null
(Ed.)
In early 2018, Meltdown first showed how to read arbitrary kernel
memory from user space by exploiting side-effects from transient
instructions. While this attack has been mitigated through stronger
isolation boundaries between user and kernel space, Meltdown
inspired an entirely new class of fault-driven transient-execution
attacks. Particularly, over the past year, Meltdown-type attacks
have been extended to not only leak data from the L1 cache but
also from various other microarchitectural structures, including the
FPU register file and store buffer.
In this paper, we present the ZombieLoad attack which uncovers
a novel Meltdown-type effect in the processor’s fill-buffer logic.
Our analysis shows that faulting load instructions (i.e., loads that
have to be re-issued) may transiently dereference unauthorized
destinations previously brought into the fill buffer by the current
or a sibling logical CPU. In contrast to concurrent attacks on the
fill buffer, we are the first to report data leakage of recently loaded
and stored stale values across logical cores even on Meltdown- and
MDS-resistant processors. Hence, despite Intel’s claims [36], we
show that the hardware fixes in new CPUs are not sufficient. We
demonstrate ZombieLoad’s effectiveness in a multitude of practical
attack scenarios across CPU privilege rings, OS processes, virtual
machines, and SGX enclaves. We discuss both short and long-term
mitigation approaches and arrive at the conclusion that disabling
hyperthreading is the only possible workaround to prevent at least
the most-powerful cross-hyperthread attack scenarios on current
processors, as Intel’s software fixes are incomplete.
more »
« less