Linux Patched For New Intel "MMIO Stale Data" Vulnerabilities

Written by Michael Larabel in Intel on 14 June 2022 at 01:39 PM EDT. 8 Comments
In addition to the Hertzbleed frequency scaling side-channel attack being made public today as part of "Patch Tuesday" and affecting both Intel and AMD CPUs, Intel is additionally disclosing a set of "MMIO Stale Data" vulnerabilities. The Linux kernel has already been patched for these new vulnerabilities affecting multiple generations of Intel CPUs from Rocket Lake back to Haswell X and Skylake.

Intel issued a security advisory over security vulnerabilities in its Memory Mapped I/O (MMIO) handling for Intel CPUs that could lead to information disclosure. Intel is releasing updated firmware/microcode and also mitigation handling in the Linux kernel. There are four separate CVEs for these MMIO Stale Data vulnerabilities that pertain to potential information disclosure via local access. Intel recommends updated SGX software for Linux and Windows. There is also new firmware being pushed out and merged at embargo time were Linux kernel patches for these vulnerabilities.

This new kernel documentation further outlines the problem. Haswell X and Skylake to Rocket Lake is impacted with at least some steppings, some Xeon CPUs are only affected by some of the vulnerabilities, etc as outlined in the documentation.

The mitigation for these MMIO Stale Data vulnerabilities is to force the CPU to clear the affected buffers before they an attacker can extract the secrets. With the updated CPU microcode, the microcode will clear the CPU buffers when the "VERW" instruction is called. These buffer clears are happening on return to user-space, before C-state transitions, and guest entry points (VMENTER). This mitigation handling largely overlaps with the prior MDS / TAA mitigation handling.

Mitigation status on patched Linux kernel builds will be exposed under /sys/devices/system/cpu/vulnerabilities/mmio_stale_data. The kernel change also introduces a new mmio_stale_data= kernel parameter that can be used for forcing the mitigation off, providing full mitigation, or full mitigation with SMT/HT disabled for affected Intel CPUs as the "complete" mitigation.

See this merge for the Linux kernel side mitigation to the MMIO Stale Data vulnerabilities, which is separate from today's Hertzbleed disclosure.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week