Flaw in Intel Haswell CPUs Bypasses Critical Security Protection

Every now and then, a major bug pops up in PC hardware. Sometimes, these bugs aren’t too serious but they can have a large impact like AMD’s Phenom TLB bug. This time around, it’s Intel’s turn to suffer a hardware CPU bug. According to researchers from the University of California, Intel’s Haswell chips suffer from a flaw that will allow attackers to bypass ASLR, a crucial security feature.

ASLR, or Address Space Layout Randomization is a technique that protects from buffer overflow attacks. By randomizing the memory space, attackers will have to guess at the areas of the memory which contain the data they wish to target. With Haswell, the branch target buffer table used by the branch predictor can be exploited as a way to determine where in the memory specific code is in.

While this attack won’t allow for remote code execution, it can lead to privilege escalation exploits. It may also allow attackers to break out from sandboxes and even from VM’s as this is a fundamental hardware flaw. For cloud providers, this can be a major issue as it makes it easier for an attacker to buy a VM server and break out of it to attack their fellow customers. This means the exploit should work for any OS though some may be less severely impacted.

Intel has reported that they are investigating the issue so we hope to hear back from them soon. Despite it being a hardware issue, a microcode update may be able to fix the issue. However, that may lead to a performance hit depending on what is required for the fix. For now, there is no word yet if pre-Haswell CPUs are impacted or post-Haswell CPUs as well. Given the relatively few changes between generations, I would not be surprised if Broadwell is buggy as well and perhaps even Skylake and Kaby Lake.