Microarchitectural Data Sampling

The vulnerabilities are in the implementation of speculative execution, which is where the processor tries to guess what instructions may be needed next. They exploit the possibility of reading data buffers found between different parts of the processor.{{cite web |url=https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-impact-all-modern-intel-cpus/ |title=New RIDL and Fallout Attacks Impact All Modern Intel CPUs |author-first=Ionut |author-last=Ilascu |publisher=Bleeping Computer |date=14 May 2019 |access-date=14 May 2019}}

• Microarchitectural Store Buffer Data Sampling (MSBDS), {{CVE|2018-12126}}
• Microarchitectural Load Port Data Sampling (MLPDS), {{CVE|2018-12127|link=no}}
• Microarchitectural Fill Buffer Data Sampling (MFBDS), {{CVE|2018-12130|link=no}}
• Microarchitectural Data Sampling Uncacheable Memory (MDSUM), {{CVE|2019-11091|link=no}}
• Transactional Asynchronous Abort (TAA), [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11135 CVE-2019-11135]

Not all processors are affected by all variants of MDS.{{cite web |title=Microarchitectural Data Sampling |url=https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html |date=2019-05-14 |work=The Linux kernel user's and administrator's guide}}

According to Intel in a May 2019 interview with Wired, Intel's researchers discovered the vulnerabilities in 2018 before anyone else. Other researchers had agreed to keep the exploit confidential as well since 2018.{{cite web |url=https://mdsattacks.com |title=MDS attacks |website=mdsattacks.com |access-date=20 May 2019}}

On 14 May 2019, various groups of security researchers, amongst others from Austria's Graz University of Technology, Belgium's Catholic University of Leuven, and Netherlands' Vrije Universiteit Amsterdam, in a disclosure coordinated with Intel, published the discovery of the MDS vulnerabilities in Intel microprocessors, which they named Fallout, RIDL and ZombieLoad.{{cite web |url=https://zombieloadattack.com/ |title=ZombieLoad Attack |website=zombieloadattack.com |access-date=14 May 2019}} Three of the TU Graz researchers were from the group who had discovered Meltdown and Spectre the year before.

On 12 November 2019, a new variant of the ZombieLoad attack, called Transactional Asynchronous Abort, was disclosed.{{Cite web|url=https://www.theregister.co.uk/2019/11/12/zombieload_cpu_attack/|title=True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant|first=Shaun|last=Nichols|date=12 November 2019|website=www.theregister.co.uk|language=en|access-date=2019-11-12}}{{Cite web|url=https://www.zdnet.com/article/intels-cascade-lake-cpus-impacted-by-new-zombieload-v2-attack/|title=Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=2019-11-12}}

According to varying reports, Intel processors dating back to 2011{{cite news |url=https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/ |title=New secret-spilling flaw affects almost every Intel chip since 2011 |author-first=Zach |author-last=Whittaker |work=TechCrunch |date=14 May 2019 |access-date=14 May 2019}} or 2008 are affected, and the fixes may be associated with a performance drop.{{cite news |author= |title=Intel Zombieload bug fix to slow data centre computers |url=https://www.bbc.com/news/technology-48278400 |date=15 May 2019 |work=BBC News |access-date=15 May 2019}}{{cite news |author-last=Larabel |author-first=Michael |title=Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload |url=https://www.phoronix.com/scan.php?page=article&item=sandy-fx-zombieload&num=1 |date=24 May 2019 |work=Phoronix |access-date=25 May 2019}} Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.{{cite news |author-first1=Andy |author-last1=Greenberg |url=https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/ |title=Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs |newspaper=WIRED |date=14 May 2019 |access-date=14 May 2019}}

Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable hyperthreading.{{cite news |author-last=Mah Ung |author-first=Gordan |title=Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down |url=https://www.pcworld.com/article/3395439/intel-hyper-threading-zombieload-cpu-exploit.html |date=15 May 2019 |work=PC World |access-date=15 May 2019}} Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.{{cite web |url=https://www.theverge.com/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution |title=ZombieLoad attack lets hackers steal data from Intel chips |author-first=Jacob |author-last=Kastrenakes |website=The Verge |date=14 May 2019 |access-date=15 May 2019}}

Fixes to operating systems, virtualization mechanisms, web browsers and microcode are necessary.

