Fallout, RIDL, ZombieLand, MDSUM and other MDS Vulnerabilities

Last year we covered the SPECTRE and MELTDOWN vulnerabilities that affected Intel processors.  This year security researchers have discovered a new series of vulnerabilities around the Microacrhitecture Data Sampling MDS process.  This vulnerability would allow an attacker to read data as it crossed the L1 and L2 data caches on the processor.   These vulnerabilities can affect cloud computing services, and be leveraged by attackers to escape software containers such as Docker, hypervisors, and virtual machines.  They can also use these vulnerabilities to scrape passwords, credit card numbers, and other valuable PII.

The good news, these only affect Intel processors, AMD and ARM processors are not affected.  There have been recently released patches from Microsoft, including updates for Windows XP and Windows Server 2003, both of which are past support dates.  This gives us an idea about the seriousness of these vulnerabilities.  Patches have been released for Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 kernels.

There are four new CVEs for this vulnerability:

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) – CVSS score 6.5: Medium, exploited by Fallout attack
    CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS) – CVSS score 6.5: Medium, exploited by RIDL attack
    CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS) – CVSS score 6.5: Medium, exploited by RIDL and ZombieLand attacks
    CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) – CVSS score 3.8: Low, exploited by RIDL attack

Disabling simultaneous multi-threading, known as Intel Hyper-Threading Technology, is your best immediate solution.  Intel is also providing CPU micro-code to computer manufacturers, but release and deployment is bound to take some time.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.