The second Meltdown: New Intel CPU attacks leak secrets

Researchers have found new flaws in Intel processors that could allow hackers to defeat the security boundaries enforced by virtual machine hypervisors, operating system kernels and Intel SGX enclaves, putting data on both servers and endpoint systems at risk. The new attack techniques can be used to leak sensitive secrets like passwords or encryption keys from protected memory regions and are not blocked by mitigations for past CPU attacks.

Over a year ago, the Meltdown and Spectre attacks took the computer industry by storm and showed that the memory isolation between the operating system kernel and unprivileged applications or between different virtual machines running on the same server were not as impervious as previously thought. Those attacks took advantage of a performance enhancing feature of modern CPUs called speculative execution to steal secrets by analyzing how data was being accessed inside CPU caches.

Since then, the research community found additional “side channel” techniques that could allow attackers to reconstruct secrets without having direct access to them, by analysing how data passes through the CPU’s micro-architectural components during speculative execution.

On Tuesday, researchers from several universities and the private sector disclosed new attacks that have the same impact as Meltdown and Spectre and which have been reported privately to Intel over the past year. The difference is these new techniques take advantage of the buffers of Intel CPUs instead of their caches to leak data.

“Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (line fill buffers, load ports, store buffers), including data never stored in CPU caches,” researchers from Vrije Universiteit Amsterdam said on a website they set up to share information about the new vulnerabilities. “We show that existing defences against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to obtain sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.”

New attack class: micro-architectural data sampling

Intel calls this new class of attacks micro-architectural data sampling (MDS) and has split the reported issues into four vulnerabilities with distinct CVE numbers:

  • CVE-2018-12126 — micro-architectural store buffer data sampling (MSBDS)
  • CVE-2018-12127 — micro-architectural load port data sampling (MLPDS)
  • CVE-2018-12130 — micro-architectural fill buffer data sampling (MFBDS)
  • CVE-2019-11091 — micro-architectural data sampling uncacheable memory (MDSUM)

Three of these vulnerabilities — MLPDS, MFBDS and MDSUM — are covered in a research paper from the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam. The VUSec researchers refer to their side-channel attack technique as Rogue In-Flight Data Load, or RIDL.

The fourth vulnerability — MSBDS — is covered in a separate research paper authored by researchers from University of Michigan, Worcester Polytechnic Institute, Graz University of Technology, KU Leuven and University of Adelaide. Their technique can leak data from store buffers and has been dubbed Fallout. It can also be used to leak memory information that can help attackers defeat kernel address space layout randomisation (KASLR), a security mechanism in operating systems designed to make the exploitation of memory corruption vulnerabilities much harder.

“Ironically, the recent hardware countermeasures introduced by Intel in recent Coffee Lake Refresh i9 CPUs to prevent Meltdown make them more vulnerable to Fallout, compared to older generation hardware,” the researchers said on their website.

Over the course of the past year, some of the same flaws have also been independently found and reported to Intel by other researchers, including Giorgi Maisuradze from CISPA – Helmholtz Center for Information Security in Germany who was an intern at Microsoft Research at the time, a team led by Daniel Gruss at Graz University of Technology, a team led by Dan Horea Lutas at Bitdefender, Volodymyr Pikhur from Oracle and Lei Shi from QiHoo 360.

This highlights the increased interest in the research community for CPU and hardware-related flaws in general and proves once again that different researchers can independently find the same vulnerabilities, which means that attackers can too.

How do the attacks work and who is affected?

The vulnerabilities affect modern Intel CPUs used in servers, desktops and laptops. Intel has published a list of potentially affected CPUs on its website and in a white paper written for software developers.

According to VUSec, after reviewing their paper, AMD and ARM said their CPUs are not affected by these issues.

The flaws can be exploited by a malicious process, such as unprivileged applications or even JavaScript running inside a browser to break memory isolation boundaries and obtain data from other processes.