SoylentNews

New Intel MDS attacks: RIDL and Fallout

posted by martyb on Wednesday May 15 2019, @03:07AM   
from the need-more-patches dept.

inertnet writes:

The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.

[...] RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS (Microarchitectural Data Sampling) vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.

[....] Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.

---

Original Submission

• Re:Seems like there's a lot of info missing Re:Seems like there's a lot of info missing (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:42PM (1 child)

  by Anonymous Coward on Wednesday May 15 2019, @12:42PM (#843802)

  I got an Intel Microcode update yesterday for my Linux Mint system; I'd guess this is the reason (I unfortunately didn't think of checking what it fixes before installing, and I have no idea how to access that information afterwards).

  Parent

• Re:Seems like there's a lot of info missing (Score: 2) by rigrig on Wednesday May 15 2019, @04:52PM

  by rigrig (5129) <soylentnews@tubul.net> on Wednesday May 15 2019, @04:52PM (#843886) Homepage

  $ apt changelog intel-microcode

  (...)
  intel-microcode (3.20190514.1) unstable; urgency=high

      * New upstream microcode datafile 20190514
      * SECURITY UPDATE
          Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
          CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  (...)

  --
  No one remembers the singer.

  Parent