Intel discovered new vulnerability class

A joint group of scientists and security experts revealed a new class of vulnerabilities in Intel processors, which, by analogy with Meltdown, Specter and Foreshadow, allow to extract data processed inside the chips. As in the previous cases, the new attacks are based on Microarchitectural Data Sampling (MDS) and take advantage of the speculative execution mechanism implemented in Intel processors to accelerate the speed of data processing. All attacks allow, in varying degrees, access to data stored in various internal CPU buffers.

The essence of the problem lies in the application of analysis methods for third-party channels to data in micro-architectural structures to which applications do not have direct access. These are structures such as Line Fill Buffer, Store Buffer and Load Port, which the CPU uses to quickly read / write the data to be processed.

In total, experts described four MDS attacks based on detected vulnerabilities:

  • Fallout (CVE-2018-12126) - restore the contents of the storage buffers. The attack provides the ability to read data recently recorded by the operating system, and determine the OS memory layout to facilitate other attacks;
  • RIDL (CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) —restores the contents of the download ports, fill buffers, and non-cached memory. The attack allows you to organize information leaks between different isolated areas in Intel processors, such as fill buffers, storage buffers, and download ports;
  • Zombieload (CVE-2018-12130) - restore the contents of the fill buffers. The attack allows you to restore browsing history and other data, as well as to organize the leakage of information from other applications, OS, cloud virtual machines and trusted execution environments.
  • Store-To-Leak Forwarding - exploits storage buffer optimizations for the CPU and can be used to bypass the kernel address space randomization mechanism (KASLR), to monitor the state of the operating system, or to organize leaks in conjunction with gadgets based on Specter methods.

According to experts, all models of Intel processors released since 2011 are vulnerable, including PCs, laptops and cloud servers (the list is available here). As noted, new models of processors are not vulnerable to vulnerabilities, since they come with protection against attacks of speculative execution (Meltdown, Specter, etc.).

Microsoft, Apple and Google have already released updates that fix the problem. In the Linux kernel, MDS protection has been added in updates 5.1.2, 5.0.16, 4.19.43, 4.14.119 and 4.9.176. Corrective updates for RHEL, Ubuntu, NetBSD and FreeBSD are also presented.