![](\"https:\/\/i0.wp.com\/werle.pro\/wp-content\/uploads\/2019\/05\/ob_33e06f_zombieload7572351311768714095.png?resize=600%2C400&ssl=1\")
<\/p>\n<\/p>\n
Article en fran\u00e7ais par Global Informatique S\u00e9curit\u00e9 plus bas sur la page<\/p>\n
Author: Lindsey O’Donnell<\/em> Intel on Tuesday revealed a new class of speculative execution vulnerabilities, dubbed Microarchitectural Data Sampling (MDS), which impact all its modern CPUs.<\/p>\n The flaws all ultimately depend on different ways of executing side channel attacks to siphon data from impacted systems \u2013 and result in four different attacks: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.<\/strong><\/p>\n \u201cAs a result of the flaw in the architecture of these processors, an attacker who can execute malicious code locally on an affected system can compromise the confidentiality of data previously handled on the same thread or compromise the confidentiality of data from other hyperthreads on the same processor as the thread where the malicious code executes,\u201d Eric Maurice, director of security for Oracle, recently wrote in an advisory.<\/p>\n The flaws derive from a process called speculative execution in processors. This process \u2013thrown into the spotlight after the 2018 Spectre and Meltdown flaws came to light \u2013 is used in microprocessors so that memory can read before the addresses of all prior memory writes are known.<\/p>\n However, while speculative execution side channel attacks \u2013 like Spectre and Meltdown \u2013 targeted data stored in the CPU\u2019s memory; MDS instead refers to issues related to microarchitectural structures of the Intel processors other than the level 1 data cache (where memory is stored). Those issues exists in components called buffers, such as Fill Buffers (temporary buffers between CPU caches), Load Ports (temporary buffers used when loading data into registers) or Store Buffers (temporary buffers to hold store addresses and data).<\/p>\n There are four vulnerabilities in total tied to MDS.<\/p>\n Those are CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 <\/strong>and CVE-2019-11091<\/strong>.<\/p>\n Intel sought to downplay the vulnerabilities, saying that: \u201cMDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it\u2019s important to note that there are no reports of any real world exploits of these vulnerabilities.\u201d<\/p>\n Indeed, CVE-2019-11091 has the lowest severity, with a CVSS score of 3.8, and exists in the microarchitectural data sampling structure for uncacheable memory in CPUs. CVE-2018-12126 (which exists in the Store Buffer), CVE-2018-12127 (which exists in the Load Port) and CVE-2018-12130 (existing in the Fill Buffer) meanwhile have a CVSS score or 6.5, or medium severity.<\/p>\n Meanwhile, an array of independent researchers from VUSec, CISPA, Graz University of Technology, and more have developed attacks for these vulnerabilities. Those proof-of-concept attacks were also disclosed Tuesday in coordination with Intel, after mitigations were developed.<\/p>\n Those four different attack vectors are dubbed ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. While these attacks are all based on speculative execution targeting the buffer component of CPUs, they all work in different ways, exploit different flaws and result in different impacts.<\/p>\n For instance, while ZombieLoad allows attackers to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments; the Fallout attack allows to read data that the operating system recently wrote and to figure out the memory position of the operating system strengthening other attack, and RIDL attack allows to leak information across various security domains<\/p>\n The most severe of these attacks is dubbed ZombieLoad, which attacks CVE-2018-12130, the flaw in the Fill Buffer of Intel CPUs. That\u2019s because this attack leaks the most data \u2013 attackers are able to siphon data from system applications, operating system and virtual machines. According to a research paper released on Tuesday, researchers said that disabling hyperthreading is the \u201conly possible workaround to mitigate ZombieLoad on current processors.\u201d<\/p>\n \u201cWith ZombieLoad, we showed a novel Meltdown-type attack targeting the processor\u2019s fill-buffer logic. ZombieLoad enables an attacker to leak recently loaded values used by the current or sibling logical CPU,\u201d researchers said.<\/p>\n ZombieLoad was discovered and reported by Michael Schwarz, Moritz Lipp and Daniel Gruss from the Graz University of Technology (known for their previous discoveries of similar attacks, including Meltdown) as well as researchers from KU Leuven, Cyberus Technology and the Worcester Polytechnic Institute. It appears at this time that Intel is the only manufacturer whose chips are impacted. AMD and ARM have both made public statements that the attacks and vulnerabilities related to MDS do not affect their chips.