"CrossTalk" / SRBDS Is The Newest Side-Channel Vulnerability

Written by Michael Larabel in Intel on 9 June 2020 at 10:33 AM EDT. 35 Comments
Details are still coming in but INTEL-SA-00320, a.k.a. "CrossTalk", is the newest Intel side-channel CPU vulnerability.

This latest side-channel vulnerability was disclosed today as part of Intel's second Tuesday of the month reporting period along with several other security issues. INTEL-SA-00320 / CrossTalk is a Special Register Buffer Data Sampling "SRBDS" issue.

The whitepaper doesn't appear to be published yet by the independent researchers and the INTEL-SA-00320 deep dive page isn't yet working.

There have been motherboard vendors in recent weeks providing updated BIOS marked with CVE-2020-0543 so this does appear to be another issue that can be worked around in the Intel CPU microcode.

Intel also noted in today's disclosure, also noted in today's report that researchers behind CacheOut / L1D Eviction Sampling made a new discovery as "SGAxe" that relies upon this CVE-2020-0549 vulnerability in an unmitigated state.
INTEL-SA-00320 is a side-channel issue called Special Register Buffer Data Sampling, or SRBDS, with a medium CVSS score. As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment. We are aware that researchers have released a paper on this issue and refer to it as "CrossTalk".

More details when the various disclosure pages begin serving and I can dive deeper into this newest side-channel vulnerability and see if the mitigated microcode introduces any performance penalties.

UPDATE: Turns out Intel accidentally disclosed CrossTalk / SRBDS a few hours early against their own embargo... Here's what you need to know about CrossTalk / SRBDS.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week