New Class of CPU Vulnerabilities Impacts Nearly All Intel Processors Since 2011

Recent research has unveiled an alarming class of speculative execution vulnerabilities that affect Intel processors, impacting all modern devices, including those produced by Apple. These vulnerabilities build upon the widely publicized Spectre and Meltdown flaws, which were discovered last year and led to widespread concern regarding the security risks faced by computers globally.

A collaborative effort by security researchers from various universities and cybersecurity firms has identified an array of new and more perilous speculative execution vulnerabilities within Intel CPUs. These newly discovered flaws possess the potential for malicious actors to extract confidential user-level and system-level data from CPU buffers, including sensitive information such as passwords and encryption keys.

Speculative execution, a fundamental aspect of contemporary processor architecture, allows CPUs to predict and execute instructions based on the assumption that they will be needed. However, should these predictions prove incorrect, the discarded operations may still expose critical data.

These vulnerabilities, collectively referred to as Microarchitectural Data Sampling (MDS) attacks, include several distinct flaws that exacerbate concerns over speculative execution. Unlike their predecessors, which primarily targeted data stored in CPU caches, MDS attacks can exfiltrate arbitrary in-flight information from internal CPU buffers, significantly broadening the attack surface for potential exploits.

The latest research indicates that motivated attackers could utilize these vulnerabilities to extract privileged information housed in memory zones deemed secure by hardware defenses. This capability could enable targeted attacks that typically require extensive system permissions or deeper exploitation of the operating system.

Among the notable vulnerabilities identified is CVE-2018-12126, also known as the Fallout attack, which may allow unauthorized processes to siphon data from Store Buffers, a component of Intel’s microarchitecture. This attack is significant because it can facilitate access to recently accessed data, thus aiding further incursions into memory spaces protected by the operating system.

Similarly, the ZombieLoad attack significantly impacts a diverse range of Intel-architected desktops, laptops, and cloud servers dating back to 2011. This vulnerability enhances the ability to read data accessed by parallel processes on the same CPU core, raising serious concerns regarding multitenancy within cloud environments. Notably, it operates not only on physical machines but also across virtual instances, compromising the expected isolation between virtual machines.

Researchers have advised that disabling hyperthreading and implementing robust routines for clearing microarchitectural states during context switches are critical strategies for mitigating the risks associated with these attacks. Tools have also been made available for both Windows and Linux users, allowing them to evaluate their systems against these and other speculative execution vulnerabilities.

The MDS vulnerabilities were identified by an international consortium of researchers, including those from Austrian university TU Graz, Vrije Universiteit Amsterdam, and the University of Michigan, among others. Intel received reports of these vulnerabilities starting in June 2018 but initially requested confidentiality from researchers to enable them to develop timely patches.

Intel has since issued Microcode Updates aimed at mitigating the risk posed by these vulnerabilities through adjustments to both hardware and software, ensuring that sensitive data is purged from CPU buffers whenever a security boundary is crossed. It is imperative for all operating systems and software developers to prioritize these updates to protect their systems effectively.

Moreover, both AMD and ARM architectures have been confirmed as not being vulnerable to MDS attacks. Intel has also indicated that some of its newer chips incorporate hardware defenses aimed at countering these specific vulnerabilities. Apple has made strides in addressing these flaws with updates included in macOS Mojave 10.14.5 and subsequent Safari releases, while Microsoft has released software updates that carry certain performance implications.

As businesses navigate this evolving landscape of cybersecurity threats, understanding the tactics outlined in the MITRE ATT&CK framework, including initial access and privilege escalation, is essential for assessing potential vulnerabilities within their systems and fortifying defenses against future attacks.