Posted on 16.5.2019

ZombieLoad, RIDL, and Fallout – Microarchitectural Data Sampling vulnerabilities

Security update

Intel published this Tuesday on 14th of May a new class of vulnerabilities which are related to the already year-old speculative execution attacks. The newly-disclosed Microarchitectural Data Sampling (MDS) hardware vulnerabilities were found independently by multiple teams and are affecting most modern Intel CPUs.

Mds Vulnerability

Microarchitectural Data Sampling (MDS) vulnerabilities

Currently reported vulnerabilities called ZombieLoad, RIDL, and Fallout, as well as a fourth unnamed exploit, take advantage of the speculative execution attacks to allow attackers to leak private data across arbitrary security boundaries on a victim system. Intel has collectively titled these attacks as Microarchitectural Data Sampling, or MDS, side-channel vulnerabilities.

Unlike existing attacks, the new line of attacks can leak arbitrary in-flight data from CPU-internal buffers: Line Fill Buffers, Load Ports, Store Buffers, including data never stored in CPU caches. While MDS is related to the previous speculative execution attacks Specter and Meltdown, in contrast, it does not need to make assumptions about the memory layout in the target data and does not depend on the processor cache.

Leveraging these vulnerabilities, attackers who can run unprivileged code on the victim’s system with an affected Intel CPU, are able to steal data from other programs running on the same machine. According to the researchers, the attack can target shared cloud computing resources as well as personal computers via malicious JavaScript served by infected websites or advertisements.

Fortunately, like with the previous speculative execution vulnerabilities, there is no way to make targeted attacks against specific data or virtual machine. This is due to the guest servers having no way to choose which physical CPU core they use.

A total of 4 MDS related CVEs have been assigned by Intel for the exploits: [MFBDS] CVE-2018-12130[MLPDS] CVE-2018-12127[MDSUM] CVE-2019-11091 and [MSBDS] CVE-2018-12126.

Mitigation in works

We learned of the new vulnerabilities as they were published and immediately began validating available mitigation methods. Intel has already provided CPU microcode updates and recommendations for mitigation strategies for operating systems and hypervisor software. We are working to apply these updates across our infrastructure while also exploring other options for further mitigation. The security updates will not cause interruptions to our users.

According to the researchers, it’s recommended to disable Simultaneous Multi-Threading (SMT), also known as Intel Hyper-Threading Technology. This is reported to significantly reduce the impact of MDS-based attacks without the cost of more complex mitigations. While Hyper-Threading can improve system performance in certain workloads, we are disabling it on all hosts that were still using it to mitigate the vulnerabilities.

These new attacks are able to violate the kernel privacy by extracting information from within it. Moreover, attackers using these vulnerabilities could expose the kernel’s location in the system’s memory, simplifying other exploits. Therefore, we highly recommend all our users to keep their cloud servers up to date on security updates provider for your operating system vendor. We are also upgrading our public templates to make sure all future deployments include the latest security updates to mitigate these attacks.

Should you have any further questions, please don’t hesitate to contact us.

Janne Ruostemaa

Editor-in-Chief

Leave a Reply

Your email address will not be published. Required fields are marked *

Comprehensive guide to secure and highly available cloud server backups

In today’s digital landscape, cloud server backups are critical for data protection and part of an essential disaster recovery plan. Threats to data security and business systems can be digital and physical, ranging from cyber-attacks and hardware failures to the impacts of climate change or global unrest.  Data, an essential business asset, can be lost […]

Comparisons

Long reads

The year 2019 at UpCloud in retrospect

The year 2019 has certainly been eventful and we hope you’ve had as a great time along the way as we have. With another amazing year quickly coming to close, we wanted to again take a moment to review what we’ve accomplished over the course of the year. In this end-of-year retrospect, we’ll have a […]

Vision and culture

Mitigating the Leaky Vessels Container Escape vulnerabilities

On January 31st 2024, the Snyk Security Labs team identified multiple vulnerabilities, now called “Leaky Vessels”, affecting software components used on Kubernetes infrastructure to run and manage containers. Our users’ security is our top priority, and we take this matter very seriously. These vulnerabilities can be used for container escapes – to gain access to […]

Announcements

Product Updates

Back to top