Back in January 2018, researchers disclosed a set of vulnerabilities related to the way modern CPUs perform a function known as speculative execution.
Spectre and Meltdown were considered serious in part because Spectre represented an entire new class of attacks, not a single isolated attack vector. For much of 2018, the “story” around Intel revolved around its response to these attacks.Almost a year and a half later, researchers are still searching for similar classes of issues.
Multiple new vulnerabilities have broken cover, and they go by various names such as ZombieLoad, RIDL, and Fallout (as named by the researchers). Collectively, Intel summarizes them as MDS — Microarchitectural Data Sampling. RIDL, for Rogue In-flight Data Load, was discovered by researchers at Vrije Universiteit Amsterdam and Helmholtz Center for Information Security.
Fallout was found by a group at the Graz University of Technology, KU Leuven, the University of Michigan, and Worcester Polytechnic Institute. ZombieLoad was discovered by Graz, Worcester, and KU Leven.As a refresher: All of these flaws, including Spectre and Meltdown, are related to how either CPUs in general or Intel CPUs, specifically, perform speculative execution.
In the case of RIDL, ZombieLoad, Fallout, and MDS more generally, the flaws highlighted appear to be specific to Intel CPUs.
These problems arise because there are differences between a CPU’s architecture (how the CPU is documented to work on paper) and its microarchitecture (how the CPU actually performs operations “under the hood.
”) Speculative execution is exactly what it sounds like: The CPU speculates about what operations will need to be performed next, and then performs them in order to have the results ready if they are needed, rather than performing these operations after it knows they’re necessary.As a matter of architecture, all operations are performed in sequence and the only data retained by the CPU is the data it needs to perform operations.
But it’s possible to snoop on the microarchitecture to look for subtle clues as to where data is being stored on-chip, based on timing differences in how long it takes to access information. Measuring those differences can allow attackers to infer the data values stored in cache or in on-chip buffers.
Previous Spectre-class flaws have typically focused on leaking data from cache, but the new MDS flaws leak data from buffers — tiny data stores that the chip uses to move data internally.How Serious Are These Attacks?There has been a bit of controversy over just how serious these new attacks are, and I’ll.