Intel reveals vulnerabilities impacting system CPUs

Intel has revealed a new class of vulnerabilities impacting all modern Intel chips, which can potentially leak sensitive data from a system’s CPU. Company officials said that the flaws, named Microarchitectural Data Sampling (MDS), comprise four different attacks, all of which depend on different ways side channel attacks to steal data from impacted systems.

These vulnerabilities are the result of a process called speculative execution in processors. This is used in microprocessors whereby memory can be read before the addresses of all prior memory writes are known. This means that an attacker with local user access can gain easy, unauthorized access to information.

“First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques,” Intel said in a statement. “Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see.”  Interestingly, unlike previous attacks targeted at data within CPUs, MDS looks to a different component in the chip using speculative execution: Not data stored in the cache, but on buffers, such as Line Fill Buffers, Load Ports, or Store Buffers.

The  four attack vectors are called ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding. The ZombieLoad attack refreshes your private browsing-history and allows to leak information from other applications, the operating system, virtual machines in the cloud and trusted execution environments, a report said.

The Store-To-Leak Forwarding exploits CPU optimizations introduced by the store buffer to monitor the operating system or leak data when combined with Spectre gadgets.

A statement from Intel said: “MDS vulnerabilities have been classified as low to medium severity per the industry standard CVSS, and it’s important to note that there are no reports of any real world exploits of these vulnerabilities.”