[SingCERT] Multiple Vulnerabilities Affecting Intel Central Processing Units (CPUs)

Published on Wednesday, 15 May 2019 17:28

Background

Security researchers discovered multiple vulnerabilities in Intel chips that can be exploited via speculative execution side-channel attacks.

These Microarchitectural Data Sampling (MDS) vulnerabilities are associated with four CVEs:

  • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) [also known as Fallout]
  • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) [also known as Zombieload, or Rogue In-Flight Data Load(RIDL)]
  • CVE-2018-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Affected Hardwares

All Intel CPUs in servers, desktops and laptops released since 2008, including the latest 9th-generation processors are affected.

Recommendations

Intel has released microcode updates to device manufacturers and motherboard vendors. Users and system administrators are advised to monitor their respective product websites for the release of security patches and update to the latest patch as soon as possible.

Users should also note that disabling Simultaneous Multi-Threading (SMT), also known as Hyper-Threading technology, would significantly reduce the impact of these MDS-based attacks, but would not mitigate the vulnerability completely.

For more information on these vulnerabilities, please refer to the following resources: