Amazon Web Services (AWS) software engineer Pawel Wieczorkiewicz discovered another vulnerability in Intel processors that allows stealing data from the internal memory of the CPU. Discovered by Wieczorkiewicz attack was called Snoop-assisted L1 Data Sampling or simply Snoop.
“The Snoop attack uses processor mechanisms such as a multilevel cache, cache consistency (coherence), and bus tracking”, – says Pawel Wieczorkiewicz.
Currently, most processors have a multi level cache memory, where data is stored during processing by the processor. Depending on the characteristics of the CPU, the cache can be single-level (L1), two-level (L2), or even three-level (L3). The most commonly used level is L1, which is divided into two. One section (L1D) is used to process user data, and the second (L1I) is used to process the instruction code of the CPU itself.
Due to its multi-core architecture and multi-level cache, data is usually stored simultaneously in several processor caches and even in RAM. Cache consistency is the process of synchronizing all levels of the cache in such a way that the same data is stored in L1, L2 and RAM as in L1D – the place where they begin to change.
Bus tracking is an operation in which the CPU updates all cache levels when data begins to change in L1D.
“Under certain conditions, malicious code can interfere with the process of monitoring the bus and cause errors that could lead to data leakage from the cache consistency process, namely, data that has been currently changed in L1D “, — found out Pawel Wieczorkiewicz.
However, unlike Meltdown and Specter, Snoop does not allow stealing large amounts of data. In addition, according to Intel, it is difficult to provide necessary conditions for an attack.
The engineer notified Intel about the problem, however, after examining the vulnerability, the company’s specialists concluded that the patch for the Foreshadow vulnerability (L1TF), released in 2018, also fixes it. A list of vulnerable Intel processors can be found here.