A Buffer Buffet for Data Sampling

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Yesterday, three data sampling side channel vulnerabilities were disclosed in Intel CPUs by a whole bunch of smart researchers. Intel is calling them “microarchitectural data sampling” (MDS) bugs, but they’re colloquially known as ZombieLoad (CVE-2019-1109 & CVE-2018-12130), RIDL aka “Rogue In-flight Data Load” (CVE-2018-12130), and Fallout (CVE-2018-12126) — plus there was one found by Intel’s internal research team (CVE-2018-12127). You can think of this as an evolution of Spectre and Meltdown. The Capsule8 Labs team is actively researching and testing these attacks, so this represents just our initial assessment.

Why is it cool?: For one, it’s neat that disparate research teams all stumbled on new types of side channel attacks around the same time. While these bugs have different practical uses for attackers, they all involve leaking information that shouldn’t be leaked by leveraging CPU optimizations (gain a little CPU speed, lose a little data). None of these attacks require a privileged attacker and they all work across security boundaries — including the boundary between userspace/kernelspace, OS processes, virtual machines, and SGX enclaves.

If you’re a Game of Thrones fan, think of this degradation of security boundaries like undead Viserion (for non-fans, it’s a zombie dragon) melting part of the Wall which was supposed to protect the living from the dead. The land of users (a land of applications) and the land of kernels (a land of privileged magic creatures, hardware daemons, and other fantastic beings) should be separate, because the land of kernels is full of precious data and the land of users has a lot of danger in it that could threaten the kernel realm. Just like the Wall stood for one thousand years, these system security boundaries are supposed to be steadfast, so it’s pretty bad when they aren’t.

Dig deeper: Let’s try out an analogy: imagine you own a cat cafe. You know the cats will want to play with toys at some point, but you don’t totally know which toys they will want. But, to optimize your cafe, you keep toys on hand so you can quickly give them the right toy when they wiggle their kitten butts like they want to pounce. If they instead run to play with a shadow on the wall, you generally won’t immediately discard those toys — there will be a delay between realizing the cat doesn’t want them and you putting them away.

For the attack, a malicious cat can peek into your hands to see the toys you prepared just in case the other cat wanted to play, since you don’t keep separate toys for every cat. Now replace cats with processes and toys with secrets (passwords, encryption keys, etc.), and that is roughly how these attacks work. ZombieLoad “resurrects” the toys that were just in your hand to see them. RIDL spies on your toys as they’re in your hands. Fallout reconstructs your toys and if it does this a lot, it can pinpoint exactly where the toys were in your hand, too.

Further, this sneaky, metaphorical cat could influence the last toys in your hand (potentially with an infinite number of unpunished attempts to do so), which makes these attacks more potent. Concretely, the attacker could run a program which reads the file they want, connect to a server which loads the private key they want, and so forth. Being able to determine which “toys,” i.e. secrets, are readily available can make attacks a lot easier.

What’s at risk?: These attacks “just” require running a program using a targeted chip, after which the attacker gets access to other apps, the OS kernel, other VMs, or SGX enclaves. Thus, this really affects any system with recent Intel chips, so if you use VMs, cloud stuff, laptops — just computers, really — you’re potentially at risk.

The easiest way for attackers to pull off one of these attacks is probably as an authenticated local (low-privileged) user, or through Javascript in browsers on malicious pages or even through malvertising for a more general attack. Exploit videos for both local- and browser- based attacks are available on the primary disclosure site. While the researchers show that RIDL works in Firefox and Chrome, timing attacks like these typically take a long time to execute — so attacker patience is required.

What should I do?: For Linux users, Red Hat lists all the updates needed for their various products on the “Resolve” tab. Ubuntu LTS users will receive updates through Extended Security Maintenance (ESM), but they also recommend disabling Simultaneous Multi-Threading (SMT) / Hyper-Threading since the updates won’t protect you if SMT is still enabled (you can disable it in the BIOS). Debian also published a security advisory today for these issues.

Microsoft already has a patch out, as does Apple for macOS. Google now disables Hyper-Threading by default in Chrome OS 74. iOS devices don’t use CPUs affected by these bugs and most Android devices aren’t affected, either, since they are primarily ARM-based.

The bottom line: Intel’s CPU is basically like a data gym; it allows attackers to get buffer information. You should update basically everything, but particularly your operating systems. You can gently hit the panic button on this one, since true mitigation won’t happen until you replace your chips. There’s already one proof of concept for ZombieLoad available, but hit the panic button harder if the exploit code becomes widely available, for example as a Metasploit module.

The neckbeard line: Some are saying this is an extension of speculative execution attacks. Some will call these attacks “transient execution.” Others will call them side channel, cache side channel, or data sampling side channel attacks. The literalists will stick with Intel’s “microarchitectural data sampling” term. The infosec neckbeards will say they get their data from a “well, actually.”

The Capsule8 Labs team conducts offensive and defensive research to understand the threat landscape for modern infrastructure and to continuously improve Capsule8’s attack coverage.