Microarchitectural Data Sampling
| CVE identifier(s) | CVE-2018-12126 (Fallout), CVE-2018-12127 (RIDL), CVE-2019-11091 (RIDL), CVE-2018-12130 (RIDL, ZombieLoad) |
|---|---|
| Date discovered | 2018[1] |
| Date patched | 14 May 2019 |
| Discoverer |  University of Adelaide Graz University of Technology Catholic University of Leuven Qihoo 360 Cyberus Technology Saarland University Vrije Universiteit Amsterdam Bitdefender Oracle Corporation University of Michigan Worcester Polytechnic Institute[1] |
| Affected hardware | Pre-April 2019 Intel x86 microprocessors |
| Website | ZombieLoadAttack.com |
The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that leak data across protection boundaries that are architecturally supposed to be secure. The vulnerabilities have been labeled Fallout, RIDL (Rogue In-Flight Data Load) and ZombieLoad.
Description
The vulnerabilities are in the implementation of speculative execution, which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading data buffers found between different parts of the processor.[1]
- Fallout (CVE-2018-12126) — a leak of data being stored from store buffers[2]
- RIDL (CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091) — a leak from various internal processor buffers of data being loaded and stored[2]
- ZombieLoad (CVE-2018-12130) — a leak of already-loaded data from a processor's fill buffer[2][3]
History
According to Intel in a May 2019 interview with Wired, Intel's researchers discovered the vulnerabilities in 2018 before anyone else.[1] Other researchers had agreed to keep the exploit confidential as well since 2018.[4]
On 14 May 2019, various groups of security researchers, amongst others from Austria's Graz University of Technology, Belgium's Catholic University of Leuven, and Netherland's Vrije Universiteit Amsterdam, in a disclosure coordinated with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.[1][3] Three of the TU Graz researchers were from the group who had discovered Meltdown and Spectre the year before.[1]
Impact
According to varying reports, Intel processors dating back to 2011[5] or 2008[1] are affected, and the fixes may be associated with a performance drop.[6][7] Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.[1]
Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable hyperthreading.[1][8] Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.[9]
Mitigation
Fixes to operating systems, virtualization mechanisms, web browsers and microcode are necessary.[1] Microcode is the implementation of processor instructions on the processor itself, and updates require a firmware patch,[1] also known as BIOS or UEFI, to the motherboard. As of 14 May 2019[update], applying available updates on an affected PC system was the most that could be done to mitigate the issues.[10]
- Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.[1]
- On 14 May 2019, a mitigation was released for the Linux kernel,[11] and Apple, Google, Microsoft, and Amazon released emergency patches for their products to mitigate ZombieLoad.[12]
- On 14 May 2019, Intel published a security advisory on its website detailing its plans to mitigate ZombieLoad.[13]
See also
References
- ^ a b c d e f g h i j k l Greenberg, Andy (14 May 2019). "Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs". WIRED. Retrieved 14 May 2019.
- ^ a b c Ionut Ilascu (14 May 2019). "New RIDL and Fallout Attacks Impact All Modern Intel CPUs". Bleeping Computer. Retrieved 14 May 2019.
- ^ a b "ZombieLoad Attack". zombieloadattack.com. Retrieved 14 May 2019.
- ^ "MDS attacks". mdsattacks.com. Retrieved 20 May 2019.
- ^ Zach Whittaker (14 May 2019). "New secret-spilling flaw affects almost every Intel chip since 2011". TechCrunch. Retrieved 14 May 2019.
- ^ Staff (15 May 2019). "Intel Zombieload bug fix to slow data centre computers". BBC News. Retrieved 15 May 2019.
- ^ Larabel, Michael (24 May 2019). "Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload". Phoronix. Retrieved 25 May 2019.
- ^ Mah Ung, Gordan (15 May 2019). "Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down". PC World. Retrieved 15 May 2019.
- ^ Jacob Kastrenakes (14 May 2019). "ZombieLoad attack lets hackers steal data from Intel chips". The Verge. Retrieved 15 May 2019.
- ^ O'Neill, Patrick Howell (14 May 2019). "What To Do About the Nasty New Intel Chip Flaw". Gizmodo. Retrieved 15 May 2019.
- ^ "ChangeLog-5.1.2". The Linux Kernel Archives. 14 May 2019. Archived from the original on 15 May 2019. Retrieved 15 May 2019.
{{cite web}}: Unknown parameter|dead-url=ignored (|url-status=suggested) (help) - ^ Zach Whittaker. "Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws". TechCrunch. Retrieved 14 May 2019.
{{cite web}}: Cite has empty unknown parameter:|1=(help) - ^ "INTEL-SA-00233". Intel. Retrieved 14 May 2019.
Further reading
Original papers by the researchers
- Schwarz, Michael; Lipp, Moritz; Moghimi, Daniel; Van Bulck, Jo; Stecklina, Julian; Prescher, Thomas; Gruss, Daniel (14 May 2019). "ZombieLoad: Cross-Privilege-Boundary Data Sampling" (PDF).
{{cite journal}}: Cite journal requires|journal=(help); Invalid|ref=harv(help) - van Schaik, Stephan; Milburn, Alyssa; Österlund, Sebastian; Frigo, Pietro; Maisuradze, Giorgi; Razavi, Kaveh; Bos, Herbert; Giuffrida, Cristiano (14 May 2019). "RIDL: Rogue In-Flight Data Load" (PDF).
{{cite journal}}: Cite journal requires|journal=(help); Invalid|ref=harv(help) - Minkin, Marina; Moghimi, Daniel; Lipp, Moritz; Schwarz, Michael; Van Bulck, Jo; Genkin, Daniel; Gruss, Daniel; Piessens, Frank; Sunar, Berk; Yarom, Yuval (14 May 2019). "Fallout: Reading Kernel Writes From User Space" (PDF).
{{cite journal}}: Cite has empty unknown parameter:|1=(help); Cite journal requires|journal=(help); Invalid|ref=harv(help) - Galowicz, Jacek; Prescher, Thomas; Stecklina, Julian (14 May 2019). "ZombieLoad: Cross Privilege-Boundary Data Leakage". Cyberus Technology GmbH.
{{cite journal}}: Cite journal requires|journal=(help); Invalid|ref=harv(help) - "cpu.fail". Graz University of Technology. 14 May 2019.
Information from processor manufacturers
- "Side Channel Vulnerability Microarchitectural Data Sampling". Intel. 14 May 2019.
{{cite web}}: Invalid|ref=harv(help) - "Deep Dive: Intel Analysis of Microarchitectural Data Sampling". Intel. 14 May 2019.
{{cite web}}: Invalid|ref=harv(help)
Others
- "Microarchitectural Data Sampling". The Linux kernel user’s and administrator’s guide. 14 May 2019.
{{cite web}}: Invalid|ref=harv(help)