MDS: The Newest Speculative Execution Side-Channel Vulnerability

Written by Michael Larabel in Intel on 14 May 2019 at 01:00 PM EDT. 45 Comments
INTEL
Intel just disclosed a new speculative execution side-channel vulnerability in its processors similar to the existing Spectre/L1TF vulnerabilities. This new disclosure is called the Microarchitectural Data Sampling (MDS).

The Microarchitectural Data Sampling vulnerability was discovered by Intel researchers and independently reported as well by external researchers and is said to be similar to existing speculative execution side channel vulnerabilities. Fortunately, some current-generation CPUs are not vulnerable and Intel says all new processors moving forward will be mitigated. For those processors affected, microcode/software updates are said to be coming.

Microarchitectural Data Sampling can expose sensitive data to malicious users, assuming they already have access to the system in some capacity. MDS can lead to exposing data from store buffers, fill buffers, and load ports. There are four CVEs making up MDS:

- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Intel microcode updates are said to be coming that will clear microarchitectural buffers when switching between software that does not trust each other. Besides the CPU microcode, kernel-level changes are also coming and likely to hypervisors too. No word on the performance impact in this initial disclosure.

Intel's public statement on the matter says, "Microarchitectural Data Sampling (MDS) is already addressed at the hardware level in many of our recent 8th and 9th Generation Intel Core processors, as well as the 2nd Generation Intel Xeon Scalable Processor Family. For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers who worked with us and our industry partners for their contributions to the coordinated disclosure of these issues."

A public white paper is expected to be released momentarily and we'll be on the lookout for the updated microcode files and subsequent Linux kernel patches. When they are out, of course, I'll be firing up some benchmarks on Phoronix to look at the impact.
45 Comments
Related News
Intel Preps Adaptive Sync SDP, Lunar Lake Display & More DG2 PCI IDs In Linux 6.10
Intel Vulkan Driver Wires Up Image Compression Control For VKD3D-Proton
Native BHI Mitigation Performance Benchmarks On Core i9 14900K Under Linux 6.9
Intel's Newest Software Effort For Achieving Greater Performance: Thin Layout Optimizer
Turbostat Becomes Semi-Useful To Non-Root Users
Intel FFmpeg Cartwheel 2024Q1 Brings New Filter To Transform Old Content
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver