Content deleted Content added
Roper Klacks (talk | contribs) Replace attack nicknames with Intel's vulnerability names, remove descriptions as they don't clarify anything |
|||
Line 19:
| website = {{URL|https://zombieloadattack.com|ZombieLoadAttack.com}}
}}
The '''Microarchitectural Data Sampling''' ('''MDS''') [[vulnerability (computing)|vulnerabilities]] are a set of weaknesses in [[Intel CPUs|Intel x86 microprocessors]] that leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled '''Fallout''', '''RIDL''' (''Rogue In-Flight Data Load'') and '''ZombieLoad'''.<ref name="new" />
==Description==
The vulnerabilities are in the implementation of [[speculative execution]], which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading [[data buffer]]s found between different parts of the processor.<ref name="Greenberg" /><ref name="new">{{cite web|url=https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-impact-all-modern-intel-cpus/|title=New RIDL and Fallout Attacks Impact All Modern Intel CPUs|author=Ionut Ilascu|publisher=Bleeping Computer|date=14 May 2019|accessdate=14 May 2019}}</ref><ref name="zombieloadattack.com" /><ref name="sa-00233" />
* Microarchitectural Store Buffer Data Sampling (MSBDS) ({{CVE|2018-12126}})
* Microarchitectural Load Port Data Sampling (MLPDS) ({{CVE|2018-12127}}
* Microarchitectural Fill Buffer Data Sampling (MFBDS) {{CVE|2018-12130}}
* Microarchitectural Data Sampling Uncacheable Memory (MDSUM) {{CVE|2019-11091}})
==History==
Line 42 ⟶ 45:
*Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.<ref name="Greenberg" />
*On 14 May 2019, a mitigation was released for the [[Linux kernel]],<ref>{{Cite web|url=https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2|title=ChangeLog-5.1.2|last=|first=|date=14 May 2019|website=The Linux Kernel Archives|archive-url=https://web.archive.org/web/20190515071751/https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2|archive-date=15 May 2019|dead-url=no|access-date=15 May 2019}}</ref> and [[Apple Inc.|Apple]], [[Google]], [[Microsoft]], and [[Amazon (company)|Amazon]] released emergency patches for their products to mitigate ZombieLoad.<ref>{{cite web|url=http://social.techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/|title=Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws|author=Zach Whittaker|publisher=TechCrunch||accessdate=14 May 2019}}</ref>
*On 14 May 2019, [[Intel]] published a security advisory on its website detailing its plans to mitigate ZombieLoad.<ref name="sa-00233">{{cite web|url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html|title=INTEL-SA-00233|website=Intel|accessdate=14 May 2019}}</ref>
== See also ==
Line 62 ⟶ 65:
* {{cite web|ref=harv|publisher=Intel|title=Side Channel Vulnerability Microarchitectural Data Sampling|url=https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html|date=2019-05-14}}
* {{cite web|ref=harv|publisher=Intel|title=Deep Dive: Intel Analysis of Microarchitectural Data Sampling|url=https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling|date=2019-05-14}}
▲* {{cite web|ref=harv|title=Microarchitectural Data Sampling|url=https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html|date=2019-05-14|work=The Linux kernel user’s and administrator’s guide}}
== External links ==
| |||