Intel information about the new in their processors (Microarchitectural Data Sampling). Like past Specter attacks, new problems can lead to the leakage of sensitive operating system data, virtual machines, and other processes. It is alleged that the problems were first identified by Intel employees and partners during an internal audit, after which independent researchers reported similar problems to Intel. AMD and ARM processors are not affected by the problem.
Based on the identified problems by researchers from the Graz Technical University (Austria) several practical side-channel attacks:
- () - allows you to extract confidential information from other processes, the operating system, virtual machines and protected enclaves (TEE, Trusted Execution Environment). For example, the ability to determine the history of opening pages in the Tor browser running in another virtual machine, as well as determining the access keys and passwords used in applications, was demonstrated;
- () - allows you to organize the leakage of information between various isolated areas in Intel processors, such as fill buffers, storage buffers, and boot ports. Examples of the attack are shown for organizing leaks from other processes, the operating system, virtual machines and protected enclaves. For example, it shows how to find out the contents of the root password hash from /etc/shadow during periodic authentication attempts (the attack took 24 hours);
In addition, an example of an attack using JavaScript and WebAssembly is shown when opening a malicious page in the SpiderMonkey engine (in modern full-fledged browsers, such an attack is unlikely due to timer accuracy limitations and measures to protect against Specter);
- () - makes it possible to read data recently written by the operating system and determine the OS memory layout to simplify other attacks;
- - exploits CPU optimizations for working with the storage buffer and can be used to bypass the kernel address space randomization (KASLR) mechanism, to monitor the state of the operating system, or to leaks in combination with gadgets based on Specter methods.
Revealed :
- CVE-2018-12126 - MSBDS (Microarchitectural Store Buffer Data Sampling), restoring the contents of store buffers. Used in Fallout attacks. The degree of danger is defined as 6.5 points (CVSS);
- CVE-2018-12127 - MLPDS (Microarchitectural Load Port Data Sampling), Load Port Content Recovery. Used in the RIDL attack. CVSS 6.5;
- CVE-2018-12130 - MFBDS (Microarchitectural Fill Buffer Data Sampling), restoring the contents of fill buffers. Used in ZombieLoad and RIDL attacks. CVSS 6.5;
- CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM), restoring the contents of non-cached memory. Used in the RIDL attack. CVSS 3.8.
identified problems in the ability to apply analysis methods through third-party channels to data in microarchitectural structures that applications do not have direct access to. We are talking about such low-level structures as fill buffers (Line Fill Buffer), storage buffers (Store Buffer) and loading ports (Load Port), which are smaller constituent blocks than the first level cache (L1D), the data load cache (RDCL ) or L1TF (L1 Terminal Fault), and accordingly include less information and are updated more intensively.
Third-party attacks on microarchitectural structures are much more difficult to carry out compared to cache recovery methods and require tracking and analyzing significant amounts of data to determine their relationship with certain addresses in memory (in fact, an attacker cannot purposefully intercept certain data, and may take a long time to time to accumulate leaks and apply statistical methods to reconstruct certain types of data). In addition, the attack only affects data on the same physical CPU core as the attacker's code.
The proposed methods for determining the contents of microarchitectural structures are based on the fact that these structures are used in speculative exception handling (fault) or load and store operations.
In speculative execution, the contents of internal structures are redirected to the registers or cache for processing. The speculative operations are not completed and the result is discarded, but redirected content can be determined using third-party cache parsing techniques.
Load ports are used by the processor to receive data from memory or the I/O subsystem and provide the received information to CPU registers. Due to the implementation peculiarity, data from old load operations remains in the ports until they are overwritten with new data, which allows you to indirectly determine the state of the data in the load port using manipulations with exceptions (fault) and SSE / AVX / AVX-512 instructions that load more than 64 bits data. Under such conditions, load operations speculatively expose stale data values from internal structures to dependent operations. Similarly, a leak is organized through the storage buffer used to speed up writing to the CPU cache and includes a table of addresses, values and flags, as well as through the fill buffer, which contains data that is not yet in the L1 cache (cache-miss), for the duration of their loading from caches of other levels.
Problem Intel processor models manufactured since 2011 (starting from the 6th generation). At the same time, hardware vulnerabilities are blocked starting from some models of the 8th and 9th generations of Intel Core and 2nd generations of Intel Xeon Scalable (you can check through the ARCH_CAP_MDS_NO bit in the IA32_ARCH_CAPABILITIES MSR) . Vulnerabilities are also already at the level of firmware, microcode and operating systems. Intel estimates performance loss after hotfix activation for most users 3%. When Hyper-Threading technology is disabled, performance degradation can reach up to 9% in the SPECint_rate_base test, up to 11% with active integer calculations, and up to 19% when running server Java applications (with HT enabled, there is almost no performance degradation). Fixes have little to no performance impact on I/O operations.
In the Linux kernel, MDS protection in today's 5.1.2, 5.0.16,
4.19.43, 4.14.119 and 4.9.176. Protection method on clearing the contents of microarchitectural buffers at the time of return from the kernel to user space or when control is transferred to the guest system, for which the VERW instruction is used. The protection requires support for the MD_CLEAR mode, implemented in the latest microcode update. For complete protection, it is also recommended to disable Hyper Threading. To test system exposure to vulnerabilities in the Linux kernel handler "/sys/devices/system/cpu/vulnerabilities/mds". To control the activation of various vulnerability blocking modes, the "mds=" parameter has been added to the kernel, which can take the values "full", "full,nosmt" (disabling Hyper-Threads), "vmwerv" and "off".
Package updates have already been released for и , but are still unavailable for , и .
Fix for blocking data leaks from virtual machines also for the Xen hypervisor. A microcode update is sufficient to protect virtualization systems that call the L1D_FLUSH command before transferring control to another virtual machine and to protect Intel SGX enclaves.
Source: opennet.ru