[The Exiled]

New RIDL and Fallout Attacks Impact All Modern Intel CPUs

Citiraj:

Multiple security researchers have released details about a new class of speculative attacks against all modern Intel processors. The attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches. Two attacks dubbed RIDL and Fallout exploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say. Both RIDL and Fallout can be used in real-life scenarios where an adversary can point the victim to a webpage with malicious JavaScript to steal sensitive information on the system, like passwords and cryptographic keys.

RIDL exploits three bugs in Intel CPUs to leak data from different internal CPU buffers (e.g. Line-Fill Buffers and Load Ports). The processor uses these buffers for loading or storing data in memory. Fallout exploits a fourth vulnerability in Intel CPUs to leak data from Store Buffers, which is used when a CPU pipeline needs to store any type of data. This attack works against the Kernel Address Space Layout Randomization (KASLR) protection against memory corruption bugs. Fallout also impacts all modern Intel processors, including those of the 9th generation, which include in-silicon mitigations for Meltdown.

Izvor: BleepingComputer, Wired i MDS Attacks