Login
Login

Spoiler (security vulnerability)

{{short description|Security vulnerability on CPUs that use speculative execution}}

{{Infobox bug

| name = Spoiler

| image =

| image_size =

| alt =

| caption =

| screenshot =

| screenshot_size =

| screenshot_alt =

| screenshot_caption =

| CVE = {{CVE|2019-0162}}

| discovered = {{Start date and age|2018|11|df=yes}}

| patched =

| discoverer = {{flagicon|United States}} Worcester Polytechnic Institute
{{flagicon|Germany}} University of Lübeck

| affected hardware = Modern Intel microprocessors

| affected software =

| used by =

| website =

}}

Spoiler is a security vulnerability on modern computer central processing units that use speculative execution. It exploits side-effects of speculative execution to improve the efficiency of Rowhammer and other related memory and cache attacks. According to reports, all modern Intel Core CPUs are vulnerable to the attack {{As of|2019||df=|lc=y}}.{{Cite web|url=https://www.zdnet.com/article/all-intel-chips-open-to-new-spoiler-non-spectre-attack-dont-expect-a-quick-fix/|title=All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix|last=Tung|first=Liam|website=ZDNet|language=en|access-date=2019-03-18}}{{Cite web|url=https://appleinsider.com/articles/19/03/05/new-spoiler-vulnerability-in-all-intel-core-processors-exposed-by-researchers|title=New 'Spoiler' vulnerability in all Intel Core processors exposed by researchers|last1=Owen|first1=Malcolm|date=March 5, 2019|website=AppleInsider|language=en|access-date=2019-03-18}} AMD has stated that its processors are not vulnerable.{{Cite web|url=https://www.amd.com/en/support/kb/faq/pa-240|title=Spoiler {{!}} AMD|website=www.amd.com|access-date=2019-03-18}}{{Cite web|url=https://www.tomshardware.com/news/amd-processor-intel-spoiler-vulnerability,38841.html|title=AMD Confirms Its Processors Aren't Impacted by Spoiler Vulnerability|date=2019-03-17|website=Tom's Hardware|language=en|access-date=2019-03-18}}

Spoiler was issued a Common Vulnerabilities and Exposures ID of {{CVE|2019-0162}}.

See also

References

{{Reflist}}

External links

  • {{Cite arXiv|last1=Islam|first1=Saad|last2=Moghimi|first2=Ahmad|last3=Bruhns|first3=Ida|last4=Krebbel|first4=Moritz|last5=Gulmezoglu|first5=Berk|last6=Eisenbarth|first6=Thomas|last7=Sunar|first7=Berk|date=2019-03-01|title=Spoiler: Speculative Load Hazards Boost Rowhammer and Cache Attacks|class=cs.CR|eprint=1903.00446v1|language=en}}
  • [https://nvd.nist.gov/vuln/detail/CVE-2019-0162 CVE-2019-0162] at National Vulnerability Database

{{Speculative execution exploits}}

Category:Transient execution CPU vulnerabilities

Category:2019 in computing

{{compsci-stub}}

{{computer-security-stub}}