The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.
[...] RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS (Microarchitectural Data Sampling) vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.
[....] Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.
This discussion has been archived.
No new comments can be posted.
New Intel MDS attacks: RIDL and Fallout
|
Log In/Create an Account
| Top
| 10 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @04:22AM (1 child)
For a while now, Intels hardware has been heavily RIDLed full of exploitable holes.
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @05:46PM
Of advanced exploit R&D. While I probably sound like a conspiracy theorist, this is what happens when you collude with a country like Israel in the ways America has and let a single technology company become an effective monopoly on a major facet of the marketplace. Given how long America has been shorting its future with its chinese trade practices and other offshoring activities, is it really a surprise though?
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @10:13AM
I notice a sudden surge of vulnerability stories. Linux kernel, WhatsApp, SQLite, and now Intel.
Do we have Vulnerability Wednesday?
(Score: 3, Insightful) by RamiK on Wednesday May 15 2019, @11:34AM (1 child)
That we know. With so many parties finding out about these independently, it's not unreasonable to assume governments and black-hats been exploiting them for years.
compiling...
(Score: 2) by RamiK on Wednesday May 15 2019, @11:36AM
Almost forgot:
Winning.
compiling...
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:27PM (2 children)
Will there be software fixes? (yes, microcode and OS). Does it affect AMD, or ARM? (no, at least not yet). How much performance will it cost? (no idea). Do you need to disable hyperthreading? (Yes, at least for some CPUs). How serious is this really? (Intel says not too bad, others say it's serious). Is it remotely exploitable? (Yes, via webpage Javascript; not necessarily otherwise).
(Score: 0) by Anonymous Coward on Wednesday May 15 2019, @12:42PM (1 child)
I got an Intel Microcode update yesterday for my Linux Mint system; I'd guess this is the reason (I unfortunately didn't think of checking what it fixes before installing, and I have no idea how to access that information afterwards).
(Score: 2) by rigrig on Wednesday May 15 2019, @04:52PM
$ apt changelog intel-microcode
No one remembers the singer.
(Score: 1, Informative) by Anonymous Coward on Wednesday May 15 2019, @12:45PM
ZombieLoad: Cross Privilege-Boundary Data Leakage [cyberus-technology.de]. Is this vulnerability related?
Also Intel tried to dismiss and bribe the researcher that discovered this fault (Dutch Original) [www.nrc.nl] (google translate) [google.com].
(Score: 2) by arslan on Thursday May 16 2019, @04:27AM
Intel is an anagram for Let In.
Caveat Emptor!