Vector Register Sampling / CVE-2020-0548 , CVE 2020-8696 / INTEL-SA-00329

ID 660231
Updated 1/27/2020
Version Latest
Public

author-image

By

Disclosure date:
2020-01-27

Published date:
2020-01-27

Severity rating:
2.8 Low
Industry-wide severity ratings can be found
in the National Vulnerability Database

Related Content

Microcode Update Guidance for INTEL-SA-00329
INTEL-SA-00329
Blog: Data Leakage Advisory
List of processors potentially affected by Vector Register Sampling
Affected Processors: Transient Execution Attacks by Product CPU
Introduction to Speculative Execution Side Channel Methods
Details on Intel's microcode update process

Overview

A speculative execution side channel variant known as Vector Register Sampling may allow the partial data values of some vector operations to be inferred under a specific set of complex conditions that include vector operations executing after a period of vector inactivity. Vector register sampling has been assigned CVE-2020-0548 with CVSS 2.8 CVSS 3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N. A related variant with similar characteristics has been termed Vector Register Sampling - Active. This variant is based on a different underlying mechanism, which does not rely on vector instruction activity after a period of vector instruction inactivity, but the potential data exposure is similar.  Vector Register Sampling - Active has been assigned CVE 2020-8696 with CVSS score 2.5 CVSS vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N.   

On some processors, under certain microarchitectural conditions, partial data values previously read from a vector register on a physical core may be propagated into unused portions of the store buffer. On processors affected by Microarchitectural Data Sampling (MDS) or Transactional Asynchronous Abort (TAA), data from a store buffer entry may be inferred using one of these data sampling side channel methods. Using the MDS or TAA methods, it may be possible for malicious actors to infer data values from previously read vector registers. The vector register sampling method is not believed to affect processors that are not affected by MDS or TAA1.

Malicious software may be able to use vector register sampling to infer vector data used by previously run software, or to infer vector data used by software running on a sibling hyperthread on the same physical core, possibly even in the presence of MD_CLEAR operations.

The vector register sampling method has a smaller scope than MDS for several reasons:

  • Vector register sampling can only potentially infer the upper bits of vector registers and not generic contents of store operations or cache fills.
  • Vector register sampling can only potentially occur as a subset of the store buffer MDS method (MSBDS) as it relies on the MSBDS method to infer the store buffer contents. Thus, vector register sampling only affects hardware that is also potentially impacted by MSBDS or TAA.
  • Additionally, because the stale data is typically that of a recent vector operation, it may be unlikely for data to propagate across an MD_CLEAR operation. Intel has replicated this technique only under synthetic conditions when running on a sibling hyperthread on the same core as the victim’s hyperthread, not across an MD_CLEAR operation.

Software that is mitigated against MDS methods both already performs an MD_CLEAR operation before running untrusted software, and already helps prevent possibly malicious software from running on the sibling hyperthread of a potential victim.

Mitigation

Intel has released microcode updates for affected processors which will help ensure that MD_CLEAR operations (for example, a VERW instruction) will prevent older vector register data from being propagated into unused portions of the store buffer. When the microcode update is released, software can discover if the microcode update contains the mitigation by checking that the patch revision number matches or is greater than the corresponding revision number in the Affected Processors table.

On processors not yet updated to mitigate vector register sampling, SMT scheduling restrictions may reduce the risk of cross-thread secret data exposure. The vector register sampling method cannot be performed on processors that are not affected by MDS or TAA1.

Processors that are affected by only TAA and not MDS2 can mitigate this issue by disabling Intel® Transactional Synchronization Extensions (Intel® TSX) through the IA32_TSX_CTRL MSR. Disabling Intel® TSX will help prevent malicious software from inferring store buffer contents and thus also help prevent vector register sampling.

Footnotes

  1. For example, because IA32_ARCH_CAPABILITIES[MDS_NO] is enumerated and Intel TSX is disabled.
  2. Processors that enumerate MDS_NO.
 
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources