Intel CPUs affected by new, Spectre like attacks
A new type of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to leak sensitive data from a system's CPU. Intel said that the newest type of vulnerabilities, called Microarchitectural Data Sampling, or MDS, consist of four different attacks, which all depend on different ways of executing side channel attacks to steal data from systems. First identified by Intel's internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see.
These vulnerabilities, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091, derive from a process called speculative execution in processors. It's is used in microprocessors so that memory can read before the addresses of all prior memory writes are known. A hacker with local user access can use a side-channel analysis to gain unauthorized disclosure of information. While speculative execution side channel previous attacks like Meltdown targeted data stored in the CPU's memory that relies on this process, MDS looks to a different part in the chip using speculative execution. Those components are buffers, such as Fill Buffers, temporary buffers between CPU caches, temporary buffers used when loading data into registers, or temporary buffers to hold store addresses and data.
The four different attack methods are called ZombieLoad, Fallout, Rogue In-Flight Data Load and Store-to-Leak Forwarding, and have been detailed and publicly disclosed on Tuesday by different security researchers. The ZombieLoad attack resurrects your private browsing history and other sensitive data. It allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments. Rogue In-Flight Data Load hackers can exploit MDS flaws to leak sensitive data. By analyzing the impact on the CPU pipeline, researchers developed a variety of practical exploits leaking in-flight data from different internal CPU buffers used by the CPU while loading or storing data from memory. The Fallout attack allows hackers to leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. The Store-To-Leak Forwarding attack exploits CPU optimizations introduced by the store buffer to break address randomization, monitor the operating system or to leak data when combined with Spectre.
Contrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software. Intel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes. In addition to hardware fixes, Intel is releasing processor microcode updates as part of its regularly-scheduled update process with OEMs to address the issue in products where MDS is not addressed in hardware.