Intel recently had to admit another speculative error in side-channel execution in many processors. The vulnerability affects most of the company’s processor SKUs since 2008, with the exception of the 8th-ranked chips. and 9. Generation to which Intel announced that they would already include hardware implementations against this error. The problem with Microarchitectural Data Sampling (MDS) is just another speculative attack that can allow malicious intruders to execute code locally to extract sensitive data that would otherwise be caused by the architectural mechanisms of the Intel processors would be protected.
According to Intel, four CVEs were assigned to this error in Intel’s processors, including:
- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-12127 Microarchitectural Load Data Sampling (MLPDS)
- CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Major changes to the operating system needed
Intel believes that Microsoft and other operating system vendors, hypervisor providers, and Intel itself, need to make significant changes to their software to protect users from this speculative execution issue. The solution involves deleting buffers when switching to running different software. for example, every time a processor switched from one third-party application to another that would move from one windows process to a third-party application or even from less trusted windows processes, you would have to the buffers are deleted or overwritten.
Adding such an important step in the processing software, however, would most likely lead to a significant loss of performance. It remains to be seen how large or small this is, but the probability that there could be noticeable slumps is very high and not to be dismissed.
Intel recommends disabling Hyper Threading – with limitations
The company acknowledged in its white paper that software prevention will have a significant impact on the functioning of HT. The threads require a higher level of isolation from each other, and they can no longer run processes from different security domains. Threads from different security domains will simply remain unused, resulting in wasted computing power.
It now seems that with each newly surfaced speculative execution attack, Intel’s Hyper Threading either becomes less secure or even slower. Intel itself seems to be moving away from hyper-threading on some of its best CPUs lately (we’ll remind you of the current 6-corers without HT), even in the face of AMD’s competition with both higher core count and simultaneous multithreading (SMT) )-Support at similar or lower prices. We already wondered at the time why Intel is pursuing such a strategy, and now we probably know why.
Intel has long struggled to accept disabling HT as a (temporary) solution if it was asked for a CPU error that had already become known at the time of the discovery, but in a white paper, the company also stated that the Deactivation of HT as a whole may (but does not have to) be justified as protection against MDS attacks.
Despite all these drawbacks, Intel also mentioned in the white paper that software solutions and patches are strongly recommended, even though the vulnerabilities themselves are considered low to medium. But Intel is also suggesting that future processors will use MDS methods that are already possible in the hardware. Some of the company’s current chips could also allow for similar interventions, but only after loading a special microcode update. In other words, you’ll have to rely on the motherboard or laptop manufacturer to provide you with this update before you can even benefit from this measure.
However, Intel has also made it clear that it is not recommended to everyone to disable hyper-threading per se, but that some of Intel’s customers should consider the option based on their security requirements. Here we quote Intel literally:
Once these updates are installed, it may make sense for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software will run on their systems and use Simultaneous Multi-Threading (SMT). In these cases, customers should consider how to use SMT for their respective workload(s), seek advice from their OS and VMM software vendors, and define the security threat model for their environment. Because these factors will vary greatly depending on the customer, Intel does not recommend disabling Intel® HT, and it is important to understand that this alone does not provide protection against MDS.
Google seems to be one of these selected customers who thinks the risk of keeping HT enabled is simply too great. The company has posted on the Chromium page that HT will be disabled in Chrome OS version 74:
To protect users, Chrome OS 74 disables hyper-threading by default. For the majority of our users, whose workflows are mostly interactive, this reduces the safety risk of MDS without any noticeable loss of responsiveness. Chrome OS 75 will include additional attenuation.
Virtually all Intel chips, starting with the Nehalem architecture (introduced in 2008, 11 years ago) and newer, with the exception of Whiskey Lake (ULT refresh), Whiskey Lake (desktop), and Atomic and Knights architectures, are affected by the MDS vulnerabilities.
What this tells us is not only that there are now several speculative execution attacks on Intel’s processors (or more to come) until Intel performs a major overhaul of its architecture, but that most of these are already existing chips will probably never be patched against this and other bugs. Motherboard and laptop OEMs tend to update only their latest products, so the majority of systems sold in the last 11 years are likely to remain vulnerable.
Those who receive the patches shouldn’t necessarily consider themselves to be so much happier either, as the performance loss after applying the patches could be significant. Those who buy the new Intel chips from Whiskey Lake Refresh and later should expect a much lower performance loss, at least until a new speculative execution attack occurs that can bypass the new mitigation measures again. Intel has provided more information about the MDS errors on its website, including instructions on how to retrieve the software patches.
Sources: Tom’s Hardware, Intel, Google