Data Sampling on MDS-resistant 10th Generation Intel Core (Ice Lake)

07/15/2020
by   Daniel Moghimi, et al.
0

Microarchitectural Data Sampling (MDS) is a set of hardware vulnerabilities in Intel CPUs that allows an attacker to leak bytes of data from memory loads and stores across various security boundaries. On affected CPUs, some of these vulnerabilities were patched via microcode updates. Additionally, Intel announced that the newest microarchitectures, namely Cascade Lake and Ice Lake, were not affected by MDS. While Cascade Lake turned out to be vulnerable to the ZombieLoad v2 MDS attack (also known as TAA), Ice Lake was not affected by this attack. In this technical report, we show a variant of MSBDS (CVE2018-12126), an MDS attack, also known as Fallout, that works on Ice Lake CPUs. This variant was automatically synthesized using Transynther, a tool to find new variants of Meltdown-type attacks. Based on the findings of Transynther, we analyze different microcodes regarding this issue, showing that only microcode versions after January 2020 prevent exploitation of the vulnerability. These results show that Transynther is a valuable tool to find new variants, and also to test for regressions possibly introduced with microcode updates.

READ FULL TEXT

page 1

page 2

page 3

research
06/23/2020

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoa...
research
07/15/2020

TeeRex: Discovery and Exploitation of Memory Corruption Vulnerabilities in SGX Enclaves

Intel's Software Guard Extensions (SGX) introduced new instructions to s...
research
02/11/2018

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols

The recent Meltdown and Spectre attacks highlight the importance of auto...
research
05/16/2022

Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats

Software updates reduce the opportunity for exploitation. However, since...
research
10/01/2020

BRON – Linking Attack Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations

Many public sources of cyber threat and vulnerability information exist ...
research
05/14/2021

Revizor: Testing Black-box CPUs against Speculation Contracts

Speculative vulnerabilities such as Spectre and Meltdown expose speculat...
research
02/12/2023

Bl0ck: Paralyzing 802.11 connections through Block Ack frames

Despite Wi-Fi is at the eve of its seventh generation, security concerns...

Please sign up or login with your details

Forgot password? Click here to reset