Millions of computers powered by Intel chips are affected by MDS flaws

Millions of computers powered by Intel processors are affected by a new class of vulnerabilities (MDS) that can leak potentially sensitive data.

Researchers from multiple universities and security firms discovered a new class of speculative execution side-channel vulnerabilities that could be exploited with new side-channel attack methods dubbed Fallout, RIDL (Rogue In-Flight Data Load), and ZombieLoad.

“On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).” reads a post published by Intel.

“Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see,” “MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.”

The new class of flaws, dubbed Microarchitectural Data Sampling (MDS attacks), includes four different flaws that could be triggered to leak arbitrary in-flight data from CPU-internal buffers, such as Line Fill Buffers, Load Ports, or Store Buffers.

“MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms.” reads the secuirty advisory published by Intel. “Refer to the MDS table in Deep dive: CPUID Enumeration and Architectural MSRs for a list of processors that may be affected by MDS. MDS only refers to methods that involve microarchitectural structures other than the level 1 data cache (L1D) and thus does not include Rogue Data Cache Load (RDCL) or L1 Terminal Fault (L1TF). “

Below the list of vulnerabilities in Intel processors:

1. CVE-2018-12126—Microarchitectural Store Buffer Data Sampling (MSBDS), also known as Fallout attack.
2. CVE-2018-12130—Microarchitectural Fill Buffer Data Sampling (MFBDS), also known as Zombieload, or RIDL (Rogue In-Flight Data Load).
3. CVE-2018-12127—Microarchitectural Load Port Data Sampling (MLPDS), also part of RIDL class of attacks.
4. CVE-2019-11091—Microarchitectural Data Sampling Uncacheable Memory (MDSUM), also part of RIDL class of attacks.

The attacks are similar to the Meltdown and Spectre attacks disclosed in January 2018.

The attacks work against most of the systems running up to Intel CPUs made in the past decade, the methods can cause the leak of sensitive information, such as passwords, disk encryption keys and browser history.

The flaws can be exploited remotely via JavaScript code and rogue websites or using exploited using malware that infected the targeted devices.

Intel revealed that the flaws were initially discovered by its experts and partners, and later reported by third-party researchers, including academics from the University of Michigan, Worcester Polytechnic Institute, Graz University of Technology, imec-DistriNet, KU Leuven, University of Adelaide, Microsoft, the VUSec group at VU Amsterdam, Bitdefender, Oracle, and Qihoo 360.

Newer chips, including some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address the above flaws in hardware. Intel already provided for some products microcode updates that address the flaws.

Unlike security updated for Meltdown and Spectre, the security patches for the MDS flaws should have minimal impact on the performance of most of the PCs. We cannot exclude a performance degradation in the case of data center.

Researchers published several research papers (i.e. RIDL, Fallout, ZobieLoad), c) and set up a dedicated website for the attack methods. They also released working PoC code and Video PoC demonstrating the exploitation of the flaws.

Experts also released Windows and Linux tools to test systems against RIDL and Fallout attacks as well as other speculative execution vulnerabilities.

Tech giants already published security advisories for the vulnerabilities, including Microsoft, Google, Apple, and Linux distributions. Microsoft, Google, Apple, and HP have already announced the implementation of measures to mitigate potential attacks.

ARM and AMD processors are not affected. 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MDS, Hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]