Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis on-the vulnerability warning-the black bar safety net

Background understanding

5 March 15, the media exposed, security researchers at a month before the Intel chip found in the one called“ZombieLoad”the new vulnerability, this vulnerability may allow an attacker to obtain the current processor is processing the sensitive data.

An attacker can exploit this vulnerability to initiate the Intel chip’s side-channel attack, which is following the earlier Meltdown, the Spectre and Foreshadow after the most serious security vulnerabilities, researchers at a month previous to the Intel report these vulnerabilities.

“ZombieLoad”direct understanding is the“zombie load”, i.e. the processor can’t understand or properly handle the large amounts of data, forcing the processor to the processor of the microcode request help to prevent a crash. The application usually can only see their own data, but this vulnerability could allow data flow through these boundary walls. The researchers said that ZombieLoad the leakage of the processor cores that are currently loaded all the data. This means that hackers make use of is actually a design flaw, rather than the injection of malicious code.

Attack

With three previous side-channel attack Meltdown, the Spectre and Foreshadow）in a similar way, the new attack is the use of the processor’s speculative execution in the process of vulnerability.

This vulnerability whereby the former involved in the Meltdown, the Spectre of vulnerability research on the part of the security personnel, as well as Bitdefender security personnel of the joint discovery, which is actually for the micro-architecture of the data sampling（MDS）attack, you can use the micro-architecture of the speculative execution of the operation to infer other applications on the processor in the data processing.

Intel said ZombieLoad includes 4 exploits. Respectively, is directed to the storage buffer area of the attack CVE-2018-12126/Fallout, the loading buffer CVE-2018-12127, and a line fill buffer CVE-2018-12130/Zombieload/RIDL, and the memory area CVE-2019-11091 it. Wherein Zombieload is severity the highest, to be able to get the maximum amount of and privacy of data.

The scope of the impact

Since 2011 the release of all Intel processors is likely to be affected, especially the cloud hosting services may be subject to larger shocks. At the same time Intel also noted that the MDS attacks actually use the higher difficulty, its practical impact is not so large.

Bug fixes

Currently Intel has released a microcode update, and the new processor will not be affected. This includes the Intel Xeon, the Broadwell And Sandy Bridge, And Skylake and Haswell chips and models. Kaby Lake, Coffee Lake, Whiskey Lake and Cascade Lake, and all of the atom and the Knights of the processor are also affected.

Currently, Apple, Microsoft and Google have already released patches.

Intel on the micro-structure of the data sampling analysis

The micro-architecture of the data sampling（MDS）work principle

MDS allows can be executed locally on the system the code of the malicious user inferred by the schema mechanism to protect the data, although the use of loopholes“ZombieLoad”on the system to locate specific data may be very difficult, but the malicious attacker can collect and analyze large amounts of data to find the protected data. Specific process, please see the deep dive in the MDS table: CPUID enumeration and architecture of the MSR action, through this way to obtain may be affected by MDS the impact of the processor list. MDS only relates to the primary data cache(L1D)outside of the micro system structure the structure of The Associated method, and therefore does not include the exception data cache load(RDCL)or L1 Terminal failure(L1TF)。

MDS speculative execution side-channel method can be used to leak following micro-architectural structures in the data:

1. Storage buffer: used to save the storage address and the data of the temporary buffers;

2. Fill the buffer: CPU cache between the temporary buffer;

3. Loading port: will be loaded into the data register when using the temporary buffer;

Of these structure than the L1D is much smaller, and therefore can save less data, and more are frequently covered. The use of MDS methods to infer with a particular memory address associated with the data is also more difficult, which may require a malicious attacker to gather a lot of data and analyzed to find any protected data.

The new micro-code update(MCUs)is being planned to be released to help the program mitigate these vulnerabilities. Intel recommends that in switching to the previous program untrusted program to update the micro code and remove the micro-architecture of the buffer area. These mitigation measures will be required for theoperating system, the Virtual Machine Management Program and the Intel ®program Protection Extensions the Intel ®SGX for changes and updates.

In this document the micro-architecture details only apply to the MDS technical effect of the processor, and not all Intel processors a General purpose processor. For the affected processor list, please refer to the CPUID enumeration and architecture of the MSR.

The micro-architecture of the storage buffer data sampling（MSBDS）CVE-2018-12126

Perform the storage operation, the processor writes data is called a storage buffer of a temporary micro-architecture. This makes the processor capable of writing data into the cache or main memory before continuing execution of the storage operation after the instruction. In addition, the I / O write, for example, the OUT is also stored in the storage buffer.

When the load operation from the earlier Store operation to the same memory address when data is read, the processor can directly from the memory buffer forwards the data to the load operation instead of the wait from memory or cache to load data, this optimization process is referred to as a repository to load forwarding store-to-load forwarding it.

Under certain conditions, from the storage operation of the data from the Store Buffer is speculatively forwarded to a different memory address of the fault or auxiliary load operation. Since the memory size is less than the stored buffer width, or not to perform storage of the data portion, therefore storage may not cover the memory buffer within the entire data field. These situations may cause forwarding of data from previously stored data. Since the loading operation will lead to a fault/assist1 and its results will be discarded, and therefore the forwarding of data does not lead to the vulnerability of the program execution or the architectural state change. However, a malicious attacker may be able to be such only for speculative data forwarded to an open-source gadget framework disclosure gadget, to allow them to infer this value.

MSBDS the cross-thread implications

For the MSBDS effects processors, physical cores on the stored data buffer in the kernel on the active thread on the static partition. This means that having two active threads of the kernel will have half the storage buffer entry is used only for Thread 1, the half only for another thread. When the thread enters the sleep state, its store buffer entry may be other active threads to use. This will cause previously used to enter the sleep state of the thread, and may contain expired data of the storage buffer entry by the other active thread reuse. When a thread from a sleep state is Wake-up time, the storage buffer will be re-partition. This will cause the memory buffer Store Buffer entry from the already active thread of the transmission to just Wake up the thread.

The micro-architecture of the fill of the buffer data sampling（MFBDS）CVE-2018-12130

Fill the buffer is an internal structure, for collecting a first level data cache lost data. When the memory request missing the L1 data cache, the processor will allocate a fill buffer to manage the data of the cache line Request. In addition, the fill buffer is also temporary management response to the memory or by the I / O operation returns, or to send the data. Fill the buffer data can be forwarded to the load operation, you can also write data to the data cache. Once the fill buffer data is written to the cache, the processor will release the fill buffer, thereby allowing in the future the memory operation in the reuse of the entry.