Stories
Slash Boxes
Comments

SoylentNews is people

New Intel MDS attacks: RIDL and Fallout

posted by martyb on Wednesday May 15 2019, @03:07AM   Printer-friendly
from the need-more-patches dept.
Hardware

inertnet writes:

The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.

[...] RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS (Microarchitectural Data Sampling) vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.

[....] Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.

Original Submission

This discussion has been archived. No new comments can be posted.
New Intel MDS attacks: RIDL and Fallout | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @04:22AM (1 child)

    by Anonymous Coward on Wednesday May 15 2019, @04:22AM (#843690)

    For a while now, Intels hardware has been heavily RIDLed full of exploitable holes.

    • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @05:46PM

      by Anonymous Coward on Wednesday May 15 2019, @05:46PM (#843903)

      Of advanced exploit R&D. While I probably sound like a conspiracy theorist, this is what happens when you collude with a country like Israel in the ways America has and let a single technology company become an effective monopoly on a major facet of the marketplace. Given how long America has been shorting its future with its chinese trade practices and other offshoring activities, is it really a surprise though?

  • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @10:13AM

    by Anonymous Coward on Wednesday May 15 2019, @10:13AM (#843754)

    I notice a sudden surge of vulnerability stories. Linux kernel, WhatsApp, SQLite, and now Intel.

    Do we have Vulnerability Wednesday?

  • (Score: 3, Insightful) by RamiK on Wednesday May 15 2019, @11:34AM (1 child)

    by RamiK (1813) on Wednesday May 15 2019, @11:34AM (#843780)

    RIDL attacks were independently discovered and reported by:

            Stephan van Schaik, Alyssa Milburn, Sebastian Ă–sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida at VUSec.
            Giorgi Maisuradze at CISPA.

    Fallout attacks were independently discovered and reported by:

            Marina Minkin at University of Michigan, Daniel Moghimi at Worcester Polytechnic Institute, Moritz Lipp, Michael Schwarz at Graz University of Technology, Jo Van Bulck at KU Leuven, Daniel Genkin at University of Michigan, Daniel Gruss at Graz University of Technology, Berk Sunar at Worcester Polytechnic Institute, Frank Piessens at KU Leuven and Yuval Yarom at University of Adelaide and Data61.

    That we know. With so many parties finding out about these independently, it's not unreasonable to assume governments and black-hats been exploiting them for years.

    --
    compiling...

    • (Score: 2) by RamiK on Wednesday May 15 2019, @11:36AM

      by RamiK (1813) on Wednesday May 15 2019, @11:36AM (#843782)

      Almost forgot:

      MDS-class vulnerabilities were also reported by (in alphabetical order):

              Dan Horea Lutas' team at BitDefender.
              Daniel Gruss, Michael Schwarz, Moritz Lipp at TU Graz and Jo Van Bulck (imec-DistriNet, KU Leuven)
              You can find more details about their research at ZombieLoadattack.com
              Analysis done in collaboration with Ahmad "Daniel" Moghimi (Worcester Polytechnic Institute), Julian Stecklina, Thomas Prescher (Cyberus Technology)
              Lei Shi at QiHoo 360.
              Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco at Intel.
              Matt Miller, Brandon Falk at Microsoft.
              Volodymyr Pikhur .

      Winning.

      --
      compiling...

  • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:27PM (2 children)

    by Anonymous Coward on Wednesday May 15 2019, @12:27PM (#843796)

    Will there be software fixes? (yes, microcode and OS). Does it affect AMD, or ARM? (no, at least not yet). How much performance will it cost? (no idea). Do you need to disable hyperthreading? (Yes, at least for some CPUs). How serious is this really? (Intel says not too bad, others say it's serious). Is it remotely exploitable? (Yes, via webpage Javascript; not necessarily otherwise).

    • (Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:42PM (1 child)

      by Anonymous Coward on Wednesday May 15 2019, @12:42PM (#843802)

      I got an Intel Microcode update yesterday for my Linux Mint system; I'd guess this is the reason (I unfortunately didn't think of checking what it fixes before installing, and I have no idea how to access that information afterwards).

      • (Score: 2) by rigrig on Wednesday May 15 2019, @04:52PM

        by rigrig (5129) <soylentnews@tubul.net> on Wednesday May 15 2019, @04:52PM (#843886) Homepage

        $ apt changelog intel-microcode

        (...)
        intel-microcode (3.20190514.1) unstable; urgency=high

            * New upstream microcode datafile 20190514
            * SECURITY UPDATE
                Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
                CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
        (...)

        --
        No one remembers the singer.

  • (Score: 1, Informative) by Anonymous Coward on Wednesday May 15 2019, @12:45PM

    by Anonymous Coward on Wednesday May 15 2019, @12:45PM (#843803)

    ZombieLoad: Cross Privilege-Boundary Data Leakage [cyberus-technology.de]. Is this vulnerability related?

    Also Intel tried to dismiss and bribe the researcher that discovered this fault (Dutch Original) [www.nrc.nl] (google translate) [google.com].

    According to the VU, Intel tried to downplay the severity of the leak by officially paying $ 40,000 in rewards and in addition, "$ 80,000" off. That offer was politely refused.

  • (Score: 2) by arslan on Thursday May 16 2019, @04:27AM

    by arslan (3462) on Thursday May 16 2019, @04:27AM (#844118)

    Intel is an anagram for Let In.

    Caveat Emptor!

(1)