new side-channel attack impacting multiple generations of Intel CPUs. 

Bleeping Computer reports "Intel CPUs Vulnerable to New Transient Execution Side-Channel Attack"