"CrossTalk" / SRBDS Is The Newest Side-Channel Vulnerability

Written by Michael Larabel in Intel on 9 June 2020 at 10:33 AM EDT. 35 Comments
INTEL
Details are still coming in but INTEL-SA-00320, a.k.a. "CrossTalk", is the newest Intel side-channel CPU vulnerability.

This latest side-channel vulnerability was disclosed today as part of Intel's second Tuesday of the month reporting period along with several other security issues. INTEL-SA-00320 / CrossTalk is a Special Register Buffer Data Sampling "SRBDS" issue.

The whitepaper doesn't appear to be published yet by the independent researchers and the INTEL-SA-00320 deep dive page isn't yet working.

There have been motherboard vendors in recent weeks providing updated BIOS marked with CVE-2020-0543 so this does appear to be another issue that can be worked around in the Intel CPU microcode.

Intel also noted in today's disclosure, also noted in today's report that researchers behind CacheOut / L1D Eviction Sampling made a new discovery as "SGAxe" that relies upon this CVE-2020-0549 vulnerability in an unmitigated state.
INTEL-SA-00320 is a side-channel issue called Special Register Buffer Data Sampling, or SRBDS, with a medium CVSS score. As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment. We are aware that researchers have released a paper on this issue and refer to it as "CrossTalk".

More details when the various disclosure pages begin serving and I can dive deeper into this newest side-channel vulnerability and see if the mitigated microcode introduces any performance penalties.

UPDATE: Turns out Intel accidentally disclosed CrossTalk / SRBDS a few hours early against their own embargo... Here's what you need to know about CrossTalk / SRBDS.
35 Comments
Related News
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
Intel Compute Runtime 24.45.31740.9 Released Ahead Of The Arc B580 "Battlemage" Launch
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features