Why MDS vulnerabilities present a threat as serious as Spectre and Meltdown

Microarchitectural Data Sampling are CPU side-channel vulnerabilities that allow attackers to view in-flight data from CPU-internal buffers. Learn more about MDS attacks in this comprehensive guide.

Machine learning allowed this company to detect Meltdown and Spectre before Intel broke the news At RSA 2018, Bill Conner, CEO of SonicWall, talks to TechRepublic about how AI and machine learning can help companies guard against in-memory attacks.

In May 2019, a new class of CPU-level vulnerability was disclosed in coordinated releases by security researchers around the world. The vulnerability, known as "Microarchitectural Data Sampling" (MDS), can be leveraged by attackers to expose in-flight data from CPU-internal buffers, including data not stored in caches. In contrast to Spectre and Meltdown, MDS attacks do not rely on assumptions about memory layout, or depend on the processor cache state.

These properties make MDS attacks more difficult to mitigate, though the structures involved are relatively small, and are overwritten more frequently—making them more difficult to exploit. Accordingly, using MDS attacks to expose data associated with a specific memory address is considerably more difficult than other attack methods, requiring attackers to collect large amounts of information to target a specific memory value.

SEE: Vendor risk management: A guide for IT leaders (free PDF) (TechRepublic)

MDS attacks are as pernicious a threat as Spectre and Meltdown, and like those security vulnerabilities, the extent to which devices are vulnerable depends on vendor (i.e., Intel vs. AMD) and product generation. These vulnerabilities also affect cloud computing services, as they can be leveraged by attackers to escape software containers, hypervisors, paravirtualized systems, and virtual machines.

What risks are associated with MDS vulnerabilities?

Like Spectre and Meltdown, MDS vulnerabilities can be utilized by malicious actors to extract encryption keys and passwords from compromised systems. While weaponizing MDS vulnerabilities ultimately requires the ability to locally execute code, JavaScript proofs of concept exist, making the attack possible to exploit on maliciously-crafted web pages. When exploited, malicious actors can extract data from other programs on the same machine, across security boundaries, including SGX enclaves.

Exploitation of MDS vulnerabilities can be performed untraceably—that is, without leaving evidence of an exploit in system logs. This makes the pair difficult to detect in targeted malware attacks, though known malware signatures are still possible to determine by traditional means.

How many variants of MDS vulnerabilities exist?

Presently, there are four CVEs assigned by MITRE. These vulnerabilities were discovered and reported independently by multiple groups, leading to the existence of different—and partially overlapping—names such as "ZombieLoad" and "RIDL" to describe the vulnerabilities.

The information page about MDS published by Vrije Universiteit Amsterdam notes that "The year-long disclosure process (the longest to date) ultimately resulted in independent finders of even closely related MDS-class vulnerabilities to be completely unaware of one another until a few days before the May 14 disclosure date."

Microarchitectural Store Buffer Data Sampling (MSBDS)

MSBDS, also known as Fallout (CVE-2018-12126) can be used by attackers to retrieve information from the processor store buffer, which contains recent write to memory. These buffers are used every time a CPU pipeline writes data to memory. Fallout can be used to break Kernel Address Space Layout Randomization (KASLR), and leak sensitive or protected information.

This vulnerability is specific to Intel CPUs. Red Hat's description of MDS vulnerabilities highlights the implementation-level difference, as follows:

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'.

The processor store buffer is conceptually a table of address, value, and 'is valid' entries. As the sub-operations can execute independently of each other, they can each update the address, and/or value columns of the table independently. This means that at different points in time the address or value may be invalid.

The processor may speculatively forward entries from the store buffer. The split design used allows for such forwarding to speculatively use stale values, such as the wrong address, returning data from a previous unrelated store. Since this only occurs for loads that will be reissued following the fault/assist resolution, the program is not architecturally impacted, but store buffer state can be leaked to malicious code carefully crafted to retrieve this data via side-channel analysis.

Microarchitectural Load Port Data Sampling (MLPDS)

MLPDS (CVE-2018-12127) leverages "load ports," which receive data from memory or I/O subsystem, which in turn provides it to the CPU registers and operations in CPU pipelines.

Some implementations of this component retain values from older operations. These "stale" values can be used to infer the contents of a process.

Microarchitectural Fill Buffer Data Sampling (MFBDS)

MFBDS (CVE-2018-12130), also known as RIDL (Rogue In-Flight Data Load), is an implementation flaw in fill buffers in Intel CPUs, and is considered by Red Hat the riskiest of the four MDS vulnerabilities initially disclosed.

A fill buffer holds data that has missed in the processor L1 data cache, as a result of an attempt to use a value that is not present. When a Level 1 data cache miss occurs within an Intel core, the fill buffer design allows the processor to continue with other operations while the value to be accessed is loaded from higher levels of cache. The design also allows the result to be forwarded to the Execution Unit, acquiring the load directly without being written into the Level 1 data cache.

A load operation is not decoupled in the same way that a store is, but it does involve an Address Generation Unit (AGU) operation. If the AGU generates a fault (#PF, etc.) or an assist (A/D bits) then the classical Intel design would block the load and later reissue it. In contemporary designs, it instead allows subsequent speculation operations to temporarily see a forwarded data value from the fill buffer slot prior to the load actually taking place. Thus it is possible to read data that was recently accessed by another thread if the fill buffer entry is not overwritten.

Researchers have demonstrated RIDL as being able to leak kernel data, a root password hash from /etc/shadow through a brute-force authentication attempt, and leaking a string from another process using JavaScript and WebAssembly.

Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

MDSUM (CVE-2019-11091) is a flaw in Intel's implementation of the "fill buffer," used when a cache-miss is made on the L1 CPU cache. MDSUM is closely related to Meltdown, targeting reads from the line fill buffer instead of caches.

How can I protect against MDS attacks?

Researchers recommend disabling simultaneous multithreading, also known as "Intel Hyper-Threading Technology," which they indicate "significantly reduces the impact of MDS-based attacks without the cost of more complex mitigations." These calls were echoed by Ubuntu maker Canonical, for systems used to execute untrusted or potentially malicious code.

Intel has provided CPU microcode updates to vendors. Like with Spectre and Meltdown, it is up to these vendors to deliver updates—typically in the form of BIOS or firmware updates—to users, though the speed at which this is done is typically not fast; likewise, BIOS updates are not applied automatically, it is up to the user (or, for enterprises, IT staff) to apply them. Intel has published a list of impacted processors, with details about the status of microcode updates.

Microsoft published software updates for Windows, Windows Server, and SQL Server as part of the May 2019 Patch Tuesday round, likewise, Apple published mitigations in Mac OS 10.14.5.

Patches have been incorporated in Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 kernels, with maintainer Greg Kroah-Hartman noting that "this release, and the other stable releases that are all being released right now at the same time, just went out all contain patches that have only seen the 'public eye' for about 5 minutes," adding that "Odds are we will be fixing a number of small things in this area for the next few weeks as things shake out on real hardware and workloads."

Cloud computing services, like Microsoft Azure, Amazon Web Services, and Google Cloud Platform, are updating systems to mitigate issues.

MDS vulnerabilities are only known to affect Intel-powered systems. AMD CPUs are not affected. iOS devices use Apple's custom Arm-based A-series CPUs, which are not affected. Android devices typically use Arm-based CPUs from Qualcomm, which are likewise unaffected.

For more, check out ZDNet's coverage of patch status for MDS attacks, and learn how to disable simultaneous multithreading (SMT) on Lenovo ThinkPads.

Also see

intel.jpg
Emilija Randjelovic, Getty Images

By James Sanders

James Sanders is a technology writer for TechRepublic. He covers future technology, including quantum computing, AI, and 5G, as well as cloud, security, open source, mobility, and the impact of globalization on the industry, with a focus on Asia.