Researchers discover a new 'Spoiler' CPU flaw similar to Spectre, but Intel isn't fretting

Security researchers at Worcester Polytechnic Institute and the University of Lübeck have published a paper outlining a speculative vulnerability affecting nearly every Intel processor dating back to the first generation of Core CPUs, once upon a time the best CPUs for gaming. According to the researchers, the potential attack vector is similar to Spectre, but not subject to the same mitigations.

To be clear though, the researchers point out that the vulnerability, which they've dubbed Spoiler, is not a Spectre attack.

"The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem which directly leaks timing behavior due to physical address conflicts," the researchers wrote (PDF).

You may recall that there was an industry wide effort to deal with Spectre and Meltdown, the names give to speculative vulnerabilities that, between the two, affected nearly every processor made in the past two decades. Those resulted in numerous software patches and firmware updates. You can read more about Spectre and Meltdown here.

Similar to Spectre, the researchers say Spoiler could allow an attacker to exploit how a PC's memory works, exposing data from running programs in the process. This data should not be accessible on a whim.

Apparently this only affects Intel processors, and not chips from AMD or ARM. Spoiler is also independent of the OS and can even work from within a virtual machine and sandboxed environments.

The researchers seemingly conclude that the only way to completely protect against Spoiler is by redesigning the actual silicon, albeit potentially at the expense of overall performance.

"There is no software mitigation that can completely erase this problem," the researchers said.

Intel was made aware of Spoiler at the beginning of December. In a comment provided to our friends at TechRadar, the chipmaker downplayed the severity of it all.

"Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest," Intel said.

"We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research," Intel added.

In other words, the situation is not as dire as perhaps the paper makes it sound, from Intel's vantage point. But then we'd expect Intel to take that stance. We'll be keeping an eye on this and will report any significant updates.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).

Latest in Processors
 photo shows a factory tool that places lids on data center system-on-chips at an Intel fab in Chandler, Arizona, in December 2023. In February 2024, Intel Corporation launched Intel Foundry as the world’s first systems foundry for the AI era, delivering leadership in technology, resiliency and sustainability.
Return of the gigahertz wars: New Chinese transistor uses bismuth instead of silicon to potentially sock it to Intel and TSMC with 40% more speed
 photo shows a factory tool that places lids on data center system-on-chips at an Intel fab in Chandler, Arizona, in December 2023. In February 2024, Intel Corporation launched Intel Foundry as the world’s first systems foundry for the AI era, delivering leadership in technology, resiliency and sustainability.
So, wait, now TSMC is supposedly pitching a joint venture with Nvidia, AMD and Broadcom to run Intel's ailing chip fabs?
Pipboy holds up an open padlock.
A BIOS update could be all that's stopping you or someone else from jailbreaking your old AMD CPU
A screenshot from Sony's PlayStation 5 Pro announcement video, showing a stylized processor against a dark background with glowing lines streaming from its edges
The AMD x Sony collab gave us FSR4 and a version will appear in PlayStation next year, too, having 'already started to implement the new neural network on PS5 Pro'
A screenshot from a YouTube video showing a sticker being pulled from the front of a fake 9800X3D CPU
This Amazon-bought fake AMD Ryzen 7 9800X3D is actually a 14-year-old Bulldozer chip with a cheap sticker on it
A close-up stylized photo of a silicon wafer, showing many small processor dies
Intel is still using TSMC for 30% of its wafer demands: 'We were talking about trying to get that to zero as quickly as possible. That's no longer the strategy'
Latest in News
Key art of the videogame Lunacid, showing a pale, long haired knight in purple armor contemplating a purple, flaming sword surrounded by the different phases of the moon.
One of my favorite indie RPGs is getting a follow-up made with FromSoftware's 25-year-old Super Mario Maker for first person dungeon crawlers
Kingdom Come: Deliverance 2 image - Henry riding a pink and blue striped horse while holding a fish
Kingdom Come: Deliverance 2 now has Steam Workshop support, and of course one of the first mods lets you adjust the 'jiggle physics'
Still image of Bastion holding a bird, taken from Microsoft's Copilot for Gaming reveal trailer
Microsoft unveils Copilot for Gaming, an AI-powered 'ultimate gaming sidekick' that will let you talk to your console so you don't have to talk to your friends
Erenshor - A player and two simulated MMO party members stand on a plateau in front of a yellow landscape
This RuneScape-looking 'simulated MMORPG' has all the nostalgia without the drama because all the other 'players' are NPCs
Pirate Bay co-founder Carl Lundstrom
Pirate Bay co-founder and far-right politician found dead after plane crash
Sunset in the desert in Hello Sunshine
Hello Sunshine is a desert survival sandbox where you live in the literal shadow of the colossus