A group of academics and security researchers have discovered a new class of vulnerabilities in Intel processors that can permit attackers to retrieve data being processed inside a CPU. It is found that all Intel CPUs released since 2011 are most likely to be vulnerable.
The leading attack in this new vulnerability class is a security flaw named Zombieload, which is a side-channel attack similar to Meltdown, Spectre, and Foreshadow.
The researchers have named this attack as a Microarchitectural Data Sampling (MDS) attack, and targets a CPU’s microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. These are smaller-sized caches that are used alongside the main CPU cache.
Four such MDS attacks have been disclosed by the researchers, they are
- CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS) also known as Fallout
- CVE-2018-12127 – Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (MFBDS) also known as Zombieload, or Rogue In-Flight Data Load (RIDL)
- CVE-2018-11091 – Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Out of these, Zombieload is the most dangerous of all, as it can retrieve more information than the others. Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speed and performance.
The ZombieLoad attack works on personal computers to leak information from other applications and the operating system. They can also be exploited on virtual machines running in the cloud with common hardware.
The Fallout attack is a new transient execution attack that permits unprivileged user processes to steal information from a previously unexplored microarchitectural component called Store Buffers.
Several researchers reported to Intel regarding the MSD vulnerabilities starting June 2018. The company has replied all the researchers to keep their findings secret until the company provide fixes for the vulnerabilities.
Intel has released Microcode Updates (MCU) to fix the MDS vulnerabilities in both hardware and software by clearing all data from buffers whenever the CPU crosses a security boundary so that the data can’t be leaked or stolen.
All operating systems, virtualization vendor, and other software makers are advised to implement the patch at the earliest.
Apple has released fixes to address the vulnerability in the macOS Mojave 10.14.5 and Safari updates that were released yesterday. iOS devices use CPUs which are not vulnerable to MDS, so they does not require special mitigations as of now.
Microsoft also released software updates to help mitigate the MDS vulnerabilities until the Intel microcode updates reach users’ computers.
Amazon had already patched and applied mitigations to its cloud servers on behalf of its users.
The Linux ecosystem will be slow to receive patches and only Red Hat and Ubuntu have announced fixes for this.
Google’s cloud infrastructure has already received all the necessary protections even though some Google Cloud Platform customers might need to review some settings. The G Suite and Google Apps customers need not do anything. Android users are also not impacted.