Chips

Zombieload, Fallout, and 2 Other CPU Flaws Have Intel on the Hop

The high-tech industry once again is in a tizzy over flaws discovered in Intel CPUs. Four microarchitectural data sampling (MDS) vulnerabilities came to light on Tuesday.

MDS is a sub-class of previously disclosed vulnerabilities that sample data leaked from small structures within the CPU using a locally executed speculative execution side channel.

The four newly identified flaws:

  • Zombieload, or RIDL — Microarchitectural Fill Buffer Data Sampling (MFBDS) – CVE-2018-12130 – Lets authenticated users use store buffers as an attack vector;
  • Fallout — Microarchitectural Store Buffer Data Sampling (MSBDS) – CVE-2018-12126 – Lets authenticated users use store buffers as an attack vector;
  • Microarchitectural Load Port Data Sampling (MLPDS) – CVE-2018-12127 – Lets authenticated users use load ports as an attack vector; and
  • Microarchitectural Data Sampling Uncacheable Memory (MDSUM) – CVE-2018-11091 – Lets authenticated users leverage uncacheable memory as an attack vector.

Zombieload, Fallout and CVE-2018-12127 have a base score of 6.5, based on the industry standard Common Vulnerability Storing System (CVSS), which is a medium rating; CVE-2018-11091 has a base score of 3.8, which is low.

The practical exploitation of MDS flaws is a very complex undertaking, according to Intel, and MDS by itself does not provide an attacker with a way to target specific data being leaked.

Still, “if you get enough random data, you could run an analysis with AI and figure things out,” suggested Rob Enderle, principal analyst at the Enderle Group.

“The regulations don’t say you’re OK if there’s a breach and the data stolen is random,” he told TechNewsWorld.

Attacks could be launched through the use of malicious JavaScript in a Web page — a common enough attack technique — or from a co-located virtual machine in the cloud.

Consumers needn’t worry, however, according to Kevin Krewell, principal analyst at Tirias Research.

“From what I’ve read, MDS is a complex set of attacks, and is not something that would be used to target a typical consumer PC,” he told TechNewsWorld.”The MDS attack is an attack on virtual machine (hypervisor) architectures most associated with servers, not client PCs.”

Intel said it was not aware of any reported real-world exploits of the four vulnerabilities so far.

About Speculative Execution

Speculative execution is a technique used by most modern high-performance processors to improve performance by executing instructions before knowing they are required. Think of it as a good assistant anticipating your instructions and carrying them out in advance.

Speculative execution reduces latency and extracts greater parallelism. Its results can be discarded if the instructions later fare ound to be unnecessary, although the predictions usually are correct, according to Intel.

Speculative operations do not affect the processor’s architectural state, but they can impact the microarchitectural state, including information stored in translation lookaside buffers and caches.

Side-channel methods work by measuring microarchitectural properties about a system. Side channels have no direct influence on the execution of a program, and they do not permit modification or deletion of data.

Fixes Available

Intel and other high-tech companies affected — operating system vendors, virtual machine monitor (VMM) vendors, and other software developers — have issued patches for the MDS flaws.

Intel’s microcode is available on GitHub.

Microsoft has released software updates to help mitigate the vulnerabilities. Apple has released a security patch for macOS Mojave. Amazon’s AWS cloud service reportedly has been patched, and Google has patched Chromebooks.

Intel recommends that end users and system administrators should check with their system manufacturers and system software vendors, and apply any available updates as soon as practical.

Applying the Intel, OS and hypervisor software updates should have minimal impact on most PC client applications, Intel said, but performance or resource utilization may be affected on some data center workloads.

Customers who have applied the updates but cannot guarantee their systems are running trusted software and who are using simultaneous multi-threading should consider how they use SMT for their particular workloads, Intel advised. They also should get guidance from their OS and VMM software providers, as well as consider the security threat model for their particular environment.

Intel has not recommended disabling Intel HT (hyper-threading) because that step alone would not provide protection against MDS.

MDS is addressed in hardware starting with select 8th- and 9th-generation Intel Core processors and the 2nd-generation Intel Xeon Scalable processor family. Future Intel processors will include hardware mitigations to address these vulnerabilities.

Fallout From the Flaws

“Every modern high-performance processor uses speculative execution,” Tirias’ Krewell said, “but not all speculative execution designs are the same. For example, AMD has not seen as many problems as Intel has — and to date, AMD believes it is not affected by MDS.”

Intel CPUs have been hit by speculative execution vulnerabilities before. Three vulnerabilities discovered last summer impacted Intel’s software guard extensions (SGX) technology, its OS and system management mode (SMM), and its hypervisor software. Those flaws had high severity ratings.

Speculative execution apparently opens the door to hard vulnerabilities that cannot be fixed outright but can be mitigated. That’s like incurring permanent damage from a broken leg and having to use a crutch for the rest of your life.

The benefits of speculative execution — at least, the benefits of Intel’s implementation — have been called into question.

“Speculative execution does allow CPUs to have higher performance, but these exploits are crippling the processors and reducing their performance,” Enderle observed.

The patches may create other problems, he pointed out. “Having to install them is like your buying a 250HP car and reducing the engine’s output to 175HP because there are problems. At some point, customers will ask for their money back, because they’re not getting what they paid for.”

Intel’s woes are “a huge boon for AMD,” Enderle said. “We were talking to Dell and other AMD customers, and they’re going to start using more AMD CPUs.”

Richard Adhikari

Richard Adhikari has been an ECT News Network reporter since 2008. His areas of focus include cybersecurity, mobile technologies, CRM, databases, software development, mainframe and mid-range computing, and application development. He has written and edited for numerous publications, including Information Week and Computerworld. He is the author of two books on client/server technology. Email Richard.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels