Microprocessor Data Sampling (MDS) vulnerabilites (aka "Zombieload")

hardware
security
#1

Over the past year, we have all heard about various hardware-level security vulnerabilities affecting the microprocessors that power our modern infrastructure.

Today, yet another set of vulnerabilities were disclosed, known as Microarchitectural Data Sampling (MDS) . These are similar to those we have seen before, but they involve different parts of the processor.

MDS is in fact a family of vulnerabilities in different (related) components of the processor. Unlike Meltdown, MDS doesn’t allow an attacker to directly control the target memory address from which they would like to leak data. Instead, MDS is a form of "sampling" attack in which an attacker is able to leverage cache side channel analysis in order to repeatedly measure the stale content of certain small internal processor buffers that are used to store data as it is being loaded into the caches or written back to memory. Through a sophisticated statistical analysis, it is possible to then reconstruct the original data.

8 Likes
More Intel CPU vulnerabilities
Intel - new vulnerabilitie CPU - zombie load
#2

there is a new vulnerabilitie

https://www.phoronix.com/scan.php?page=news_item&px=Microarch-Data-Sampling

another step missed by intel ( all CPU until 8 /9 th generation since 2011)

2 Likes
#4

Threads merged. I used the OP with the most detail as the thread parent.

#5

ok thank
but manjaro has already patch for CVE-2018-12130 ?

#6

I dont think so - arch-audit returns nothing for any of the listed CVE's .. but 12130, for example, was only publicly released just today.

[though if it came down as as the microcode from intel any time between then it might be there]

If you (or anyone) knows more, thatd be great.

#7

well this is fun :mask::face_with_hand_over_mouth::shushing_face::sneezing_face::face_with_head_bandage::hugs:

#8

At least Mr. GKH and especially Thomas Gleixner are all over it...

http://lkml.iu.edu/hypermail/linux/kernel/1905.1/05371.html

New kernels inbound.

1 Like
#9

short and nice list from Intel

#10

https://cpu.fail

The only good news that all those vulnerabilities are rather difficult to exploit from my understanding.

#11

For people who are really that worried about this, a notice from philm:

TL;DR:

  • Will try to publish patched kernels and microcodes ASAP;
  • Can't guarantee that the patches in itself won't break things (especially in the beginning), hopefully not.
2 Likes
#12

I built 4.19 this morning, no issues at all.
More patches are certainly incoming, the stable-queue is still relatively empty though.

#13

Quick question after reading some info, should i turn off Hyper-Threading for now as i'm running stable Manjaro and may be waiting a while for update/patches??

#14

Don't panic. The kernels will be updated shortly.

1 Like
#15

And intel microcodes?

#16

This vulnerability already existed for years.
And since you were not exploited then its safe to assume you are safe for quite a while but not fotever

2 Likes
#17

Microcode update is already in Arch testing, so it shouldn't take all too long for them to appear in Manjaro repos.

1 Like
#18

Just worried as it is now all over the internet you know some smuck is going to try to use it, and after downloading the tool from intel and running it, i was shocked at how many vulnerabilites my I7 has.

#19

From my understanding, these vulnerabilities cannot (yet) be exploited by Joe Average Hacker.

We have spectre-meltdown-checker in the repos, but I think it does not yet scan for the "new" MDS vulnerabilities.

#20

No it does not but intel have this tool:

https://mdsattacks.com/

Scroll down for Win/Linux download of tool.

1 Like
#21

New intel ucode is in Arch Testing as of this A.M. https://www.archlinux.org/packages/testing/any/intel-ucode/

2 Likes