Microarchitectural Data Sampling
   HOME

TheInfoList



Click Here for Items Related To - Microarchitectural Data Sampling
OR:
Microarchitectural Data Sampling on:   [Wikipedia]   [Google]   [Amazon]

The Microarchitectural Data Sampling (MDS)
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
are a set of weaknesses in
Intel x86 microprocessors Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 series ...
that use
hyper-threading Hyper-threading (officially called Hyper-Threading Technology or HT Technology and abbreviated as HTT or HT) is Intel's proprietary simultaneous multithreading (SMT) implementation used to improve parallelization of computations (doing multip ...
, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled Fallout, RIDL (''Rogue In-Flight Data Load''), ZombieLoad., and ZombieLoad 2.


Description

The vulnerabilities are in the implementation of
speculative execution Speculative execution is an optimization technique where a computer system performs some task that may not be needed. Work is done before it is known whether it is actually needed, so as to prevent a delay that would have to be incurred by doing t ...
, which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading
data buffer In computer science, a data buffer (or just buffer) is a region of a memory used to temporarily store data while it is being moved from one place to another. Typically, the data is stored in a buffer as it is retrieved from an input device (such a ...
s found between different parts of the processor. * Microarchitectural Store Buffer Data Sampling (MSBDS), * Microarchitectural Load Port Data Sampling (MLPDS), * Microarchitectural Fill Buffer Data Sampling (MFBDS), * Microarchitectural Data Sampling Uncacheable Memory (MDSUM), *Transactional Asynchronous Abort (TAA)
CVE-2019-11135
Not all processors are affected by all variants of MDS.


History

According to Intel in a May 2019 interview with
Wired ''Wired'' (stylized as ''WIRED'') is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San Fra ...
, Intel's researchers discovered the vulnerabilities in 2018 before anyone else. Other researchers had agreed to keep the exploit confidential as well since 2018. On 14 May 2019, various groups of security researchers, amongst others from Austria's
Graz University of Technology Graz University of Technology (german: link=no, Technische Universität Graz, short ''TU Graz'') is one of five universities in Styria, Austria. It was founded in 1811 by Archduke John of Austria and is the oldest science and technology research ...
, Belgium's
Catholic University of Leuven University of Leuven or University of Louvain (french: Université de Louvain, link=no; nl, Universiteit Leuven, link=no) may refer to: * Old University of Leuven (1425–1797) * State University of Leuven (1817–1835) * Catholic University of ...
, and Netherlands'
Vrije Universiteit Amsterdam The Vrije Universiteit Amsterdam (abbreviated as ''VU Amsterdam'' or simply ''VU'' when in context) is a public research university in Amsterdam, Netherlands, being founded in 1880. The VU Amsterdam is one of two large, publicly funded research ...
, in a disclosure coordinated with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad. Three of the TU Graz researchers were from the group who had discovered
Meltdown Meltdown may refer to: Science and technology * Nuclear meltdown, a severe nuclear reactor accident * Meltdown (security vulnerability), affecting computer processors * Mutational meltdown, in population genetics Arts and entertainment Music * Me ...
and
Spectre Spectre, specter or the spectre may refer to: Religion and spirituality * Vision (spirituality) * Apparitional experience * Ghost Arts and entertainment Film and television * ''Spectre'' (1977 film), a made-for-television film produced and writ ...
the year before. On 12 November 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.


Impact

According to varying reports, Intel processors dating back to 2011 or 2008 are affected, and the fixes may be associated with a
performance A performance is an act of staging or presenting a play, concert, or other form of entertainment. It is also defined as the action or process of carrying out or accomplishing an action, task, or function. Management science In the work place ...
drop. Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks. Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable hyperthreading. Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.


Mitigation

Fixes to
operating systems An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also inc ...
,
virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...
mechanisms,
web browsers A web browser is application software for accessing websites. When a User (computing), user requests a web page from a particular website, the browser retrieves its Computer file, files from a web server and then displays the page on the user' ...
and
microcode In processor design, microcode (μcode) is a technique that interposes a layer of computer organization between the central processing unit (CPU) hardware and the programmer-visible instruction set architecture of a computer. Microcode is a laye ...
are necessary. , applying available updates on an affected PC system was the most that could be done to mitigate the issues. *Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities. *On 14 May 2019, a mitigation was released for the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
, and
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
,
Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...
,
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
, and
Amazon Amazon most often refers to: * Amazons, a tribe of female warriors in Greek mythology * Amazon rainforest, a rainforest covering most of the Amazon basin * Amazon River, in South America * Amazon (company), an American multinational technology c ...
released emergency patches for their products to mitigate ZombieLoad. *On 14 May 2019,
Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...
published a security advisory on its website detailing its plans to mitigate ZombieLoad.


See also

*
Transient execution CPU vulnerabilities Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The classic example is Spe ...
*
Hardware security bug In digital computing, hardware security bugs are hardware bugs or flaws that create vulnerabilities affecting computer central processing units (CPUs), or other devices which incorporate programmable processors or logic and have direct memory acce ...


References


Further reading


Original papers by the researchers

* * * * *


Information from processor manufacturers

* *


External links


Official disclosure website of ZombieLoad

RIDL and Fallout: MDS attacks
''
Vrije Universiteit Amsterdam The Vrije Universiteit Amsterdam (abbreviated as ''VU Amsterdam'' or simply ''VU'' when in context) is a public research university in Amsterdam, Netherlands, being founded in 1880. The VU Amsterdam is one of two large, publicly funded research ...
'' {{Portal bar, Business and economics Speculative execution security vulnerabilities Hardware bugs Intel x86 microprocessors Side-channel attacks 2019 in computing X86 architecture X86 memory management