New intel cpu flaws expose vms and clouds to full takeover – introducing ridl, zombieload ledderhose disease images and fallout

I wrote a piece last year about the serious problems ledderhose disease images with shared hardware. It covers the additional attack surface of introducing virtualization technology ledderhose disease images to your servers, and the additional risks that come with it. At the time, Meltdown and Spectre were both headlines and the risks against ledderhose disease images businesses where security is a priority were serious.

This exploit attacks the buffers that a CPU uses when ledderhose disease images reading from or writing to memory (called the Line Feed Buffer or LFB). The exploit allows unprivileged code to access critical data that ledderhose disease images lies inside of these buffers, and it can cross any security boundary such as residing ledderhose disease images in different VMs and different cloud instances. Security keys and credentials can be pulled to gain full ledderhose disease images control of the primary OS, and the exploit appears to impact all hypervisors equally (Xen, VMWare, etc).

Since the original Meltdown and Spectre disclosure, the family of memory disclosure attacks abusing speculative execution has ledderhose disease images grown steadily. While these attacks can leak sensitive information across security boundaries, they are all subject to strict addressing restrictions. In particular, Spectre variants allow attacker-controlled code to only leak within the loaded virtual address ledderhose disease images space. Meltdown and Foreshadow require the target physical address to at ledderhose disease images least appear in the loaded address translation data structures. Such restrictions have exposed convenient anchor points to deploy practical ledderhose disease images “spot” mitigations against existing attacks. This shaped the common perception that—until in-silicon mitigations are available on the next generation of hardware—per-variant, software-only mitigations are a relatively pain-free strategy to contain ever-emerging memory disclosure attacks based on speculative execution.

In this paper, we challenge the common perception by introducing Rogue In-flight Data Load(RIDL), a new class of speculative execution attacks that lifts all ledderhose disease images such addressing restrictions entirely. While existing attacks target information at specific addresses, RIDL operates akin to a passive sniffer that eavesdrops on ledderhose disease images in-flight data (e.g., data in the line fill buffers) flowing through CPU components. RIDL is powerful: it can leak information across address space and privilege boundaries ledderhose disease images by solely abusing micro-optimizations implemented in commodity Intel processors. Unlike existing attacks, RIDL is non-trivial to stop with practical mitigations in software.

The current recommended method of partially mitigating RIDL is to ledderhose disease images disable SMT (also known as Hyper-Threading) on all affected CPUs. This does not fully close the flaws that the line ledderhose disease images feed buffers have, which will have to be done with additional microcode updates ledderhose disease images that will flush those buffers more frequently, likely causing a noticeable performance hit. Fallout – Stealing Confidential Data from Store Buffers

This exploit attacks the buffers that a CPU uses every ledderhose disease images time it needs to store data for any purpose. Even worse, once the exploit is successfully implemented, it can be tasked to steal specific data instead of ledderhose disease images random data in the buffer. It specifically breaks through countermeasures designed to make this type ledderhose disease images of exploit harder to usefully execute by bypassing Kernel Address ledderhose disease images Space Layout Randomization (KASLR). This means that credentials, keys, and any information that you would need to escalate access ledderhose disease images to the machine are vulnerable.

We evaluate Fallout on two Intel machines, a Kaby Lake i7-7600U and a Coffee Lake R i9-9900K. Both machines run a fully up-dated Ubuntu 16.04 system, with all countermeasures in their default configuration. On both systems, we empirically test the possible locations on the kernel in ledderhose disease images its address space obtaining about 490 locations,implying about 9 bits of entropy.

In the proof-of-concept build used to demonstrate the vulnerability, ZombieLoad was used to pull AES-128 encryption keys from a server in less than 10 ledderhose disease images seconds. It pulled the debug Intel SGX sealing key (that is supposed to isolate processes from one another), and demonstrated that pulling live SGX keys is possible. It was also used to pull data from across security ledderhose disease images boundaries, and they achieved 20KB/sec of raw data leakage from across different VMs, which will work regardless of operating system.

ZombieLoad is mitigated by disabling HyperThreading. Because of the nature of the attacks, there will be large performance hits from software and firmware ledderhose disease images updates that attempt to mitigate this problem. This is because buffers will need to be flushed and ledderhose disease images performance optimizations will need to be avoided in order to ledderhose disease images prevent the exploit from working.