{{As of|2019|05|14}}, applying available updates on an affected PC system was the most that could be done to mitigate the issues.{{cite news |author-last=O'Neill |author-first=Patrick Howell |title=What To Do About the Nasty New Intel Chip Flaw |url=https://gizmodo.com/what-to-do-about-the-new-intel-chip-flaw-1834759126 |date=14 May 2019 |work=Gizmodo |access-date=15 May 2019}}

• Intel incorporated fixes in its processors starting shortly before the public announcement of the vulnerabilities.
• On 14 May 2019, a mitigation was released for the Linux kernel,{{Cite web |url=https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 |title=ChangeLog-5.1.2 |date=14 May 2019 |website=The Linux Kernel Archives |archive-url=https://web.archive.org/web/20190515071751/https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 |archive-date=15 May 2019 |url-status=live |access-date=15 May 2019}} and Apple, Google, Microsoft, and Amazon released emergency patches for their products to mitigate ZombieLoad.{{cite news |url=https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ |title=Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws |author-first=Zach |author-last=Whittaker |work=TechCrunch |access-date=14 May 2019}}
• On 14 May 2019, Intel published a security advisory on its website detailing its plans to mitigate ZombieLoad.{{cite web |url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html |title=INTEL-SA-00233 |website=Intel |access-date=14 May 2019}}

• Transient execution CPU vulnerabilities
• Hardware security bug

{{Reflist}}

• {{cite web |title=ZombieLoad: Cross-Privilege-Boundary Data Sampling |author-first1=Michael |author-last1=Schwarz |author-first2=Moritz |author-last2=Lipp |author-first3=Daniel |author-last3=Moghimi |author-first4=Jo |author-last4=Van Bulck |author-first5=Julian |author-last5=Stecklina |author-first6=Thomas |author-last6=Prescher |author-first7=Daniel |author-last7=Gruss |url=https://zombieloadattack.com/zombieload.pdf |date=2019-05-14}}
• {{cite web |title=RIDL: Rogue In-Flight Data Load |author-first1=Stephan |author-last1=van Schaik |author-first2=Alyssa |author-last2=Milburn |author-first3=Sebastian |author-last3=Österlund |author-first4=Pietro |author-last4=Frigo |author-first5=Giorgi |author-last5=Maisuradze |author-first6=Kaveh |author-last6=Razavi |author-first7=Herbert |author-last7=Bos |author-first8=Cristiano |author-last8=Giuffrida |url=https://mdsattacks.com/files/ridl.pdf |date=2019-05-14}}
• {{cite web |title=Fallout: Reading Kernel Writes From User Space |author-first1=Marina |author-last1=Minkin |author-first2=Daniel |author-last2=Moghimi |author-first3=Moritz |author-last3=Lipp |author-first4=Michael |author-last4=Schwarz |author-first5=Jo |author-last5=Van Bulck |author-first6=Daniel |author-last6=Genkin |author-first7=Daniel |author-last7=Gruss |author-first8=Frank |author-last8=Piessens |author-first9=Berk |author-last9=Sunar |author-first10=Yuval |author-last10=Yarom |url=https://mdsattacks.com/files/fallout.pdf |date=2019-05-14}}
• {{cite web |title=ZombieLoad: Cross Privilege-Boundary Data Leakage |author-first1=Jacek |author-last1=Galowicz |author-first2=Thomas |author-last2=Prescher |author-first3=Julian |author-last3=Stecklina |url=https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html |publisher=Cyberus Technology GmbH |date=2019-05-14}}
• {{cite web |url=https://cpu.fail/ |title=cpu.fail |date=2019-05-14 |publisher=Graz University of Technology}}

• {{cite web |publisher=Intel |title=Side Channel Vulnerability Microarchitectural Data Sampling |url=https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html |date=2019-05-14}}
• {{cite web |publisher=Intel |title=Deep Dive: Intel Analysis of Microarchitectural Data Sampling |url=https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling |date=2019-05-14}}

• [https://zombieloadattack.com/ Official disclosure website of ZombieLoad]
• [https://mdsattacks.com/ RIDL and Fallout: MDS attacks] Vrije Universiteit Amsterdam

{{Speculative execution exploits}}

{{Hacking in the 2010s}}

{{Portal bar|Business and economics}}

Category:Transient execution CPU vulnerabilities

Category:Intel x86 microprocessors

Category:2019 in computing

Category:X86 memory management