Microarchitectural Data Sampling: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 03:32, 31 July 2019 edit UnitedStatesian (talk \| contribs) Extended confirmed users, Page movers, New page reviewers, Pending changes reviewers, Template editors 245,593 edits Importing Wikidata short description: "CPU vulnerabilities" (Shortdesc helper) ← Previous edit		Latest revision as of 09:03, 13 June 2025 edit undo Maxeto0910 (talk \| contribs) Extended confirmed users 117,108 edits no sentence Tags: Mobile edit Mobile web edit Advanced mobile edit
(30 intermediate revisions by 23 users not shown)
Line 1: {{short description\|CPU vulnerabilities}} {{See also\|Transient execution CPU vulnerability}} {{Use dmy dates\|date=May 2019\|cs1-dates=y}} {{Infobox bug \| name = Microarchitectural Data Sampling \| image = ZombieLoad Attack logo square.svg ~~\| image_size =~~ \| alt = \| caption = Logo designed for the vulnerabilities, featuring a wounded hand holding a broken microprocessor ~~\| caption =~~ \| screenshot = \| screenshot_size = \| screenshot_alt = \| screenshot_caption = \| CVE = {{CVE\|2018-12126}} (Fallout),<br />{{CVE\|~~CVE-~~2018-12127\|link=no}} (RIDL),<br />{{CVE\|2019-11091\|link=no}} (RIDL, ZombieLoad),<br />{{CVE\|2018-12130\|link=no}} (RIDL, ZombieLoad),<br />{{CVE\|2019-11135\|link=no}} (ZombieLoad v2) \| discovered = 2018<ref name="Greenberg"/> \| patched = 14 May 2019 Line 18 ⟶ 19: \| affected software = \| used by = \| website = {{URL\|https://mdsattacks.com\|mdsattacks.com}} {{URL\|https://zombieloadattack.com\|ZombieLoadAttack.com}} }} The '''Microarchitectural Data Sampling''' ('''MDS''') [[vulnerability (computing)\|vulnerabilities]] are a set of weaknesses in [[Intel CPUs\|Intel x86 microprocessors]] that use [[hyper-threading]], and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled '''Fallout''', '''RIDL''' (''Rogue In-Flight Data Load'') ~~and~~, '''ZombieLoad'''.,<ref name="new"/><ref>[https://www.heise.de/security/meldung/Spectre-NG-Luecken-OpenBSD-schaltet-Hyper-Threading-ab-4087035.html Spectre-NG-Lücken: OpenBSD schaltet Hyper-Threading ab], heise.de, 2018-06, accessed 2019-09-29</ref><ref>[https://www.youtube.com/watch?v=sDrRvrh16ws&t=75 Let's Talk To Linux Kernel Developer Greg Kroah-Hartman \| Open Source Summit, 2019], TFIR, 2019-09-03</ref> and '''ZombieLoad 2'''.<ref>{{Cite web\|url=https://www.forbes.com/sites/daveywinder/2019/11/13/zombie-inside-intel-confirms-zombieload-2-security-threat/\|title=Intel Confirms 'ZombieLoad 2' Security Threat\|last=Winder\|first=Davey\|date=2019-11-13\|website=[[Forbes]]\|language=en\|url-status=live\|archive-url=https://archive.today/20200114182955/https://www.forbes.com/sites/kateoflahertyuk/2020/01/14/new-citrix-security-alert-us-government-issues-test-tool-for-serious-flaw/%2352628b892865\|archive-date=14 January 2020\|access-date=2020-01-14}}</ref> ==Description== The vulnerabilities are in the implementation of [[speculative execution]], which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading [[data buffer]]s found between different parts of the processor.<ref name="Greenberg"/><ref name="new">{{cite web \|url=https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-impact-all-modern-intel-cpus/ \|title=New RIDL and Fallout Attacks Impact All Modern Intel CPUs \|author-first=Ionut \|author-last=Ilascu \|publisher=Bleeping Computer \|date=14 May 2019 \|access-date=14 May 2019}}</ref><ref name="zombieloadattack.com" /><ref name="sa-00233"/> * Microarchitectural Store Buffer Data Sampling (MSBDS), ({{CVE\|2018-12126}}) * Microarchitectural Load Port Data Sampling (MLPDS), ({{CVE\|2018-12127\|link=no}} * Microarchitectural Fill Buffer Data Sampling (MFBDS), {{CVE\|2018-12130\|link=no}} * Microarchitectural Data Sampling Uncacheable Memory (MDSUM), {{CVE\|2019-11091\|link=no}}) Transactional Asynchronous Abort (TAA), [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 CVE-2019-11135] Not all processors are affected by all variants of MDS.<ref name="linux-mds">{{cite web \|title=Microarchitectural Data Sampling \|url=https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html \|date=2019-05-14 \|work=The Linux kernel ~~user’s~~user's and ~~administrator’s~~administrator's guide}}</ref> ==History== According to Intel in a May 2019 interview with [[Wired.com\|Wired]], Intel's researchers discovered the vulnerabilities in 2018 before anyone else.<ref name="Greenberg"/> Other researchers had agreed to keep the exploit confidential as well since 2018.<ref name="mdsattacks.com">{{cite web \|url=https://mdsattacks.com \|title=MDS attacks \|website=mdsattacks.com \|access-date=20 May 2019}}</ref> On 14 May 2019, various groups of security researchers, amongst others from Austria's [[Graz University of Technology]], Belgium's [[KU Leuven\|Catholic University of Leuven]], and ~~Netherland~~Netherlands's [[Vrije Universiteit Amsterdam]], in a [[responsible disclosure\|disclosure coordinated]] with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.<ref name="Greenberg"/><ref name="zombieloadattack.com">{{cite web \|url=https://zombieloadattack.com/ \|title=ZombieLoad Attack \|website=zombieloadattack.com \|access-date=14 May 2019}}</ref> Three of the TU Graz researchers were from the group who had discovered [[Meltdown (security vulnerability)\|Meltdown]] and [[Spectre (security vulnerability)\|Spectre]] the year before.<ref name="Greenberg"/> On 12 November 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.<ref>{{Cite web\|url=https://www.theregister.co.uk/2019/11/12/zombieload_cpu_attack/\|title=True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant\|first=Shaun\|last=Nichols\|date=12 November 2019\|website=www.theregister.co.uk\|language=en\|access-date=2019-11-12}}</ref><ref>{{Cite web\|url=https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/\|title=Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack\|last=Cimpanu\|first=Catalin\|website=ZDNet\|language=en\|access-date=2019-11-12}}</ref> ==Impact== According to varying reports, Intel processors dating back to 2011<ref>{{cite ~~web~~news \|url=~~http~~https://~~social.~~techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/ \|title=New secret-spilling flaw affects almost every Intel chip since 2011 \|author-first=Zach \|author-last=Whittaker \|~~publisher~~work=TechCrunch \|date=14 May 2019 \|access-date=14 May 2019}}</ref> or 2008<ref name="Greenberg"/> are affected, and the fixes may be associated with a [[computer performance\|performance]] drop.<ref name="BBC-20190515">{{cite news \|author=<!-- Staff --> \|title=Intel Zombieload bug fix to slow data centre computers \|url=https://www.bbc.com/news/technology-48278400 \|date=15 May 2019 \|work=[[BBC News]] \|access-date=15 May 2019}}</ref><ref name="PH-20190524">{{cite news \|author-last=Larabel \|author-first=Michael \|title=Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload \|url=https://www.phoronix.com/scan.php?page=article&item=sandy-fx-zombieload&num=1 \|date=24 May 2019 \|work=[[Phoronix]] \|access-date=25 May 2019}}</ref> Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.<ref name="Greenberg">{{cite news \|author-first1=Andy \|author-last1=Greenberg \|url=https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/ \|title=Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs \|newspaper=[[WIRED]] \|date=14 May 2019 \|access-date=14 May 2019}}</ref> Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable [[hyperthreading]].<ref name="Greenberg"/><ref name="PCW-20190515">{{cite news \|author-last=Mah Ung \|author-first=Gordan \|title=Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down \|url=https://www.pcworld.com/article/3395439/intel-hyper-threading-zombieload-cpu-exploit.html \|date=15 May 2019 \|work=[[PC World]] \|access-date=15 May 2019}}</ref> Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.<ref name="steal data">{{cite web \|url=https://www.theverge.com/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution \|title=ZombieLoad attack lets hackers steal data from Intel chips \|author-first=Jacob \|author-last=Kastrenakes \|~~publisher~~website=[[The Verge]] \|date=14 May 2019 \|access-date=15 May 2019}}</ref> ==Mitigation== Fixes to [[operating systems]], [[virtualization]] mechanisms, [[web browsers]] and [[microcode]] are necessary.<ref name="Greenberg"/> ~~Microcode is the implementation of processor instructions on the processor itself, and updates require a firmware patch,<ref name="Greenberg"/> also known as [[BIOS]] or [[UEFI]], to the motherboard.~~ {{As of\|2019\|05\|14}}, applying available updates on an affected PC system was the most that could be done to mitigate the issues.<ref name="GZM-20190514">{{cite news \|author-last=O'Neill \|author-first=Patrick Howell \|title=What To Do About the Nasty New Intel Chip Flaw \|url=https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126 \|date=14 May 2019 \|work=[[Gizmodo]] \|access-date=15 May 2019}}</ref> Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.<ref name="Greenberg"/> On 14 May 2019, a mitigation was released for the [[Linux kernel]],<ref>{{Cite web \|url=https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 \|title=ChangeLog-5.1.2 ~~\|author-last= \|author-first=~~ \|date=14 May 2019 \|website=The Linux Kernel Archives \|archive-url=https://web.archive.org/web/20190515071751/https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 \|archive-date=15 May 2019 \|~~dead-~~url-status=nolive \|access-date=15 May 2019}}</ref> and [[Apple Inc.\|Apple]], [[Google]], [[Microsoft]], and [[Amazon (company)\|Amazon]] released emergency patches for their products to mitigate ZombieLoad.<ref>{{cite ~~web~~news \|url=~~http~~https://~~social.~~techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ \|title=Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws \|author-first=Zach \|author-last=Whittaker \|~~publisher~~work=TechCrunch \|access-date=14 May 2019}}</ref> On 14 May 2019, [[Intel]] published a security advisory on its website detailing its plans to mitigate ZombieLoad.<ref name="sa-00233">{{cite web \|url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html \|title=INTEL-SA-00233 \|website=Intel \|access-date=14 May 2019}}</ref> == See also == * [[Hardware security bug]]▼ * [[Transient execution CPU vulnerabilities]] ▲* [[Hardware security bug]] == References == Line 57 ⟶ 62: == Further reading == === Original papers by the researchers === * {{cite ~~paper~~web \|title=ZombieLoad: Cross-Privilege-Boundary Data Sampling \|author-first1=Michael \|author-last1=Schwarz \|author-first2=Moritz \|author-last2=Lipp \|author-first3=Daniel \|author-last3=Moghimi \|author-first4=Jo \|author-last4=Van Bulck \|author-first5=Julian \|author-last5=Stecklina \|author-first6=Thomas \|author-last6=Prescher \|author-first7=Daniel \|author-last7=Gruss ~~\|format=[[PDF]]~~ \|url=https://zombieloadattack.com/zombieload.pdf \|date=2019-05-14}} * {{cite ~~paper~~web \|title=RIDL: Rogue In-Flight Data Load \|author-first1=Stephan \|author-last1=van Schaik \|author-first2=Alyssa \|author-last2=Milburn \|author-first3=Sebastian \|author-last3=Österlund \|author-first4=Pietro \|author-last4=Frigo \|author-first5=Giorgi \|author-last5=Maisuradze \|author-first6=Kaveh \|author-last6=Razavi \|author-first7=Herbert \|author-last7=Bos \|author-first8=Cristiano \|author-last8=Giuffrida ~~\|format=[[PDF]]~~ \|url=https://mdsattacks.com/files/ridl.pdf \|date=2019-05-14}} * {{cite ~~paper~~web \|title=Fallout: Reading Kernel Writes From User Space \|author-first1=Marina \|author-last1=Minkin \|author-first2=Daniel \|author-last2=Moghimi \|author-first3=Moritz \|author-last3=Lipp \|author-first4=Michael \|author-last4=Schwarz \|author-first5=Jo \|author-last5=Van Bulck \|author-first6=Daniel \|author-last6=Genkin \|author-first7=Daniel \|author-last7=Gruss \|author-first8=Frank \|author-last8=Piessens \|author-first9=Berk \|author-last9=Sunar \|author-first10=Yuval \|author-last10=Yarom ~~\|format=[[PDF]]~~ \|url=https://mdsattacks.com/files/fallout.pdf \|date=2019-05-14}} * {{cite ~~paper~~web \|title=ZombieLoad: Cross Privilege-Boundary Data Leakage \|author-first1=Jacek \|author-last1=Galowicz \|author-first2=Thomas \|author-last2=Prescher \|author-first3=Julian \|author-last3=Stecklina \|url=https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html \|publisher=Cyberus Technology GmbH \|date=2019-05-14}} * {{cite web \|url=https://cpu.fail/ \|title=cpu.fail \|date=2019-05-14 \|publisher=[[Graz University of Technology]]}} Line 73 ⟶ 78: {{Speculative execution exploits}} {{Hacking in the 2010s}} {{Portal bar\|Business and economics~~\|Computer science\|Microsoft\|Software~~}} ~~[[Category:Speculative execution security vulnerabilities]]~~ [[Category:~~Computer~~Transient ~~security~~execution ~~exploits~~CPU vulnerabilities]] ~~[[Category:Hardware bugs]]~~ [[Category:Intel x86 microprocessors]] [[Category:~~Side-channel~~2019 ~~attacks~~in computing]] ~~[[Category:2019 in computer science]]~~ ~~[[Category:X86 architecture]]~~ [[Category:X86 memory management]]