Intel has warned of a quartet of serious security vulnerabilities in processors going back more than a decade, dubbed Microarchitecture Data Sampling (MDS) by Intel and RIDL, Fallout, and ZombieLoad by the researchers which discovered them.

The growing complexity of modern microprocessors coupled with the constant need to showcase improved performance with each generation finally came to a head early last year with the discovery of Meltdown and Spectre, two hardware vulnerabilities which allowed unprivileged processes to infer the contents of protected memory - effectively allowing any program running on an affected computer to read data including passwords and security certificate keys. While some of the vulnerabilities exploited by Spectre and Meltdown affected processors from AMD and Arm, the majority targeted flaws in Intel's processors - and were followed by mitigation patches which sapped performance and outright crashed systems. While Intel eventually rolled out stable fixes, though still with measurable performance impacts in many cases, it has since been fighting a string of similar vulnerabilities including Spectre Next Generation, Spectre 4, Spectre 1.1 and 1.2, SpectreRSB, NetSpectre, and more.

Now Intel has four more vulnerabilities to add to its headaches, collectively termed Microarchitectural Data Sampling (MDS) vulnerabilities by Intel and given the 'friendly' names ZombieLoad, RIDL, and Fallout by the researchers who discovered them.

ZombieLoad, discovered by members of the team who first found Meltdown and Spectre, is similar in concept to Meltdown: Data which is pre-loaded into the processor as a performance enhancement can be read by other processes running on the same physical core, unless Hyper-Threading - which allows two threads to run simultaneously on a single physical core - is disabled.

RIDL - Rogue In-Flight Data Load - by contrast leaks information across security domains through an analysis of the CPU pipeline, allowing unprivileged code - including JavaScript code running in a browser - to access data from programs running on the same machine, including privileged kernel memory, memory allocated to virtual machines, and memory supposedly protected by Intel's Software Guard Extensions (SGX) secure enclave.

Fallout, finally, details a means of leaking data from store buffers. Embarrassingly, mitigations introduced in Intel's latest Coffee Lake Refresh Core i9 processors are said by the researchers to make the system more vulnerable to Fallout compared with older-generation hardware.

Taken together, the three exploits against four vulnerabilities cover processors dating from 2008 to the present day. Intel has confirmed it has released microcode updates, or plans to release updates, for a range of processor families - but that it does not plan to release any patches for products in its Anniedale, Moorefield, Arrandale, Bloomfield, Bloomfield Xeon, Broxton, Clarkdale, Clarkdale Xeon, Gulftown, Harpertown Xeon CO and EO, Jasper Forest, Knights Landing, Knights Mill, Lynnfield, Lynnfield Xeon, Tangeir, Merrifield, Nehalem EP, WS, and EX, Penryn, Westmere WP, WS, and EX, Wolfdale C0, M0, E0, R0, Wolfdale Xeon C0 and E0, Yorkfield, and Yorkfield Xeon families - leaving them all vulnerable to attack.

Software vendors, meanwhile, have begun rolling out software mitigations for the new vulnerabilities, including patches from Microsoft released as part of last night's Patch Tuesday Update cycle. Those using Intel processors are advised to ensure that they are running the latest updates for their operating systems, and to disable Hyper-Threading if there is any concern about whether a patch is available for a given system.

Those interested in deeper technical details, meanwhile, can find links to CVE entries on the Intel advisory page and to details on ZombieLoad, RIDL, and Fallout on the website.

Discuss this in the forums
Mod of the Month April 2019 in Association with Corsair

May 8 2019 | 13:30