Intel's 'ZombieLoad' Fixes May Slow Processors by 9 PercentCPUs Shipped From 2011 Onward Have Flaws of the Meltdown and Spectre Variety
Researchers have identified fresh flaws in Intel processors that attackers could exploit to steal private data from PCs and servers, including cloud environments.
See Also: Top 50 Security Threats
The vulnerabilities, dubbed "ZombieLoad" by the researchers who discovered them, could be used to steal sensitive data from affected systems.
Intel refers to the vulnerabilities as microarchitectural data sampling, or MDS, which can be exploited by attackers to access data being used not just by applications, but also containers and virtual machines.
"MDS may allow a malicious user who can locally execute code on a system to infer the values of protected data otherwise protected by architectural mechanisms," Intel says in a technical deep dive.
"This flaw is particularly dangerous for Intel-based public clouds running untrusted workloads in shared-tenancy environments," Red Hat warns in a security alert.
Users of Android, Chrome, iOS, Linux, MacOS and Windows operating systems, among others, are potentially at risk. Numerous operating system vendors have begun shipping patches, and Intel has also begun to release microcode updates.
Security experts say the patches will help prevent the vulnerabilities from being exploited, but that the only way to fully block attacks outright is to disable hyperthreading, Intel's implementation of simultaneous multithreading that improves a CPU's power and performance by giving it the ability to perform multiple tasks at the same time.
Intel says that disabling hyperthreading may reduce processor performance by up to 9 percent, particularly in some cloud environments.
Data-Sampling Attack Risk
ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss at Austria's Graz University of Technology, together with Jo Van Bulck at Belgium's KU Leuven, who have created a website devoted to the vulnerabilities and published a research paper.
"ZombieLoad is a novel category of side-channel attacks which we refer to as data-sampling attack," the researchers say in a Tuesday blog post. "While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys."
ZombieLoad comprises four vulnerabilities:
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
The researchers say any "modern Intel Core or Xeon CPU" released from 2011 onward is likely vulnerable.
They have published ZombieLand proof-of-concept exploit code to GitHub.
Life After Spectre and Meltdown
The ZombieLoad research follows January 2018 warnings over Spectre and Meltdown. Both are flaws in predictive computing, a concept that dates from 1967 but which wasn't put into practice until the 1990s. Since then, the technique has been used to increase the speed of computers in a manner that is built into CPU hardware, including chips manufactured by Intel, AMD and ARM.
The discovery of new CPU flaw isn't surprising, given that researchers have continued to pummel modern processors looking for more vulnerabilities (see: Expect More Cybersecurity 'Meltdowns').
Intel Says It Discovered Flaws
Security experts say MDS can be used to target three different microprocessor structures:
- Store buffer attack (aka Fallout): Targeting temporary buffers that hold store addresses and data.
- Fill buffer attack (aka RIDL): Targeting temporary buffers between CPU caches.
- Load port attack: Targeting temporary buffers used when loading data into registers.
"Microcode patches are available for the store buffer attack, but to fully protect against the fill buffer and load port variants, IT administrators must disable Intel Hyper-Threading," Red Hat says.
Whether the ZombieLand vulnerabilities have been exploited in the wild remains unknown.
Intel says that attempting to use MDS methods to infer data would likely be difficult and potentially time-consuming. "Malicious actors may need to collect significant amounts of data and analyze it to locate any protected data," it says.
Intel told Wired that its own researchers discovered the MDS vulnerabilities last year. The processor manufacturing giant on Tuesday began shipping microcode updates designed to block these vulnerabilities from being exploited by clearing data from CPUs more quickly. Some current processors already have built-in mitigations.
"Some current processors and future processors will have microarchitectural data sampling methods mitigated in the hardware," Intel says. "For processors that are affected, the mitigation for microarchitectural data sampling issues includes overwriting store buffers, fill buffers, and load ports before transitioning to possibly less-privileged code."
Vendors Push Patches
Microsoft on Tuesday released software updates to mitigate the vulnerabilities. "To get all available protections, firmware (microcode) and software updates are required," Microsoft says. "This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services."
So far, however, patches for some versions of Windows 10, Windows Server and Windows Server 2019 have yet to ship.
Amazon and Google say they've already applied patches in their cloud environments, while Apple included fixes as part of recent Mojave (10.14) and Safari updates and Red Hat and VMware pushed updates.
Google says it has opted against trying to mitigate MDS vulnerabilities in Chrome and advises users to use OS-level mitigations.
The researchers who discovered the flaws say that there are multiple ways to partially mitigate the risk that the vulnerabilities can be exploited.
"The safest workaround to prevent this extremely powerful attack is running trusted and untrusted applications on different physical machines," they say. "If this is not feasible in given contexts, disabling hyperthreading completely represents the safest mitigation. This does not, however, close the door on attacks on system call return paths that leak data from kernel space to user space."