Skip to main content
  1. Home
  2. Computing
  3. News

Researchers: Intel CPUs are inherently flawed and open to a specific attack

By

intel 4th generation core i7 haswell
Image used with permission by copyright holder
Most of us use our computers to manage some of the most important aspects of our lives, from our personal and business finances to recording our private lives to conducting most of our communications. If someone can break into our computers, they can steal our information, our identities, and generally make our lives miserable.

A recent paper, published by a joint research tem from the State University of New York at Binghamton, and the University of California Riverside, alleges that certain processors are inherently flawed and open to attack, according to Ars Technica. The flaw works against a specific method used by modern operating systems, including both Windows and MacOS, to keep systems secure called “address space layout randomization,” or ASLR.

Recommended Videos

Basically, ASLR jumbles up the memory locations where applications store their code, making it more difficult for exploits to take over a system. Instead, attacks are more likely to cause the computer to simply crash — an inconvenience to users and a potential source of data loss, but far preferable to allowing a hacker to assume control.

The flaw in Intel’s processors, which was demonstrated in Linux running on a system utilizing a Haswell chip, allows attackers to bypass ASLR. On a more technical level, a vulnerability exists in the processor’s branch predictor that allowed the researchers to identify where chunks of code would be stored. This basically represents a “side channel” in the branch predictor that attackers can use to get around ASLR, making predictable something that should be unpredictable.

As the researchers put it, “ASLR is an important defense deployed by all commercial operating systems. It is often the only line of defense that prevents an attacker from exploiting any of a wide range of attacks (those that rely on knowing the memory layout of the victim). A weakness in the hardware that allows ASLR to be bypassed can open the door to many attacks that are stopped by ASLR. It also highlights the need for CPU designers to be aware of security as part of the design of new processors.”

Intel is checking into the research, and the researchers go beyond merely alerting the industry to the potential vulnerability by offering a number of ways to reduce the likelihood of attack via hardware and software. The details of the exploit are contained in the paper titled “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR” that was presented on October 18 at the IEEE/ACM International Symposium on Microarchitecture held in Taiwan.

Editors' Recommendations

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Do CPUs require drivers?
AMD Rizen CPU 3 next to box

Your CPU is an important component in your PC, so like graphics cards, it should probably have its own CPU drivers, right? Not in this case. While there are drivers that are called chipset drivers, and technically there is microcode that runs on the chips themselves, you don't need to update the drivers for your CPU.

There are plenty of drivers you should keep on top of, but the processor is not one of them.
Do CPUs have drivers?

Read more
Gamers are reportedly returning Intel Core i9 CPUs in droves
Intel Core i9-13900K held between fingertips.

Intel's recent Core i9 CPUs are facing some dire issues, at least according to a new report from ZDNet Korea. In speaking with the outlet, an anonymous source in Korea responsible for customer service on Intel CPUs says that customers are returning more than 10 of Intel's 13th-gen and 14th-gen Core i9 CPUs daily, largely hailed as some of the best gaming processors you can buy.

The problem centers around Tekken 8, at least in Korea. According to the report, gamers using a CPU like the Core i9-13900K or Core i9-14900K will face an error message saying "not enough video memory" when launching the game, forcing it to close. This is even when the PC has plenty of video memory to run the game.

Read more
The only Intel CPU you should buy is over a year old
Intel Core i5-13600K installed in a motherboard.

While it's true that Intel has no shortage of top-notch CPUs, there's only one you should really be buying in 2024 for gaming purposes, and it's well over a year old. It's not that the other CPUs are bad -- it's that this processor is quite unmatched in terms of performance per dollar, and it's more than good enough for most uses.

The CPU in question is the Intel Core i5-13600K. You might be tempted to buy something pricier, perhaps even something as over the top as the Core i9-14900KS. But I'm here to tell you that you really don't need to. And if you'd rather spend even less, I'll show you my favorite alternatives.
A value pick
Intel's Core i5 series is typically the one to target in terms of value, but there's usually a gap between the midrange i5 and the enthusiast i7. While that gap is still present in this generation, it's nowhere near big enough for you to have to worry about it if all you're looking for is gaming.

Read more