Questions tagged [cpu-mds]
5 questions
10
votes
2 answers
How do the store buffer and Line Fill Buffer interact with each other?
I was reading the MDS attack paper RIDL: Rogue In-Flight Data Load. They discuss how the Line Fill Buffer can cause leakage of data. There is the About the RIDL vulnerabilities and the "replaying" of loads question that discusses the…
Daniel Näslund
- 2,300
- 3
- 22
- 27
7
votes
1 answer
What are the microarchitectural details behind MSBDS (Fallout)?
CVE-2018-12126 has been assigned to MSBDS (Microarchitectural StoreBuffer Data Sampling), a vulnerability of Intel's processors belonging to the newly created MDS (Microarchitectural Data Sampling) class.
I'm trying to get the microarchitectural…
Margaret Bloom
- 41,768
- 5
- 78
- 124
4
votes
0 answers
What is the microarchitectural root cause of ZombieLoad?
My interpretation is that, on a TLB miss, the PMH walks the page table and performs stuffed loads into the load buffer; if it encounters accessed or dirty bits that need to be set it communicates an exception code which will mark the load for…
Lewis Kelsey
- 4,129
- 1
- 32
- 42
4
votes
2 answers
About the RIDL vulnerabilities and the "replaying" of loads
I'm trying to understand the RIDL class of vulnerability.
This is a class of vulnerabilities that is able to read stale data from various micro-architectural buffers.
Today the known vulnerabilities exploits: the LFBs, the load ports, the eMC and…
Margaret Bloom
- 41,768
- 5
- 78
- 124
2
votes
1 answer
What is an assisted/assisting load?
The RIDL exploit requires that the attacker trigger a page fault to be able to read stale data from the Line Fill Buffer. But according to About the RIDL vulnerabilities and the "replaying" of loads, an assisted load can also be used.
That question…
Daniel Näslund
- 2,300
- 3
- 22
- 27