A team of researchers from American and Chinese universities recently uncovered a new vulnerability in Intel processors that can potentially lead to leakage of third-party information regarding the speculative execution of operations. This, in turn, can be used to create a hidden communication channel between different processes or in the determination of leaks while making Meltdown class attacks.
The vulnerability concerns the change that takes place in the Eflags processor register, which affects the next execution of the JCC instruction while performing the desired condition. Even though speculative operations aren’t completed and the outcome is discarded, the discarded change in Eflags can be analyzed by observing the time of JCC instruction performance. The comparison operations in the speculative mode prior to a successful transition show a slight delay, which can be measured and used as a sign to select the contents.
Unlike other similar third-party channel-based attacks, this technique doesn’t analyze changes in access time to both damaged and non-damaged data, and does not require resetting the Eflags register to its initial state, thereby making detection and blocking more challenging. As a demonstration, the researchers executed a Meltdown attack option.
The study’s findings were published in an academic paper and highlights a significant threat to Intel processors that can have grave consequences if left unaddressed.