It is currently 18 Aug 2019, 13:07




 Page 1 of 1 [ 3 posts ] 
Author Message
 Post subject: The latest CPU bug headache: ZombieLoad
PostPosted: 15 May 2019, 16:54 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2409
Location: France
Has thanked: 83 times
Been thanked: 144 times
And I thought that we were done with SPECTRE and MELTDOWN CPU flaws (fully patched now!)

Now comes a new families of attacks!

https://www.zdnet.com/article/linux-vs-zombieload/

And sure enough:

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* CPU supports the MD_CLEAR functionality: NO
* Kernel supports using MD_CLEAR mitigation: NO
> STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* CPU supports the MD_CLEAR functionality: NO
* Kernel supports using MD_CLEAR mitigation: NO
> STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* CPU supports the MD_CLEAR functionality: NO
* Kernel supports using MD_CLEAR mitigation: NO
> STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* CPU supports the MD_CLEAR functionality: NO
* Kernel supports using MD_CLEAR mitigation: NO
> STATUS: VULNERABLE (Neither your kernel or your microcode support mitigation, upgrade both to mitigate the vulnerability)

Let's wait for the new round of patches!

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
 Post subject: Re: The latest CPU bug headache: ZombieLoads
PostPosted: 15 May 2019, 19:57 
Jedi Master
Jedi Master
User avatar

Joined: 03 May 2004, 19:05
Posts: 5706
Location: United States
Has thanked: 77 times
Been thanked: 106 times
Ugh, good luck with it.
Offline
 Profile  
 
 Post subject: Re: The latest CPU bug headache: ZombieLoads
PostPosted: 16 May 2019, 14:23 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 2409
Location: France
Has thanked: 83 times
Been thanked: 144 times
Intel published new CPU microcodes + Linux Kernel 5.1.2 is adding countermeasures.

[    0.000000] microcode: microcode updated early to revision 0x27, date = 2019-02-26
[    0.892095] microcode: sig=0x306c3, pf=0x2, revision=0x27
[    0.892443] microcode: Microcode Update Driver: v2.2.

+
Linux 5.1.2 #1 SMP Wed May 15 12:07:07 CEST 2019 x86_64 GNU/Linux

After a reboot with a fresh kernel + microcodes, we're good again!

CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality: YES
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality: YES
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality: YES
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)

CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
* Mitigated according to the /sys interface: YES (Mitigation: Clear CPU buffers; SMT vulnerable)
* CPU supports the MD_CLEAR functionality: YES
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in /proc/cpuinfo)
* Kernel mitigation is enabled and active: YES
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (Mitigation: Clear CPU buffers; SMT vulnerable)

Julien
_________________
LDDb on Facebook!
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 3 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: