IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Researchers expose potential exploit of Intel CPUs

Intel x86 architecture could be vulnerable to attack through its System Management Mode mode.

Security researchers have published information and exploit code on how a flaw in Intel CPUs could potentially be exploited for malicious purposes.

Rafal Woijczuk and Joana Rutkowska of Invisible Things Lab, published information on how Intel CPU cache poisoning on x86 architecture could be exploited to take advantage of the SMM (System Management Mode).

They said that they have found two working exploits. One dumps the content of SMRAM, a specially protected region of system memory where the SMM code lives. The other is for arbitrary code execution in SMRAM.

A quote from the paper said: "This is the third attack on SMM memory our team has found within the last 10 months, affecting Intel-based systems.

"It seems that current state of firmware security, even in the case of such reputable vendors as Intel, is quite unsatisfying."

According to the report, French researcher Loic Duflot discovered the same attack in October 2008. He reported the issue direct to Intel, which has been in the process of preparing a workaround for the issue.

Woijczuk and Rutkowska said that Intel employees identified the cache poisoning which is at the root of the problem a few years ago.

Intel informed the researchers that it had been working on a solution to prevent caching attacks on SMM memory for a while, and also engaged with OEMs/BIOS vendors to prevent the attack.

"According to Intel, many new systems are protected against the attack," the researchers said.

"We have found out however, that some of the Intel's recent motherboards, like the popular DQ35, are still vulnerable to the attack."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Calling all US-based SMBs
Hardware

Calling all US-based SMBs

28 Jun 2022
Intel pauses Ohio chip site development, citing delays in US CHIPS act subsidies
Hardware

Intel pauses Ohio chip site development, citing delays in US CHIPS act subsidies

24 Jun 2022
Intel becomes latest tech company to freeze recruitment
Careers & training

Intel becomes latest tech company to freeze recruitment

9 Jun 2022
Technology reimagined
Whitepaper

Technology reimagined

12 May 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022