Researchers from multiple universities and security firms discovered a new class of speculative execution side-channel vulnerabilities that could be exploited with new side-channel attack methods dubbed Fallout, RIDL (Rogue In-Flight Data Load), and ZombieLoad.
“On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).” reads a post published by Intel.
“Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see,” “MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.”
The new class of flaws, dubbed Microarchitectural Data Sampling (MDS attacks), includes four different flaws that could be triggered to leak arbitrary in-flight data from CPU-internal buffers, such as Line Fill Buffers, Load Ports, or Store Buffers.
“MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms.” reads the secuirty advisory published by Intel. “Refer to the MDS table in Deep dive: CPUID Enumeration and Architectural MSRs for a list of processors that may be affected by MDS. MDS only refers to methods that involve
Below the list of vulnerabilities in Intel processors:
The attacks work against most of the systems running up to Intel CPUs made in the past decade, the methods can cause the leak of sensitive information, such as passwords, disk encryption keys and browser history.
Intel revealed that the flaws were initially discovered by its experts and partners, and later reported by third-party researchers, including academics from the University of Michigan, Worcester Polytechnic Institute, Graz University of Technology, imec-DistriNet, KU Leuven, University of Adelaide, Microsoft, the VUSec group at VU Amsterdam, Bitdefender, Oracle, and Qihoo 360.
Newer chips, including some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address the above flaws in hardware. Intel already provided for some products microcode updates that address the flaws.
Unlike security updated for Meltdown and
Researchers published several research papers (i.e. RIDL, Fallout, ZobieLoad), c) and set up a dedicated website for the attack methods. They also released working
Tech giants already published security advisories for the vulnerabilities, including Microsoft, Google, Apple, and Linux distributions. Microsoft, Google, Apple, and HP have already announced the implementation of measures to mitigate potential attacks.
ARM and AMD processors are not affected.