Intel minimizes the 'spoiler' security flaw in its processors

Intel released a security advisory on the Spoiler vulnerability discovered by researchers last month. The researchers said that, like Meltdown, Spoiler only affects Intel CPUs, and not AMD or ARM CPUs.

Intel Scores Spoiler Vulnerability at Risk of 3.8 Points out of 10

Spoiler is another security vulnerability that would affect only Core processors and that attackers can use to steal confidential information. Unlike Specter and Meltdown, Spoiler affects a different area of ​​the CPU, called the Memory Order Buffer, which is used to manage memory operations and is tied to the CPU's cache system. Because of this, Spoiler attacks can also improve Rowhammer memory-based attacks and other cache-based attacks.

Visit our guide on the best PC processors

Even though we've seen a long series of Specter attacks that Intel has had to fix, and more are expected, Spoiler is not another speculative execution attack. As such, none of Intel's current mitigation techniques for Specter affect Spoiler. The root cause of the vulnerability is within Intel's proprietary memory subsystem, so Spoiler only affects Intel CPUs and not AMD or ARM CPUs.

More than a month after investigators first revealed the Spoiler attack, Intel has assigned it its own CVE (CVE-2019-0162) and released a notice stating that the attack is low risk (3, 8 points out of 10) because the attack would need to be authenticated and requires local hardware access.

The researchers note that Spoiler cannot be solved by software and that new Intel CPUs will need hardware changes to prevent attackers from taking advantage of that flaw.

In this way, Intel takes away something of importance to this security problem, which is not the first nor the last one surely.

Tomshardware font