On March 1, researchers from Worcester Polytechnic Institute in Worcester, MA and the University of Lübeck in Germany published details and a proof of concept exploit they called SPOILER.
They demonstrated that a malicious actor with insufficient privileges can gain knowledge of a system's virtual address mapping to physical memory addresses. This information can then be used to facilitate attacks like Rowhammer or classic side channel methods like Prime+Probe. The SPOILER exploit, by itself, does not reveal secret data, and is not a speculative execution side channel method.
After careful assessment, Intel has determined that existing kernel protections, like KPTI, reduce the risk of leaking data across privilege levels. Combined with side channel safe software development practices, like ensuring execution time and control flows are identical regardless of secret data, these protections mitigate classic side channel methods enabled by the SPOILER exploit. Additionally, DRAM modules that are mitigated against Rowhammer style attacks remain protected regardless of the SPOILER exploit.
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources