Microarchitectural Data Sampling
| Logo designed for the vulnerabilities, featuring a wounded hand holding a broken microprocessor. | |
| CVE identifier(s) | CVE-2018-12126 (Fallout), CVE-2018-12127 (RIDL), CVE-2019-11091 (RIDL, ZombieLoad), CVE-2018-12130 (RIDL, ZombieLoad), CVE-2019-11135 (ZombieLoad v2) |
|---|---|
| Date discovered | 2018[1] |
| Date patched | 14 May 2019 |
| Discoverer | Australia University of Adelaide Austria Graz University of Technology Belgium Catholic University of Leuven China Qihoo 360 Germany Cyberus Technology Germany Saarland University Netherlands Vrije Universiteit Amsterdam Romania Bitdefender United States Oracle Corporation United States University of Michigan United States Worcester Polytechnic Institute [1] |
| Affected hardware | Pre-April 2019 Intel x86 microprocessors |
| Website | mdsattacks.com ZombieLoadAttack.com |
The Microarchitectural Data Sampling (MDS) vulnerabilities are a set of weaknesses in Intel x86 microprocessors that use hyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL (Rogue In-Flight Data Load), ZombieLoad.,[2] [3] [4] and ZombieLoad 2.[5]
Description
[edit ]The vulnerabilities are in the implementation of speculative execution, which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading data buffers found between different parts of the processor.[1] [2] [6] [7]
- Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12126
- Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127
- Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM), CVE-2019-11091
- Transactional Asynchronous Abort (TAA), CVE-2019-11135
Not all processors are affected by all variants of MDS.[8]
History
[edit ]According to Intel in a May 2019 interview with Wired, Intel's researchers discovered the vulnerabilities in 2018 before anyone else.[1] Other researchers had agreed to keep the exploit confidential as well since 2018.[9]
On 14 May 2019, various groups of security researchers, amongst others from Austria's Graz University of Technology, Belgium's Catholic University of Leuven, and Netherlands' Vrije Universiteit Amsterdam, in a disclosure coordinated with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.[1] [6] Three of the TU Graz researchers were from the group who had discovered Meltdown and Spectre the year before.[1]
On 12 November 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.[10] [11]
Impact
[edit ]According to varying reports, Intel processors dating back to 2011[12] or 2008[1] are affected, and the fixes may be associated with a performance drop.[13] [14] Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.[1]
Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable hyperthreading.[1] [15] Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.[16]
Mitigation
[edit ]Fixes to operating systems, virtualization mechanisms, web browsers and microcode are necessary.[1] As of 14 May 2019[update] , applying available updates on an affected PC system was the most that could be done to mitigate the issues.[17]
- Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.[1]
- On 14 May 2019, a mitigation was released for the Linux kernel,[18] and Apple, Google, Microsoft, and Amazon released emergency patches for their products to mitigate ZombieLoad.[19]
- On 14 May 2019, Intel published a security advisory on its website detailing its plans to mitigate ZombieLoad.[7]
See also
[edit ]References
[edit ]- ^ a b c d e f g h i j k Greenberg, Andy (2019年05月14日). "Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs". WIRED . Retrieved 2019年05月14日.
- ^ a b Ilascu, Ionut (2019年05月14日). "New RIDL and Fallout Attacks Impact All Modern Intel CPUs". Bleeping Computer. Retrieved 2019年05月14日.
- ^ Spectre-NG-Lücken: OpenBSD schaltet Hyper-Threading ab, heise.de, 2018-06, accessed 2019年09月29日
- ^ Let's Talk To Linux Kernel Developer Greg Kroah-Hartman | Open Source Summit, 2019, TFIR, 2019年09月03日
- ^ Winder, Davey (2019年11月13日). "Intel Confirms 'ZombieLoad 2' Security Threat". Forbes . Archived from the original on 2020年01月14日. Retrieved 2020年01月14日.
- ^ a b "ZombieLoad Attack". zombieloadattack.com. Retrieved 2019年05月14日.
- ^ a b "INTEL-SA-00233". Intel. Retrieved 2019年05月14日.
- ^ "Microarchitectural Data Sampling". The Linux kernel user's and administrator's guide. 2019年05月14日.
- ^ "MDS attacks". mdsattacks.com. Retrieved 2019年05月20日.
- ^ Nichols, Shaun (2019年11月12日). "True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant". www.theregister.co.uk. Retrieved 2019年11月12日.
- ^ Cimpanu, Catalin. "Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack". ZDNet. Retrieved 2019年11月12日.
- ^ Whittaker, Zach (2019年05月14日). "New secret-spilling flaw affects almost every Intel chip since 2011". TechCrunch. Retrieved 2019年05月14日.
- ^ "Intel Zombieload bug fix to slow data centre computers". BBC News . 2019年05月15日. Retrieved 2019年05月15日.
- ^ Larabel, Michael (2019年05月24日). "Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload". Phoronix . Retrieved 2019年05月25日.
- ^ Mah Ung, Gordan (2019年05月15日). "Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down". PC World . Retrieved 2019年05月15日.
- ^ Kastrenakes, Jacob (2019年05月14日). "ZombieLoad attack lets hackers steal data from Intel chips". The Verge . Retrieved 2019年05月15日.
- ^ O'Neill, Patrick Howell (2019年05月14日). "What To Do About the Nasty New Intel Chip Flaw". Gizmodo . Retrieved 2019年05月15日.
- ^ "ChangeLog-5.1.2". The Linux Kernel Archives. 2019年05月14日. Archived from the original on 2019年05月15日. Retrieved 2019年05月15日.
- ^ Whittaker, Zach. "Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws". TechCrunch. Retrieved 2019年05月14日.
Further reading
[edit ]Original papers by the researchers
[edit ]- Schwarz, Michael; Lipp, Moritz; Moghimi, Daniel; Van Bulck, Jo; Stecklina, Julian; Prescher, Thomas; Gruss, Daniel (2019年05月14日). "ZombieLoad: Cross-Privilege-Boundary Data Sampling" (PDF).
- van Schaik, Stephan; Milburn, Alyssa; Österlund, Sebastian; Frigo, Pietro; Maisuradze, Giorgi; Razavi, Kaveh; Bos, Herbert; Giuffrida, Cristiano (2019年05月14日). "RIDL: Rogue In-Flight Data Load" (PDF).
- Minkin, Marina; Moghimi, Daniel; Lipp, Moritz; Schwarz, Michael; Van Bulck, Jo; Genkin, Daniel; Gruss, Daniel; Piessens, Frank; Sunar, Berk; Yarom, Yuval (2019年05月14日). "Fallout: Reading Kernel Writes From User Space" (PDF).
- Galowicz, Jacek; Prescher, Thomas; Stecklina, Julian (2019年05月14日). "ZombieLoad: Cross Privilege-Boundary Data Leakage". Cyberus Technology GmbH.
- "cpu.fail". Graz University of Technology. 2019年05月14日.
Information from processor manufacturers
[edit ]- "Side Channel Vulnerability Microarchitectural Data Sampling". Intel. 2019年05月14日.
- "Deep Dive: Intel Analysis of Microarchitectural Data Sampling". Intel. 2019年05月14日.
