"CrossTalk" / SRBDS Is The Newest Side-Channel Vulnerability

Written by Michael Larabel in Intel on 9 June 2020 at 10:33 AM EDT. 35 Comments
INTEL
Details are still coming in but INTEL-SA-00320, a.k.a. "CrossTalk", is the newest Intel side-channel CPU vulnerability.

This latest side-channel vulnerability was disclosed today as part of Intel's second Tuesday of the month reporting period along with several other security issues. INTEL-SA-00320 / CrossTalk is a Special Register Buffer Data Sampling "SRBDS" issue.

The whitepaper doesn't appear to be published yet by the independent researchers and the INTEL-SA-00320 deep dive page isn't yet working.

There have been motherboard vendors in recent weeks providing updated BIOS marked with CVE-2020-0543 so this does appear to be another issue that can be worked around in the Intel CPU microcode.

Intel also noted in today's disclosure, also noted in today's report that researchers behind CacheOut / L1D Eviction Sampling made a new discovery as "SGAxe" that relies upon this CVE-2020-0549 vulnerability in an unmitigated state.
INTEL-SA-00320 is a side-channel issue called Special Register Buffer Data Sampling, or SRBDS, with a medium CVSS score. As with all side-channel issues reported to date, Intel is not aware of any real-world exploits of SRBDS outside of a lab environment. We are aware that researchers have released a paper on this issue and refer to it as "CrossTalk".

More details when the various disclosure pages begin serving and I can dive deeper into this newest side-channel vulnerability and see if the mitigated microcode introduces any performance penalties.

UPDATE: Turns out Intel accidentally disclosed CrossTalk / SRBDS a few hours early against their own embargo... Here's what you need to know about CrossTalk / SRBDS.
35 Comments
Related News
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
Intel Enabling Linux Driver Display Support For Upcoming "Battlemage" GPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Godot's Vulkan Backend Seeing Better Performance, 10~20% Reduction In Frame Times
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Niri 0.1.5 Scrollable-Tiling Wayland Compositor Adds New Animations