A vulnerability affects billions of computers and puts user and business data at risk. How to defend
The world is full of computers with vulnerable Intel CPUs and there is still no security patch to secure them. This is the alarm raised by Bitdefender researchers who have discovered a new vulnerability in many Intel chips, even the latest generation, called CVE-2020-0551.
This vulnerability is very similar to the infamous “Meltdown” bug, discovered a couple of years ago by Google researchers and affecting virtually all CPUs produced by Intel since 1995. But CVE-2020-0551 is more dangerous at the moment, because it can be exploited even on PCs that have the security patch against Meltdown installed. Intel is aware of this vulnerability and is trying to fix it. This is a very dangerous bug, which could allow a hacker able to exploit it to steal sensitive data through a remote attack. Luckily, at the moment, there are no reported “exploits” of this vulnerability: no hacker has exploited it yet.
How the CVE-2020-0551 vulnerability works
A hacker who knows the details of CVE-2020-0551 could launch an attack, dubbed LVI-LFB (Load Value Injection in Line Fill Buffer), and install malicious code in the systems affected by the vulnerability. The result would be the possibility for the hacker to obtain the privileges needed to read the data present in the CPU cache. In this data there could be anything, even sensitive information of companies and institutions if the attacked computer is a corporate server.
What you can do against CVE-2020-0551
The real problem of CVE-2020-0551 vulnerability is that it is made possible by the mechanisms of “speculative execution” of the code. That is, all those mechanisms adopted over time by Intel to increase the performance of its microprocessors by architecting them so that they can perform the same operation on many data simultaneously. One of these mechanisms is the well-known Hyperthreading, present in all Intel CPUs produced from 2003 onwards.
Theoretically, it is possible to disable Hyperthreading to mitigate the problem, while large companies could replace computers based on Intel technology with equivalent systems based on AMD technology (which seems immune to this vulnerability, as it was to Meltdown). But these are difficult and expensive moves. Hopefully, then, Intel will find a solution to this vulnerability soon and release a patch quickly.