Revision as of 18:31, 14 January 2020 edit Francewhoa (talk \| contribs) Extended confirmed users, Pending changes reviewers 2,082 edits Added "ZombieLoad 2" with notable source Tag: Visual edit ← Previous edit		Revision as of 08:59, 6 March 2020 edit undo John of Reading (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 787,576 edits m Typo/general fixes, replaced: Netherland's → Netherlands' Tag: AWB Next edit →
Line 20: \| website = {{URL\|https://mdsattacks.com\|mdsattacks.com}} {{URL\|https://zombieloadattack.com\|ZombieLoadAttack.com}} }} The '''Microarchitectural Data Sampling''' ('''MDS''') [[vulnerability (computing)\|vulnerabilities]] are a set of weaknesses in [[Intel CPUs\|Intel x86 microprocessors]] that use [[hyper-threading]], and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeled '''Fallout''', '''RIDL''' (''Rogue In-Flight Data Load''), '''ZombieLoad'''.,<ref name="new"/><ref>[https://www.heise.de/security/meldung/Spectre-NG-Luecken-OpenBSD-schaltet-Hyper-Threading-ab-4087035.html Spectre-NG-Lücken: OpenBSD schaltet Hyper-Threading ab], heise.de, 2018-06, accessed 2019-09-29</ref><ref>[https://www.youtube.com/watch?v=sDrRvrh16ws&t=75 Let's Talk To Linux Kernel Developer Greg Kroah-Hartman \| Open Source Summit, 2019], TFIR, 2019-09-03</ref>, and '''ZombieLoad 2'''.<ref>{{Cite web\|url=https://www.forbes.com/sites/daveywinder/2019/11/13/zombie-inside-intel-confirms-zombieload-2-security-threat/\|title=Intel Confirms ‘ZombieLoad 2’ Security Threat\|last=Winder\|first=Davey\|date=2019-11-13\|website=[[Forbes]]\|language=en\|url-status=live\|archive-url=https://archive.md/4Bpza\|archive-date=2020-01-14\|access-date=2020-01-14}}</ref> ==Description== Line 35: According to Intel in a May 2019 interview with [[Wired.com\|Wired]], Intel's researchers discovered the vulnerabilities in 2018 before anyone else.<ref name="Greenberg"/> Other researchers had agreed to keep the exploit confidential as well since 2018.<ref name="mdsattacks.com">{{cite web \|url=https://mdsattacks.com \|title=MDS attacks \|website=mdsattacks.com \|access-date=20 May 2019}}</ref> On 14 May 2019, various groups of security researchers, amongst others from Austria's [[Graz University of Technology]], Belgium's [[KU Leuven\|Catholic University of Leuven]], and ~~Netherland~~Netherlands's [[Vrije Universiteit Amsterdam]], in a [[responsible disclosure\|disclosure coordinated]] with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.<ref name="Greenberg"/><ref name="zombieloadattack.com">{{cite web \|url=https://zombieloadattack.com/ \|title=ZombieLoad Attack \|website=zombieloadattack.com \|access-date=14 May 2019}}</ref> Three of the TU Graz researchers were from the group who had discovered [[Meltdown (security vulnerability)\|Meltdown]] and [[Spectre (security vulnerability)\|Spectre]] the year before.<ref name="Greenberg"/> On November 12, 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.<ref>{{Cite web\|url=https://www.theregister.co.uk/2019/11/12/zombieload_cpu_attack/\|title=True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant\|last=at 18:02\|first=Shaun Nichols in San Francisco 12 Nov 2019\|website=www.theregister.co.uk\|language=en\|access-date=2019-11-12}}</ref><ref>{{Cite web\|url=https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/\|title=Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack\|last=Cimpanu\|first=Catalin\|website=ZDNet\|language=en\|access-date=2019-11-12}}</ref>

Microarchitectural Data Sampling: Difference between revisions