SUSE addresses Special Register Buffer Data Sampling (SRBDS) aka CrossTalk attack
Today Intel and security researchers published a number of security issues covering various Intel hardware and software components in their IPU 2020.1 release.
One of those issues is a side-channel information leak attack against special registers, like the Intel CPU random register. Memory can not be read out, only previously generated random values could be read.
This side channel issue is called “Special Register Buffer Data Sampling” (SRBDS) by Intel, and “CrossTalk” by the researchers from VUSec Amsterdam.
SUSE considers this issue having a moderate impact, and likely not impacting real world scenarios.
Intel has published the following INTEL-SA-00232 advisory article.
Only a limited number of Intel CPUs are affected by this problem, and are listed on Intels page listing processors affected by SRBDS
SUSE provides the following packages to mitigate this issue:
- Intel CPU Microcode packages: These actually mitigate issue.
- Linux Kernel packages: now contain the ability to report and control the mitigation
- XEN hypervisor packages: now contain the ability to report and control the mitigation
The exact technical details are described here:
- Our SUSE TID19643
- Our CVE-2020-0543 page
- Intel advisory INTEL-SA-00232
- Intel CPUs affected by SRBDS
- CrossTalk paper by VUSec