Back
Intel CPU attacks leak secrets Information to attackers
- By Elite CIO
May 22, 2019
8
Intel CPU attacks leak secrets Information to attackers
It has been noticed some new flaws in Intel processors that could allow hackers to defeat the security boundaries enforced by virtual machine hypervisors, OS kernels and Intel SGX enclaves, putting data on both servers and endpoint systems at risk. The new attack techniques can be used to leak sensitive secrets information like passwords or encryption keys from protected memory regions and are not blocked by mitigation for past CPU attacks.
Intel calls this new class of attacks micro architectural data sampling (MDS) and has split the reported issues into four vulnerabilities with distinct CVE numbers:
• CVE-2018-12126 – Microarchitectural store buffer data sampling (MSBDS)
• CVE-2018-12127 – Microarchitectural load port data sampling (MLPDS)
• CVE-2018-12130 – Microarchitectural fill buffer data sampling (MFBDS)
• CVE-2019-11091 – Micro architectural data sampling uncacheable memory (MDSUM)
The vulnerabilities may affect modern Intel CPUs used in servers, desktops and laptops. Intel has published a list of potentially affected CPUs on its website.
Author : Atul Bansal, Gateway Rail