New Intel CPU vulnerabilities discovered
Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users’ machines.
Intel has published a security advisory today informing its customers about four new security vulnerabilities discovered in Intel CPUs, which may lead to information disclosure by allowing a malicious process to read data from another process running on the same CPU core, which is possible due to the use of buffers within the CPU core.
The vulnerabilities could allow a malicious process to speculatively sample data from the said buffers, which apparently aren’t cleared when switching between processes, then interpret the contents and read data from another process that is executing on the same CPU core. This can happen when switching between kernel and userspace, host and guest, or two different userspace processes.
The new security vulnerabilities are described in detailed at CVE-2018-12126 for Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12127 for Microarchitectural Load Port Data Samping (MLPDS), CVE-2018-12130 for Microarchitectural Fill Buffer Data Sampling (MFBDS), and CVE-2019-11091 for Microarchitectural Data Sampling Uncacheable Memory (MDSUM).
Intel released microcode updates to mitigate the vulnerabilities
Intel has released today Microcode Updates (MCU) updates for various of its processors to mitigate these potential security vulnerabilities. Users on all known computer operating systems, including Windows, Linux, Mac, and BSD, are encouraged to install these new firmware updates for Intel processors as soon as they’re available for their systems.
On some systems, such as Linux distributions, updating the Intel microcode firmware isn’t enough to mitigate these new security vulnerabilities as users will also have to install corresponding Linux kernel and QEMU packages that are being prepared as we speak by Canonical, Red Hat, and other major Linux OS vendors.
Intel says that it has worked closely with major operating system vendors and device manufacturers to create feasible solutions for correctly mitigating these new security vulnerabilities to protect users from potential attacks. Intel has published a list of impacted products here, and you can see the status of available microcode updates here.