There’s an old factoid that you’re never more than six feet away from a rat. Well, it also feels as if we’re never six minutes away from another Intel CPU security flaw. Step forward RIDL, Fallout, Zombieload, and Store-to-Leak Forwarding. the latest thorns in Intel’s increasingly punctured side.
Following in the footsteps of Spoiler, Meltdown, Spectre, and Foreshadow, RIDL and company are yet more speculative execution attacks which can affect nearly all modern Intel CPUs. AMD processors of all kinds are unaffected.
Speculative execution is a feature of Intel processors which allows the CPU to run tasks in advance of their usage, optimising performance and, in theory, increasing the speed of applications. RIDL and Fallout once again hijack this technology to gain control of systems, although the effects could be more profound. Known as Microarchitectural Data Sampling (MDS) attacks, these can be used to extract sensitive data such as passwords directly from the CPU buffer.
In terms of affected CPUs, nearly all modern Intel server, desktop, and laptop processors are affected. This includes the latest 9th Gen Intel processors which have shipped with hardware-based mitigations for Meltdown attacks. In fact, the researchers claim “9th-generation CPUs are more vulnerable to some of our attacks compared to older generation hardware.” Good job Intel.
The news doesn’t sound good for Intel, with the researchers at VU Amsterdam suggesting Intel has made its chips too complex, too fast, without acquiring enough knowledge of the potential hardware vulnerabilities.
“Most importantly, our research shows that what last year appeared to be exceptional one-time speculative execution bugs are actually systemic, and the problems in modern CPUs may go much deeper than we initially thought,” claim the researchers. “If CPUs have become so complex that chip vendors cannot keep their security under control, hardware vulnerabilities will be the new hunting ground for sophisticated attackers. And we may have no idea how many zero-day hardware vulnerabilities are still up for grabs. If we can no longer trust our hardware, the foundation on which we build all security solutions is crumbling away.”
There is a fix out there which can prevent this flaw for older processors (below Intel 8th Gen), but it’s so far from ideal that it’s not really even worth contemplating - disable your hyperthreading and let half your performance go to waste. “If you disable hyperthreading and at the same time you use Intel’s proposed mitigation (that is, using the very instruction) the MDS vulnerabilities are mitigated on old Intel processors,” said VUSec’s Pietro Figo.
For its part, Intel is claiming MDS is addressed at a hardware level in 8th Gen Core processors and upwards, which flies in the face of the research. They also confirm CPU microcode updates are being pushed out and it is recommended you install these. The updates will not completely mitigate the threat though and suggests consumers may need to take additional steps. Disabling Simultaneous Multi-Threading (SMT) may help, but “Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS. “
Honestly, it sounds like a big mess, and there’s actually much that can be done to prevent this right now. It’s not currently known whether this exploit has been used publicly just yet but now the cat’s well and truly out of the bag.