The bugs, first reported by The Register, can allow bad actors to leak information and escalate their privileges, and were labelled by Intel as “high severity”.
A full list of products the vulnerabilities may impact can be found here, which includes 10th Generation Intel Core Processors and Intel Core X-series Processors.
What should users do?
Intel recommends that users of the affected processors update to the latest versions provided by their system manufacturer to addresses these issues.
Unfortunately, the above was not the only set of bugs which Intel was able to announce.
A potential security vulnerability in Intel Processors which may allow information disclosure was also announced, though this was only dubbed “low severity” by Intel.
Intel said that “Observable behavioral discrepancy in some Intel processors may allow an authorized user to potentially enable information disclosure via local access.”
The bug could potentially affect all Intel processor families according to the hardware giant.
Intel recommends that any impacted product should utilize the LFENCE instruction “after loads that should observe writes from another thread to the same shared memory address”.
Firewalls may not be enough by themselves in today’s climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.
Anyone interested in outing more bugs and having information about a security issue or vulnerability with an Intel-branded product or technology can send it via e-mail to firstname.lastname@example.org, after encrypting sensitive information using its PGP public key.
The demand for greater hardware security is there according to Intel’s own research.
The survey, based on speaking to 1,406 people across the United States, Europe, the Middle East, Africa, and Latin America, found 75% of respondents expressed interest in hardware-based approaches to security, while 40% expressed interest in “security at a silicon level”.
Via The Register