Intel has disclosed information about a new class of data leaks through the microarchitectural structures of processors, which allow, through the manipulation of the MMIO (Memory Mapped Input Output) mechanism, to determine the information processed on other CPU cores. For example, vulnerabilities allow extraction of data from other processes, Intel SGX enclaves, or virtual machines. The vulnerabilities are specific to Intel CPUs only; processors from other manufacturers are not affected by the vulnerabilities.
Vulnerabilities appear in various Intel CPUs, including processors based on Haswell, Skylake, IceLake, Broadwell, Lakefield, Kabylake, Cometlake, and Rocketlake microarchitectures, as well as Xeon EP/EX, Scalable, and some Atom server processors. An attack requires access to MMIO, which, for example, can be obtained in virtualization systems that provide the ability to access MMIO for guest systems controlled by the attacker. The fix may also be required for systems using standalone Intel SGX (Software Guard Extensions) enclaves.
Blocking the vulnerability requires both a microcode update and the use of additional software protection methods based on the use of the VERW instruction to clear the contents of microarchitectural buffers at the time of returning from the kernel to user space or when control is transferred to the guest system. Similar protection is also used to block previously identified attacks of the MDS (Microarchitectural Data Sampling), SRBDS (Special Register Buffer Data Sampling) and TAA (Transactional Asynchronous Abort) classes.
On the microcode side, the changes required to implement security are proposed in the May microcode update for Intel CPUs (IPU 2022.1). In the Linux kernel, protection against a new class of attacks is included in releases 5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319. To check the system's susceptibility to vulnerabilities in MMIO and to assess the activity of certain protection mechanisms, the file "/sys/devices/system/cpu/vulnerabilities/mmio_stale_data" has been added to the Linux kernel. To control the activation of protection, the kernel boot parameter "mmio_stale_data" is implemented, which can take the values ββ"full" (enable buffer flushing when switching to user space and in the VM), "full,nosmt" (as "full" + SMT / Hyper- Threads) and "off" (protection disabled). Separate fixes are offered for the Xen hypervisor and the Qubes operating system.
The essence of the identified class of vulnerabilities is that some operations lead to copying or moving data left after execution on other CPU cores from one microarchitectural buffer to another. Vulnerabilities in MMIO allow this residual data to be transferred from isolated microarchitectural buffers to application-visible registers or CPU buffers. Three methods have been identified for extracting residual data via MMIO:
- DRPW (Device Register Partial Write, CVE-2022-21166) - An issue with incorrect handling of write operations to some MMIO registers. If the size of the data being written is less than the size of the register, then the residual information from the fill buffers is also copied to the register. As a result, a process that initiated an incomplete write operation to the MMIO register may receive data left in microarchitectural buffers after operations performed on other CPU cores.
- SBDS (Shared Buffers Data Sampling, CVE-2022-21125) - Leakage of residual data from the fill buffer bound to the core, which fell as a result of moving from intermediate buffers common to all cores.
- SBDR (Shared Buffers Data Read, CVE-2022-21123) - The problem is similar to SBDS, but differs in that residual data can get into CPU structures visible to applications. SBDS and SBDR issues only occur on client processors and on the Intel Xeon E3 server family.
Source: opennet.ru