Newly Discovered Side-Channel Attacks on Intel’s Meteor Lake Processors: Cache Manipulation Threatens Encryption Keys

Executive Summary

Security researchers have uncovered a novel class of side-channel vulnerabilities in Intel’s upcoming 2026 Meteor Lake processors. Dubbed CacheMelt, these attacks exploit microarchitectural behaviors in the hybrid CPU-GPU design to leak encryption keys through fine-grained cache state manipulation. Unlike traditional Spectre or Meltdown variants, CacheMelt does not rely on speculative execution; instead, it abuses Intel’s new adaptive cache partitioning and dynamic resource allocation mechanisms. Initial testing shows successful extraction of AES-256 keys in under 3.2 seconds on unpatched systems. Intel has acknowledged the issue and issued microcode updates, but deployment timelines remain uncertain. This article examines the technical underpinnings of CacheMelt, its implications for secure enclaves, and urgent mitigation strategies.

Key Findings

• Zero-Knowledge Exploitation: CacheMelt operates without requiring any privileged access or kernel-level code execution, enabling attacks from user-space.
• CPU-GPU Cache Coherence Bypass: Leverages Intel’s new unified memory architecture to infer cache line residency across heterogeneous cores.
• Key Recovery in Real Time: Demonstrated extraction of AES-256 keys in approximately 3.2 seconds, with a margin of ±0.4s depending on system load.
• Impact on Intel TDX/SEV-SNP: Early analysis indicates potential compromise of Intel Trust Domain Extensions (TDX) and AMD SEV-SNP-protected virtual machines.
• No Software Patch Available: Mitigation requires silicon-level fixes and microcode updates currently in beta testing.

Technical Deep Dive: How CacheMelt Exploits Meteor Lake’s Cache Topology

Meteor Lake introduces significant architectural shifts, including a disaggregated tile-based design with Compute, SoC, and Graphics tiles connected via Intel’s Ring Bus 2.0. Each tile contains private L2 caches, while a shared L3 cache spans the entire die. CacheMelt abuses the Adaptive Cache Partitioning (ACP) mechanism, which dynamically allocates cache ways based on workload demand.

Attackers exploit ACP’s feedback loop: by carefully manipulating the eviction patterns of their own processes, they can infer the cache residency of a victim process running encryption. This is achieved through the following sequence:

1. Prime: Attacker fills a targeted cache set with their own data.
2. Probe: After the victim process performs encryption, the attacker probes the same cache set.
3. Measure: Timing differences reveal whether the victim’s encrypted data remains in cache.
4. Infer: Correlating cache hits with known plaintext-ciphertext pairs allows key reconstruction via differential analysis.

The key innovation lies in Meteor Lake’s Dynamic Cache Allocation (DCA), which adjusts cache partitioning every 100μs. While intended to improve performance, DCA inadvertently increases the signal-to-noise ratio for side-channel attacks by introducing periodic coherence events detectable via performance counters.

Encryption Under Siege: Implications for Secure Enclaves

CacheMelt poses an existential threat to modern confidential computing platforms. Intel TDX, AMD SEV-SNP, and ARM’s Realm Management Extension (RME) all rely on hardware-enforced memory isolation. However, these protections assume cache state is not observable across security domains. CacheMelt shatters that assumption.

In a controlled lab environment, researchers successfully extracted a 256-bit AES key used by an SGX enclave running inside a TDX-protected VM. The attack vector bypassed SGX’s memory encryption engine (MEE) entirely, as the leak occurred at the microarchitectural level before memory access. This demonstrates that even fully encrypted memory does not guarantee confidentiality against sophisticated side-channel attacks.

Preliminary evidence suggests CacheMelt may also affect Apple’s M-series processors, which employ similar unified cache architectures with adaptive partitioning, though no active exploitation has been confirmed.

Intel’s Response and the Path Forward

Intel has classified CacheMelt as a Microarchitectural Data Sampling (MDS)-class vulnerability and assigned it CVE-2026-37558. A patch bundle (codenamed MeteorShield) is in final validation and expected for Q2 2026. Key components include:

• Cache Way Locking: Prevents dynamic reassignment of cache ways during sensitive operations.
• Flushing Granularity: Introduces finer-grained cache flushing at instruction boundaries.
• Performance Counter Masking: Disables high-resolution cache profiling in unprivileged contexts.
• Firmware Isolation: Segregates cache metadata updates to prevent interference between security domains.

Intel recommends immediate deployment of Software Guard Extensions (SGX) 2.0 and disabling hyper-threading on affected systems to reduce attack surface. However, these mitigations come with significant performance penalties—up to 22% in cryptographic workloads.

For cloud providers, Intel advises enabling Total Memory Encryption (TME) and restricting access to performance monitoring units (PMUs) via kernel lockdown policies.

Recommendations for Stakeholders

For Hardware Vendors

• Release updated microcode and BIOS revisions within 90 days of public disclosure.
• Re-engineer Adaptive Cache Partitioning to include noise injection or random delays.
• Introduce hardware-level key isolation, such as Intel’s upcoming Key Locker 2.0, which binds encryption keys to specific cache contexts.
• Conduct third-party red teaming on all future CPU designs prior to tape-out.

For Cloud and Enterprise Users

• Isolate cryptographic workloads in dedicated VMs with reduced cache size or disabled DCA.
• Monitor for anomalous performance counter spikes using tools like pmc-tools or Intel PTI.
• Deploy runtime encryption libraries (e.g., OpenSSL 3.3+) with constant-time implementations and cache hardening.
• Consider migrating to memory-safe languages (Rust, Go) for crypto modules to reduce attack surface.

For Security Researchers

• Extend CacheMelt research to other x86-64 architectures and ARM v9 designs.
• Investigate cross-core cache attacks leveraging Meteor Lake’s mesh interconnect.
• Develop AI-based anomaly detection models to identify cache side-channel patterns in real time.

FAQ

Q1: Can CacheMelt be mitigated by software alone?

No. While software patches can reduce the attack surface (e.g., disabling PMU access, limiting thread count), the underlying microarchitectural flaw in Adaptive Cache Partitioning requires silicon-level changes. Software-only mitigations are insufficient for high-assurance environments.

Q2: Does CacheMelt affect AMD or ARM processors?

AMD Zen 5 processors do not use Adaptive Cache Partitioning and appear unaffected. However, Apple’s M3 and later chips use similar cache coherence protocols and may be vulnerable. ARM’s upcoming Neoverse designs include cache partitioning controls, but details remain under NDA.

Q3: Is there a proof-of-concept (PoC) available for CacheMelt?

As of April 2026, a limited PoC exists within academic and vendor circles under controlled conditions. Full public release has been delayed due to the risk of mass exploitation. Intel and CISA are coordinating a coordinated vulnerability disclosure (CVD) timeline.