MDS: the latest speculative runnel channel vulnerability

Intel has just revealed a new speculative runnel channel vulnerability in its processors, similar to existing Spectrum / L1TF vulnerabilities. This new description calls for microarchitectural data sampling (MDS).

The vulnerability of microarchitectural data sampling has been discovered by Intel researchers. It has also been reported independently by external researchers. It is said to be similar to the existing vulnerabilities of the channel on the speculative run side. Fortunately, some processors of the current generation are not vulnerable and Intel believes that all new processors to come will be mitigated. For affected processors, firmware / software updates are forthcoming.

Microarchitectural data sampling can expose sensitive data to malicious users, provided that they already have access to the system at a certain capacity. MDSs can lead to exposing data from store buffers, fill buffers, and load ports. There are four CVEs constituting MDS:

– CVE-2018-12126 Sampling Microarchitectural Storage Buffer (MSBDS) Data

– CVE-2018-12130 Sampling Data in a Microarchitectural Fill Buffer (MFBDS)

– CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)

– CVE-2019-11091 Non-mappable Microarchitecture Data Sampling Memory (MDSUM)

Intel microcode updates are supposed to be put in place to clear micro-architectural buffers when switching between non-trusted software. In addition to the processor microcode, kernel changes are also expected and likely to be affected by hypervisors. No word on the impact on performance in this initial disclosure.

Intel's public statement on this says: "Microarchitectural Data Sampling (MDS) is already supported at hardware level in many of our recent 8th and 9th generation Intel Core processors, as well as in the 2nd generation Intel Xeon scalable processor family. For the other affected products, mitigation is available via microcode updates, associated with the corresponding operating system updates and hypervisor software available from today. # 39; hui. We have provided more information on our website and continue to encourage everyone to keep their systems up-to-date, this is one of the best ways to stay protected. We would like to thank the researchers who have worked with us and our industry partners for their contribution to the coordinated disclosure of these issues."

A public white paper should be published in a moment. We will look for updated firmware files and subsequent patches of the Linux kernel. Of course, when they are out, I will go on Phoronix to evaluate the consequences.