Posted on 16.5.2019

ZombieLoad, RIDL, and Fallout – Microarchitectural Data Sampling vulnerabilities

Security update

Intel published this Tuesday on 14th of May a new class of vulnerabilities which are related to the already year-old speculative execution attacks. The newly-disclosed Microarchitectural Data Sampling (MDS) hardware vulnerabilities were found independently by multiple teams and are affecting most modern Intel CPUs.

MDS vulnerability

Microarchitectural Data Sampling (MDS) vulnerabilities

Currently reported vulnerabilities called ZombieLoad, RIDL, and Fallout, as well as a fourth unnamed exploit, take advantage of the speculative execution attacks to allow attackers to leak private data across arbitrary security boundaries on a victim system. Intel has collectively titled these attacks as Microarchitectural Data Sampling, or MDS, side-channel vulnerabilities.

Unlike existing attacks, the new line of attacks can leak arbitrary in-flight data from CPU-internal buffers: Line Fill Buffers, Load Ports, Store Buffers, including data never stored in CPU caches. While MDS is related to the previous speculative execution attacks Specter and Meltdown, in contrast, it does not need to make assumptions about the memory layout in the target data and does not depend on the processor cache.

Leveraging these vulnerabilities, attackers who can run unprivileged code on the victim’s system with an affected Intel CPU, are able to steal data from other programs running on the same machine. According to the researchers, the attack can target shared cloud computing resources as well as personal computers via malicious JavaScript served by infected websites or advertisements.

Fortunately, like with the previous speculative execution vulnerabilities, there is no way to make targeted attacks against specific data or virtual machine. This is due to the guest servers having no way to choose which physical CPU core they use.

A total of 4 MDS related CVEs have been assigned by Intel for the exploits: [MFBDS] CVE-2018-12130[MLPDS] CVE-2018-12127[MDSUM] CVE-2019-11091 and [MSBDS] CVE-2018-12126.

Mitigation in works

We learned of the new vulnerabilities as they were published and immediately began validating available mitigation methods. Intel has already provided CPU microcode updates and recommendations for mitigation strategies for operating systems and hypervisor software. We are working to apply these updates across our infrastructure while also exploring other options for further mitigation. The security updates will not cause interruptions to our users.

According to the researchers, it’s recommended to disable Simultaneous Multi-Threading (SMT), also known as Intel Hyper-Threading Technology. This is reported to significantly reduce the impact of MDS-based attacks without the cost of more complex mitigations. While Hyper-Threading can improve system performance in certain workloads, we are disabling it on all hosts that were still using it to mitigate the vulnerabilities.

These new attacks are able to violate the kernel privacy by extracting information from within it. Moreover, attackers using these vulnerabilities could expose the kernel’s location in the system’s memory, simplifying other exploits. Therefore, we highly recommend all our users to keep their cloud servers up to date on security updates provider for your operating system vendor. We are also upgrading our public templates to make sure all future deployments include the latest security updates to mitigate these attacks.

Should you have any further questions, please don’t hesitate to contact us.

More information:

 

Janne Ruostemaa

Editor-in-Chief

Leave a Reply

Your email address will not be published. Required fields are marked *

Comparing managed databases in the cloud: AWS vs. DigitalOcean vs. UpCloud

With the wide-scale migration of SMEs onto cloud infrastructure, managed services have become increasingly popular. They work as a natural extension to the offerings of Infrastructure-as-a-Service companies as a suite of services on a single platform. Cloud customers can look to further benefit from the expertise of their cloud provider by adopting managed services. But […]

Comparisons

Disaster recovery planning to help avoid data loss in worst-case scenarios

Data-driven businesses would be in trouble if hit by major data loss which highlights the importance of disaster recovery planning.

Long reads

Databases in the cloud: The advantages of going cloud-native

In this second post, in our series about hosting database in the cloud, we'll dive into the cloud-native databases.

Long reads

Back to top