<\/p>\n In a statement, AMD said: \u201cAt AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to \u2018Fallout\u2019 or \u2018RIDL\u2019 because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.\u201d<\/p>\n According to Intel\u2019s microcode update guidance, most Intel Core and Xeon chips dating back to 2011 are theoretically vulnerable to MDS-related flaws.<\/p>\n However, Intel said that the new MDS class of flaws is addressed in hardware starting with select 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable processor family. Future chips will also have integrated fixes, Intel said.<\/p>\n While Intel has provided CPU microcode updates, and recommendations for mitigation strategies for operating system (and hypervisor) software, the company recommends users install the software updates provided by your operating system and\/or hypervisor vendor. An array of vendors have released separate security advisories in response to MDS, including Red Hat, Oracle, Apple, Google and Microsoft.<\/p>\n \u201cMicrosoft has released software updates to help mitigate these vulnerabilities,\u201d according to a Microsoft advisory released Tuesday. \u201cTo get all available protections, firmware (microcode) and software updates are required. This may include microcode from device OEMs. In some cases, installing these updates will have a performance impact. We have also acted to secure our cloud services.\u201d<\/p>\n To completely address these issues, Intel said that there are additional opt-in mitigations to disable hyper threading and enable microcode-based mitigations for all processes by default.<\/p>\n News that Intel\u2019s fix for ZombieLoad will slow CPU performance has ignited concerns that people will be dissuaded to update their machines. It was a similar case when Spectre and Meltdown fixes were first introduced in 2018.<\/p>\n For instance, in a security release Apple said that in tests it found \u201cas much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks\u201d depending on the system.<\/p>\n Intel for its part has a much smaller performance hit estimate: Foe example, in a Core i9 9900K with Hyper-Threading disabled, the company said that the hit could be as little as 9 percent on select data center workloads post-mitigation, for instance.<\/p>\n Researchers said that it is \u201cvery likely\u201d that Intel chip users\u2019 systems are impacted by the MDS vulnerabilities and subsequent attacks.<\/p>\n \u201cOur attacks affect all modern Intel CPUs in servers, desktops and laptops,\u201d said Fallout researchers in a post. \u201cThis includes the latest 9th-generation processors, despite their in-silicon mitigations for Meltdown. Ironically, 9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.\u201d<\/p>\n Researchers also made a tool, available here, to discover whether their systems are impacted.<\/p>\n The incident shows that side channel speculative execution attacks continue to plague Intel chips since the Spectre and the related Meltdown vulnerability were disclosed in 2018. For instance, in May 2018, in May, a new vulnerability was found called Variant 4, disclosed by Google Project Zero and Microsoft\u2019s Security Response Center; researchers said it potentially enables attackers to read privileged data across trust boundaries.<\/p>\n Meanwhile, a new Spectre-class exploit, dubbed SpectreRSB, was detailed by researchers from the University of California at Riverside in a research paper in July; while in August, three new speculative execution design flaws in Intel CPUs were disclosed, impacting Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.<\/strong><\/p>\n Intel ZombieLoad Side-Channel Attack: 10 Takeaways<\/a><\/p><\/blockquote>\n
\n9-12 minutes<\/p>\nHere are 10 top takeaways from Intel\u2019s most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week.<\/h4>\n
Here are 10 top takeaways from this latest speculative execution side channel attack impacting Intel chips.<\/h3>\n
MDS Different Than Meltdown and Spectre<\/h4>\n
Intel Seeking to Downplay Impact<\/h4>\n
Different Attacks Exist to Exploit Flaws<\/h4>\n
ZombieLoad: The Hard-Hitting Attack<\/h4>\n
\nOnly Intel is Impacted (That We Know)<\/p>\nFuture Chips Won\u2019t Be Vulnerable<\/h4>\n
Flood of Vendors Security Advisories<\/h4>\n
Performance Hits From Fixes Ignite Concerns<\/h4>\n
Intel performance hits flaw<\/h4>\n
How can People Know if Their Systems are Impacted?<\/h4>\n
Side Channel Attacks Continue<\/h4>\n