CrossTalk - Another Intel-Exclusive Vulnerability Worries Security Researchers
The MDS vulnerabilities - a set of weaknesses in Intel x86 microprocessors that arise from the implementation of speculative execution - have been troubling security researchers for some time. Recently, a new type of Microarchitectural Data Sampling (MDS) vulnerability has been identified in Intel processors, dubbed CrossTalk by Intel.
In June 2020, the Vrije University's Systems and Network Security Group (VUSec) discovered this new transient execution vulnerability called CrossTalk (aka Special Register Buffer Data Sampling (SRBDS)), tracked as CVE-2020-0543 (or Intel-SA-00320), impacting Intel processors.
- The CrossTalk vulnerability enables attacker-controlled code executing on one CPU core to leak sensitive data from victim software executing on a different core. It uses Intel's Software Guard Extension (SGX) secure enclaves against the processor so it can be executed.
- The vulnerability can be exploited to request to read data from a staging buffer and leak the data across cores using MDS attacks.
- Intel Core-family microarchitecture client and Intel Xeon E3 processors that implement RDRAND and/or RDSEED and are affected by either Microarchitectural Fill Buffer Data Sampling (MFBDS) or Intel Transactional Synchronization Extensions (Intel TSX) Asynchronous Abort, may also be affected by the SRBDS flaw.
More about Microarchitectural Data Sampling (MDS) vulnerabilities
The MDS vulnerabilities exploit the possibility of reading data buffers found between different cores of the processor. Here are some recent vulnerabilities and attacks related to MDS.
- The common MDS variants are - Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12126; Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127; Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130; Microarchitectural Data Sampling Uncacheable Memory (MDSUM), CVE-2019-11091; and Transactional Asynchronous Abort (TAA), CVE-2019-11135.
- Some of the known attacks exploiting the MDS vulnerabilities include Fallout, Rogue In-Flight Data Load (RIDL), ZombieLoad, and ZombieLoad 2.
Intel has released microcode (CPU firmware) updates to patch the CrossTalk vulnerability for all the older Intel CPU lines. In general, it is recommended apply the latest updates and necessary fixes to the operating systems, virtualization mechanisms, web browsers, and microcode to avoid exploitation of known vulnerabilities.