Movatterモバイル変換

Microarchitectural Data Sampling

From Wikipedia, the free encyclopedia

CPU vulnerabilities

Microarchitectural Data Sampling
Logo designed for the vulnerabilities, featuring a wounded hand holding a broken microprocessor
CVE identifier(s)	CVE-2018-12126 (Fallout), CVE-2018-12127 (RIDL), CVE-2019-11091 (RIDL, ZombieLoad), CVE-2018-12130 (RIDL, ZombieLoad), CVE-2019-11135 (ZombieLoad v2)
Date discovered	2018^[1]
Date patched	14 May 2019
Discoverer	University of Adelaide Graz University of Technology Catholic University of Leuven Qihoo 360 Cyberus Technology Saarland University Vrije Universiteit Amsterdam Bitdefender Oracle Corporation University of Michigan Worcester Polytechnic Institute^[1]
Affected hardware	Pre-April 2019Intel x86 microprocessors
Website	mdsattacks.comZombieLoadAttack.com

TheMicroarchitectural Data Sampling (MDS)vulnerabilities are a set of weaknesses inIntel x86 microprocessors that usehyper-threading, and leak data across protection boundaries that are architecturally supposed to be secure. The attacks exploiting the vulnerabilities have been labeledFallout,RIDL (Rogue In-Flight Data Load),ZombieLoad.,^[2]^[3]^[4] andZombieLoad 2.^[5]

Description

[edit]

The vulnerabilities are in the implementation ofspeculative execution, which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of readingdata buffers found between different parts of the processor.^[1]^[2]^[6]^[7]

Microarchitectural Store Buffer Data Sampling (MSBDS),CVE-2018-12126
Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127
Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130
Microarchitectural Data Sampling Uncacheable Memory (MDSUM), CVE-2019-11091
Transactional Asynchronous Abort (TAA),CVE-2019-11135

Not all processors are affected by all variants of MDS.^[8]

History

[edit]

According to Intel in a May 2019 interview withWired, Intel's researchers discovered the vulnerabilities in 2018 before anyone else.^[1] Other researchers had agreed to keep the exploit confidential as well since 2018.^[9]

On 14 May 2019, various groups of security researchers, amongst others from Austria'sGraz University of Technology, Belgium'sCatholic University of Leuven, and Netherlands'Vrije Universiteit Amsterdam, in adisclosure coordinated with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.^[1]^[6] Three of the TU Graz researchers were from the group who had discoveredMeltdown andSpectre the year before.^[1]

On 12 November 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.^[10]^[11]

Impact

[edit]

According to varying reports, Intel processors dating back to 2011^[12] or 2008^[1] are affected, and the fixes may be associated with aperformance drop.^[13]^[14] Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.^[1]

Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disablehyperthreading.^[1]^[15] Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.^[16]

Mitigation

[edit]

Fixes tooperating systems,virtualization mechanisms,web browsers andmicrocode are necessary.^[1] As of 14 May 2019^[update], applying available updates on an affected PC system was the most that could be done to mitigate the issues.^[17]

Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.^[1]
On 14 May 2019, a mitigation was released for theLinux kernel,^[18] andApple,Google,Microsoft, andAmazon released emergency patches for their products to mitigate ZombieLoad.^[19]
On 14 May 2019,Intel published a security advisory on its website detailing its plans to mitigate ZombieLoad.^[7]

References

[edit]

^^a ^b ^c ^d ^e ^f ^g ^h ⁱ ^j ^kGreenberg, Andy (2019-05-14)."Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs".WIRED. Retrieved2019-05-14.
^^a ^bIlascu, Ionut (2019-05-14)."New RIDL and Fallout Attacks Impact All Modern Intel CPUs". Bleeping Computer. Retrieved2019-05-14.
^Spectre-NG-Lücken: OpenBSD schaltet Hyper-Threading ab, heise.de, 2018-06, accessed 2019-09-29
^Let's Talk To Linux Kernel Developer Greg Kroah-Hartman | Open Source Summit, 2019, TFIR, 2019-09-03
^Winder, Davey (2019-11-13)."Intel Confirms 'ZombieLoad 2' Security Threat".Forbes.Archived from the original on 2020-01-14. Retrieved2020-01-14.
^^a ^b"ZombieLoad Attack".zombieloadattack.com. Retrieved2019-05-14.
^^a ^b"INTEL-SA-00233".Intel. Retrieved2019-05-14.
^"Microarchitectural Data Sampling".The Linux kernel user's and administrator's guide. 2019-05-14.
^"MDS attacks".mdsattacks.com. Retrieved2019-05-20.
^Nichols, Shaun (2019-11-12)."True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant".www.theregister.co.uk. Retrieved2019-11-12.
^Cimpanu, Catalin."Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack".ZDNet. Retrieved2019-11-12.
^Whittaker, Zach (2019-05-14)."New secret-spilling flaw affects almost every Intel chip since 2011".TechCrunch. Retrieved2019-05-14.
^"Intel Zombieload bug fix to slow data centre computers".BBC News. 2019-05-15. Retrieved2019-05-15.
^Larabel, Michael (2019-05-24)."Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload".Phoronix. Retrieved2019-05-25.
^Mah Ung, Gordan (2019-05-15)."Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down".PC World. Retrieved2019-05-15.
^Kastrenakes, Jacob (2019-05-14)."ZombieLoad attack lets hackers steal data from Intel chips".The Verge. Retrieved2019-05-15.
^O'Neill, Patrick Howell (2019-05-14)."What To Do About the Nasty New Intel Chip Flaw".Gizmodo. Retrieved2019-05-15.
^"ChangeLog-5.1.2".The Linux Kernel Archives. 2019-05-14.Archived from the original on 2019-05-15. Retrieved2019-05-15.
^Whittaker, Zach."Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws".TechCrunch. Retrieved2019-05-14.

External links

[edit]

v t e Speculative execution security vulnerabilities
Variants	Bounds Check Bypass (Spectre, Variant 1) Bounds Check Bypass Store (Spectre-NG) Branch Target Injection (Spectre, Variant 2) Downfall Foreshadow Lazy FP state restore (Spectre-NG) Load value injection Microarchitectural Data Sampling Pacman Retbleed Rogue Data Cache Load (Meltdown, Variant 3) Rogue System Register Read (Spectre-NG, Variant 3a) Speculative Store Bypass (Spectre-NG, Variant 4) Spoiler
Topics	Cache side-channel attack Hardware security bug Speculative execution Transient execution CPU vulnerability

Speculative execution security vulnerabilities

Variants

Topics

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Groups

Individuals

Majorvulnerabilities
publiclydisclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt Project Sauron
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet