Posted on 16.5.2019

ZombieLoad, RIDL, and Fallout – Microarchitectural Data Sampling vulnerabilities

Security update

Intel published this Tuesday on 14th of May a new class of vulnerabilities which are related to the already year-old speculative execution attacks. The newly-disclosed Microarchitectural Data Sampling (MDS) hardware vulnerabilities were found independently by multiple teams and are affecting most modern Intel CPUs.

MDS vulnerability

Microarchitectural Data Sampling (MDS) vulnerabilities

Currently reported vulnerabilities called ZombieLoad, RIDL, and Fallout, as well as a fourth unnamed exploit, take advantage of the speculative execution attacks to allow attackers to leak private data across arbitrary security boundaries on a victim system. Intel has collectively titled these attacks as Microarchitectural Data Sampling, or MDS, side-channel vulnerabilities.

Unlike existing attacks, the new line of attacks can leak arbitrary in-flight data from CPU-internal buffers: Line Fill Buffers, Load Ports, Store Buffers, including data never stored in CPU caches. While MDS is related to the previous speculative execution attacks Specter and Meltdown, in contrast, it does not need to make assumptions about the memory layout in the target data and does not depend on the processor cache.

Leveraging these vulnerabilities, attackers who can run unprivileged code on the victim’s system with an affected Intel CPU, are able to steal data from other programs running on the same machine. According to the researchers, the attack can target shared cloud computing resources as well as personal computers via malicious JavaScript served by infected websites or advertisements.

Fortunately, like with the previous speculative execution vulnerabilities, there is no way to make targeted attacks against specific data or virtual machine. This is due to the guest servers having no way to choose which physical CPU core they use.

A total of 4 MDS related CVEs have been assigned by Intel for the exploits: [MFBDS] CVE-2018-12130[MLPDS] CVE-2018-12127[MDSUM] CVE-2019-11091 and [MSBDS] CVE-2018-12126.

Mitigation in works

We learned of the new vulnerabilities as they were published and immediately began validating available mitigation methods. Intel has already provided CPU microcode updates and recommendations for mitigation strategies for operating systems and hypervisor software. We are working to apply these updates across our infrastructure while also exploring other options for further mitigation. The security updates will not cause interruptions to our users.

According to the researchers, it’s recommended to disable Simultaneous Multi-Threading (SMT), also known as Intel Hyper-Threading Technology. This is reported to significantly reduce the impact of MDS-based attacks without the cost of more complex mitigations. While Hyper-Threading can improve system performance in certain workloads, we are disabling it on all hosts that were still using it to mitigate the vulnerabilities.

These new attacks are able to violate the kernel privacy by extracting information from within it. Moreover, attackers using these vulnerabilities could expose the kernel’s location in the system’s memory, simplifying other exploits. Therefore, we highly recommend all our users to keep their cloud servers up to date on security updates provider for your operating system vendor. We are also upgrading our public templates to make sure all future deployments include the latest security updates to mitigate these attacks.

Should you have any further questions, please don’t hesitate to contact us.

More information:


Janne Ruostemaa


Leave a Reply

Your email address will not be published. Required fields are marked *

The year 2019 at UpCloud in retrospect

The year 2019 has certainly been eventful and we hope you’ve had as a great time along the way as we have. With another amazing year quickly coming to close, we wanted to again take a moment to review what we’ve accomplished over the course of the year. In this end-of-year retrospect, we’ll have a […]

Vision and culture

New Intel CPU vulnerability GDS/Downfall

On August 8, 2023, Intel published a new security vulnerability that exploits Gather Data Sampling (GDS). Named Downfall by its discoverer, it impacts multiple generations of Intel processors used in both personal and cloud computers. Downfall is a transient execution side-channel vulnerability that targets a critical weakness found in many modern Intel processor models. Following the […]


GDPR, ISO 27001 and CISPE Code of Conduct: a guide to European compliance with UpCloud

Headquartered in Helsinki, UpCloud stands at the forefront of the European cloud infrastructure industry, rooted in Finnish traditions of technical and business excellence. Every customer who chooses to partner with us isn’t just selecting a cloud hosting solution; they’re placing their business, their confidence, and their aspirations in the hands of a certified Cloud Service […]


Data Sovereignty

Back to top