New Intel CPU Microcode & "RFDS" Linux Kernel Patch For New Security Vulnerabilities
Intel has released new CPU microcode for addressing five security issues and additionally there is newly-merged Linux kernel code for mitigating the new Register File Data Sampling "RFDS" micro-architectural vulnerability affecting Atom / E cores.
Intel released updated processor microcode for mitigating SA-00972, SA-00982, SA-00898, SA-00960, and SA-01045. These security advisories are providing mitigations for an Intel Processor Bus Lock issue leading to a potential denial of service, an information disclosure vector via processor return predictions, the medium-rated RFDS vulnerability and a 3rd/4th Gen Xeon SGX/TDX escalation of privilege vulnerability.
Plus the new CPU microcode has updates for unspecified functional issues ranging from Core Ultra "Meteor Lake" back through 7th Gen Core processors as well as 4th Gen Xeon Scalable through 2nd Gen Xeon Scalable processors. This microcode drop is also the first time Intel is publishing new CPU microcode files for Meteor Lake and Emerald Rapids processors.
The new Intel CPU microcode files are available for download from GitHub.
Meanwhile merged to Linux Git is the RFDS mitigation for Register File Data Sampling. This vulnerability is around a malicious user-space being able to infer stale register values from kernel space. Due to the possibility of kernel registers having secrets, the mitigation is about clearing the values in the registers right before returning to user-space.
Register File Data Data Sampling affects Intel Atom / E cores from Goldmont, Tremont, Alder Lake, Raptor Lake, and Gracemont cores.
We'll see if any of the microcode changes result in any performance changes on affected generations. Still digging through the advisories due to not being briefed in advance.
Intel released updated processor microcode for mitigating SA-00972, SA-00982, SA-00898, SA-00960, and SA-01045. These security advisories are providing mitigations for an Intel Processor Bus Lock issue leading to a potential denial of service, an information disclosure vector via processor return predictions, the medium-rated RFDS vulnerability and a 3rd/4th Gen Xeon SGX/TDX escalation of privilege vulnerability.
Plus the new CPU microcode has updates for unspecified functional issues ranging from Core Ultra "Meteor Lake" back through 7th Gen Core processors as well as 4th Gen Xeon Scalable through 2nd Gen Xeon Scalable processors. This microcode drop is also the first time Intel is publishing new CPU microcode files for Meteor Lake and Emerald Rapids processors.
The new Intel CPU microcode files are available for download from GitHub.
Meanwhile merged to Linux Git is the RFDS mitigation for Register File Data Sampling. This vulnerability is around a malicious user-space being able to infer stale register values from kernel space. Due to the possibility of kernel registers having secrets, the mitigation is about clearing the values in the registers right before returning to user-space.
Register File Data Data Sampling affects Intel Atom / E cores from Goldmont, Tremont, Alder Lake, Raptor Lake, and Gracemont cores.
Mitigation
==========
Intel released a microcode update that enables software to clear sensitive information using the VERW instruction. Like MDS, RFDS deploys the same mitigation strategy to force the CPU to clear the affected buffers before an attacker can extract the secrets. This is achieved by using the otherwise unused and obsolete VERW instruction in combination with a microcode update. The microcode clears the affected CPU buffers when the VERW instruction is executed.
Mitigation points
-----------------
VERW is executed by the kernel before returning to user space, and by KVM before VMentry. None of the affected cores support SMT, so VERW is not required at C-state transitions.
We'll see if any of the microcode changes result in any performance changes on affected generations. Still digging through the advisories due to not being briefed in advance.
6 Comments