Linux Patched For New Intel "MMIO Stale Data" Vulnerabilities

Written by Michael Larabel in Intel on 14 June 2022 at 01:39 PM EDT. 8 Comments
INTEL
In addition to the Hertzbleed frequency scaling side-channel attack being made public today as part of "Patch Tuesday" and affecting both Intel and AMD CPUs, Intel is additionally disclosing a set of "MMIO Stale Data" vulnerabilities. The Linux kernel has already been patched for these new vulnerabilities affecting multiple generations of Intel CPUs from Rocket Lake back to Haswell X and Skylake.

Intel issued a security advisory over security vulnerabilities in its Memory Mapped I/O (MMIO) handling for Intel CPUs that could lead to information disclosure. Intel is releasing updated firmware/microcode and also mitigation handling in the Linux kernel. There are four separate CVEs for these MMIO Stale Data vulnerabilities that pertain to potential information disclosure via local access. Intel recommends updated SGX software for Linux and Windows. There is also new firmware being pushed out and merged at embargo time were Linux kernel patches for these vulnerabilities.

This new kernel documentation further outlines the problem. Haswell X and Skylake to Rocket Lake is impacted with at least some steppings, some Xeon CPUs are only affected by some of the vulnerabilities, etc as outlined in the documentation.


The mitigation for these MMIO Stale Data vulnerabilities is to force the CPU to clear the affected buffers before they an attacker can extract the secrets. With the updated CPU microcode, the microcode will clear the CPU buffers when the "VERW" instruction is called. These buffer clears are happening on return to user-space, before C-state transitions, and guest entry points (VMENTER). This mitigation handling largely overlaps with the prior MDS / TAA mitigation handling.

Mitigation status on patched Linux kernel builds will be exposed under /sys/devices/system/cpu/vulnerabilities/mmio_stale_data. The kernel change also introduces a new mmio_stale_data= kernel parameter that can be used for forcing the mitigation off, providing full mitigation, or full mitigation with SMT/HT disabled for affected Intel CPUs as the "complete" mitigation.

See this merge for the Linux kernel side mitigation to the MMIO Stale Data vulnerabilities, which is separate from today's Hertzbleed disclosure.
8 Comments
Related News
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
Intel Has Many Improvements For The Xe Graphics Driver In Linux 6.10
Intel Enabling Linux Driver Display Support For Upcoming "Battlemage" GPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
systemd Rolling Out "run0" As sudo Alternative
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available
Proton 9.0 RC2 Makes More Windows Games Playable On Linux, Other Fixes