Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

New Intel MDS attacks: RIDL and Fallout

Accepted submission by inertnet at 2019-05-14 22:07:10 from the need more patches dept.

The RIDL and Fallout [] speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites.

RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS vulnerabilities to mount practical attacks and leak sensitive data in real-world settings.

Fallout demonstrates that attackers can leak data from Store Buffers, which are used every time a CPU pipeline needs to store any data. Making things worse, an unprivileged attacker can then later pick which data they leak from the CPU's Store Buffer.

Original Submission