Intel CPUs vulnerable to new 'Snoop' attack

Applying the the patches for the Foreshadow (L1TF) attack disclosed in 2018 also blocks Snoop attacks.

Snoop

Intel processors are vulnerable to a new attack that can leak data from the CPU's internal memory -- also known as the cache.

The attack, described as "Snoop-assisted L1 Data Sampling," or just Snoop (CVE-2020-0550), has been discovered by Pawel Wieczorkiewicz, a software engineer at Amazon Web Services (AWS).

Wieczorkiewicz reported the issue to Intel, and after further investigations, the CPU maker concluded that patches released in August 2018 for the Foreshadow (L1TF) vulnerability also apply to this new attack.

A list of Intel processors that are vulnerable to Snoop attacks is available here. The list includes Intel series like Core and Xeon processors.

At the technical level, the new Snoop attack takes advantage of CPU mechanisms like multiple cache levels, cache coherence, and bus snooping. Below is a simple, non-technical explanation of why the attack exists and how it works.

CPUs, cache levels, cache coherence, and bus snooping

Today, most modern processors have multiple levels of (cache) memory at their disposal to store data while it's being processed inside the CPU.

Depending on the CPU's specifications, there could be a Level 1 (L1), Level 2 (L2), and even a Level 3 (L3) cache.

The most used cache level is L1, which is split in two, with one part allocated for processing user data (L1D) and the second for handling the CPU's own instruction code (L1I).

CPU cache levels

Image: Kartik Khare on Medium

Because of multi-core architectures and multi-cache levels, data is often stored inside multiple CPU caches at once, and even inside the RAM.

Cache coherence is the process that keeps all the cache levels in sync, so the L2, L3, and RAM have the same data that's in the L1D cache, the place where it usually gets changed first.

"Bus snooping" (or "snooping") is the operation through which the CPU updates all the cache levels when a change occurs in L1D.

Wieczorkiewicz discovered that under certain conditions, malicious code could tap into the bus snooping operation and trigger errors that leak data from the cache coherence process -- namely the cache data that's currently beening modified in the L1D cache, and effectively leaking data from the CPU's inner memory.

Snoop attacks don't work if you applied L1TF patches

The primary downside of this attack is that malicious code that runs on a CPU core can leak data from the other cores, a problem in cloud computing and virtualized environments.

The good news is that this attack is incredibly hard to pull off, and does not return large quantities of data (unlike the original Meltdown and Spectre vulnerabilities).

Furthermore, Intel says that the attack also requires conditions that are hard to satisfy in the real-world.

"Due to the numerous complex requirements that must be satisfied to successfully carry out, Intel does not believe Snoop Assisted L1 Data Sampling is a practical method in real world environments where the OS is trusted," Intel said.

For users who run high-risk systems, the chipmaker recommends applying the Foreshadow (L1TF) patches, released in August 2018.

Furthermore, disabling the Intel TSX (Transactional Synchronization Extensions) feature also greatly reduces the attack surface and make Snoop attacks even harder.

The Snoop attack may be hard to pull off but it's still of note because it exposes a new attack vector inside bus snooping operations, an area of modern CPU architecture that hasn't been probed as a potential attack surface before.