Intel has published information about a new class of vulnerabilities in its processors - MDS (Microarchitectural Data Sampling). Like past Specter attacks, the new issues could lead to leakage of proprietary data from the operating system, virtual machines, and foreign processes. It is alleged that the problems were first identified by Intel employees and partners during an internal audit. In June and August 2018, information about problems was also provided to Intel by independent researchers, after which almost a year of joint work was carried out with manufacturers and operating system developers to identify possible attack vectors and deliver fixes. AMD and ARM processors are not affected by the problem.
Identified vulnerabilities:
CVE-2018-12126 - MSBDS (Microarchitectural Store Buffer Data Sampling), recovery of the contents of storage buffers. Used in the Fallout attack. The degree of danger is determined to be 6.5 points (CVSS);
CVE-2018-12127 - MLPDS (Microarchitectural Load Port Data Sampling), recovery of load port contents. Used in the RIDL attack. CVSS 6.5;
CVE-2018-12130 - MFBDS (Microarchitectural Fill Buffer Data Sampling), recovery of fill buffer contents. Used in ZombieLoad and RIDL attacks. CVSS 6.5;
CVE-2019-11091 β MDSUM (Microarchitectural Data Sampling Uncacheable Memory), recovery of uncacheable memory contents. Used in the RIDL attack. CVSS 3.8.
Source: linux.org.ru