New microarchitectural flaws on processor have been published in May 2019. As Meltdown, Spectre and Foreshadow, these new vulnerabilities can allow a malicious user to steal sensitive data like passwords and user keys from other system programs or virtual instances. It may affects all systems using an Intel CPU.
Vulnerabilities have been collectively called "Microarchitectural Data Sampling" (MDS) and more specifically ZombieLoad, RIDL and Fallout.
Linux Kernel, virtualization stack and CPU microcode will have to be updated to mitigate read access to CPU's cache and memory. Updates may lead to performance impact.
Details of the vulnerability
CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.
For more details about the vulnerability, we invite you to read the official PDF paper.
CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer.
CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel.
CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
Rohde & Schwarz Application Security products are not affected because they do not execute untrusted data, yet the operating systems will be updated as soon as Linux Kernel and CPU microcode fixes are released. Fixes on will be available in next releases.
However please note that, when running in a virtual machine, information from Rohde & Schwarz Application Security products (including secrets) may be leaked to other untrusted virtual machines running on a same vulnerable host. Thus we advise to update virtualization stack, microcode for processors, and all guest systems running on the same host (guests' update may be less critical provided the host is up to date, though).
Kernel and microcode updates will be available for the forthcoming versions:
- R&S®Web Application Firewall 6.5.3 (LTS)
- i-Suite 5.5.15 (LTS)
- DAOS 10.5.6 for rWeb or in a patch content
The cloud provider for Cloud Protector is currently validating patches to be deployed on his platform.
A kernel update for Ubuntu is available. To perform the update, open the administration interface, go to Configuration and Check for updates.