Fallout, RIDL, ZombieLand, MDSUM and other MDS Vulnerabilities

Last year we covered the SPECTRE and MELTDOWN vulnerabilities that affected Intel processors.  This year security researchers have discovered a new series of vulnerabilities around the Microacrhitecture Data Sampling MDS process.  This vulnerability would allow an attacker to read data as it crossed the L1 and L2 data caches on the processor.   These vulnerabilities can affect cloud computing services, and be leveraged by attackers to escape software containers such as Docker, hypervisors, and virtual machines.  They can also use these vulnerabilities to scrape passwords, credit card numbers, and other valuable PII.

The good news, these only affect Intel processors, AMD and ARM processors are not affected.  There have been recently released patches from Microsoft, including updates for Windows XP and Windows Server 2003, both of which are past support dates.  This gives us an idea about the seriousness of these vulnerabilities.  Patches have been released for Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 kernels.

There are four new CVEs for this vulnerability:

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) – CVSS score 6.5: Medium, exploited by Fallout attack
    CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS) – CVSS score 6.5: Medium, exploited by RIDL attack
    CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS) – CVSS score 6.5: Medium, exploited by RIDL and ZombieLand attacks
    CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) – CVSS score 3.8: Low, exploited by RIDL attack

Disabling simultaneous multi-threading, known as Intel Hyper-Threading Technology, is your best immediate solution.  Intel is also providing CPU micro-code to computer manufacturers, but release and deployment is bound to take some time.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.