Intel Chips Vulnerable to Non-Spectre Attack Dubbed “Spoiler”

Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in northern Germany discovered a new flaw that targets an area of the Intel processor called the Memory Order Buffer, which manages memory operations and involves the cache. The vulnerability in the memory subsystem can directly leak timing behavior due to physical address conflicts and may reveal critical information. Since Spoiler is not a Spectre attack, the previously released patches for Spectre-related flaws will not resolve the issue. Researchers believe a patch may not be available for some time, even years. Possible hardware fixes could address the issue but would affect performance. Intel believes the issue can be protected against by employing side channel safe software development practices. The NJCCIC recommends users review the research paper and ZDNet’s blog post for more information and apply patches if and when they become available.