Disclosure date: Published date: |
Severity rating: |
Industry-wide severity ratings can be found in the National Vulnerability Database |
Severity and Score
CVE | Name | Severity | Score |
---|---|---|---|
CVE-2018-12126 | Microarchitectural Store Buffer Data Sampling | Medium | 6.5 |
CVE-2018-12130 | Microarchitectural Fill Buffer Data Sampling | Medium | 6.5 |
CVE-2018-12127 | Microarchitectural Load Port Data Sampling | Medium | 6.5 |
CVE-2019-11091 | Microarchitectural Data Sampling Uncacheable Memory | Low | 3.8 |
Aliases
- Zombieload
- RIDL
- Fallout
Related Content
INTEL-SA-00233
Intel Analysis of Microarchitectural Data Sampling
List of processors potentially affected by Microarchitectural Data Sampling
Microcode revision guidance
Overview
Under certain conditions, data in microarchitectural structures that the currently-running software does not have permission to access may be speculatively accessed by faulting or assisting load or store operations. This does not result in incorrect program execution because these operations never complete, and their results are never returned to software. However, software may be able to forward this speculative-only data to a side channel disclosure gadget in a way that potentially allows malicious actors to infer the data.
Microarchitectural data sampling (MDS) includes CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, (6.5 Medium CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and CVE-2019-11091 (3.8 Low CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). MDS speculative execution side channel methods can be used to expose data in the following microarchitectural structures:
- Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
- Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130
- Microarchitectural Load Port Data Sampling (MLPDS) CVE-2018-12127
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091
MDS only refers to methods that involve microarchitectural structures other than the level 1 data cache (L1D) and thus does not include Rogue Data Cache Load (RDCL) or L1 Terminal Fault (L1TF). Store buffers, fill buffers, and load ports are much smaller than the L1D, and therefore hold less data and are overwritten more frequently. It is also more difficult to use MDS methods to infer data that is associated with a specific memory address, so malicious actors may need to collect significant amounts of data and analyze it to locate any protected data.
Mitigation
Some current processors and future processors will have microarchitectural data sampling methods mitigated in the hardware. For processors that are affected, the mitigation for microarchitectural data sampling issues includes overwriting store buffers, fill buffers, and load ports before transitioning to possibly less-privileged code.
There are two methods to clear microarchitectural structures affected by MDS: MD_CLEAR functionality1 and software sequences. On processors that enumerate MD_CLEAR 2, developers can use the VERW instruction or L1D_FLUSH command3 to cause the processor to overwrite buffer values that are affected by MDS, as these instructions are preferred to the software sequences.
Details of how to implement these mitigation methods, as well as mitigation information for hyperthreaded environments, can be found in Intel Analysis of Microarchitectural Data Sampling.
OS and Driver Developers
The OS can execute the VERW instruction to overwrite any protected data in affected buffers when transitioning from ring 0 to ring 3. This will overwrite protected data in the buffers that could belong to the kernel or other applications.
OS developers can find more information on implementing the VERW instruction and more on System Management Mode (SMM), refer to Intel Analysis of Microarchitectural Data Sampling.
Virtual Machine Monitor Developers
The VMM can execute either the VERW instruction or the L1D_FLUSH command3 before entering a guest VM. This will overwrite protected data in the buffers that could belong to the VMM or other VMs. VMMs that already use the L1D_FLUSH command before entering guest VMs to mitigate L1TF may not need further changes beyond loading a microcode update that enumerates MD_CLEAR.
For further details, refer to Intel Analysis of Microarchitectural Data Sampling.
Developers of Software Running in an Enclave
When entering or exiting Intel® Software Guard Extensions (Intel® SGX) enclaves, processors that enumerate support for MD_CLEAR
1 will automatically overwrite affected data buffers.
For further details, refer to Intel Analysis of Microarchitectural Data Sampling.
System Administrators
Always keep your systems up to date with the latest security updates, and follow the guidance from your OS and VMM vendors.
Footnotes
- CPUID.(EAX=7H,ECX=0):EDX[MD_CLEAR=10]
- Some processors may only enumerate MD_CLEAR after microcode updates.
- On processors that enumerate both CPUID.(EAX=7H,ECX=0):EDX[MD_CLEAR=10] and CPUID.(EAX=7H,ECX=0):EDX[L1D_FLUSH=28]
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources