News Security

Intel CPU Vulnerabilities could be used in MDS Attacks

A new class of Intel CPU vulnerabilities has recently been published by Intel. Known as speculative execution side-channel vulnerabilities, they affect almost every Intel processor produced since 2011 – this includes a great number of servers, laptops, and smartphones. Crucially, its virtual machines on the public cloud are also impacted by these vulnerabilities.

What are the new Intel CPU Vulnerabilities?

The Intel CPU vulnerabilities — dubbed as MDS attacks (microarchitectural data sampling) — almost all involve the speculative execution design feature found in all modern processors. The vulnerabilities could leak arbitrary data from different CPU internal buffers: line fill buffers, load ports or store buffers.

They include:

  • CVE-2018-12126 a.k.a. Fallout attack. It’s “just” an information disclosure vulnerability at the MSBDS (microarchitectural store buffer data sampling). Fallout is rated as medium severity, with CVSS score of 6.5, as it requires local access and privileges.
  • CVE-2018-12130 aka Zombieload or RIDL (rogue in-flight data load): Again, this is “just” an information disclosure vulnerability at the MFBDS (microarchitectural fill buffer data sampling). It’s also rated medium severity, with CVSS score of 6.5.
  • CVE-2018-12127: Part of the RIDL class of attacks, this vulnerability exists in the MLPDS (microarchitectural load port data sampling).
  • CVE-2019-11091: Also part of the RIDL class of attacks, it exists in the MDSUM (microarchitectural data sampling uncacheable memory). It’s an information disclosure vulnerability, rated low severity with CVSS score of 3.8.

Related posts

New Relic Named a Cloud Observability Leader by GigaOm

enterpriseitworld

Quantum Announces the Scalar i7 RAPTOR for Data Lakes

enterpriseitworld

HPE Leverages GenAI to Enhance AIOps Capabilities of HPE Aruba Networking Central Platform

enterpriseitworld