Linux Patched For New Intel "MMIO Stale Data" Vulnerabilities

Written by Michael Larabel in Intel on 14 June 2022 at 01:39 PM EDT. 8 Comments
INTEL
In addition to the Hertzbleed frequency scaling side-channel attack being made public today as part of "Patch Tuesday" and affecting both Intel and AMD CPUs, Intel is additionally disclosing a set of "MMIO Stale Data" vulnerabilities. The Linux kernel has already been patched for these new vulnerabilities affecting multiple generations of Intel CPUs from Rocket Lake back to Haswell X and Skylake.

Intel issued a security advisory over security vulnerabilities in its Memory Mapped I/O (MMIO) handling for Intel CPUs that could lead to information disclosure. Intel is releasing updated firmware/microcode and also mitigation handling in the Linux kernel. There are four separate CVEs for these MMIO Stale Data vulnerabilities that pertain to potential information disclosure via local access. Intel recommends updated SGX software for Linux and Windows. There is also new firmware being pushed out and merged at embargo time were Linux kernel patches for these vulnerabilities.

This new kernel documentation further outlines the problem. Haswell X and Skylake to Rocket Lake is impacted with at least some steppings, some Xeon CPUs are only affected by some of the vulnerabilities, etc as outlined in the documentation.


The mitigation for these MMIO Stale Data vulnerabilities is to force the CPU to clear the affected buffers before they an attacker can extract the secrets. With the updated CPU microcode, the microcode will clear the CPU buffers when the "VERW" instruction is called. These buffer clears are happening on return to user-space, before C-state transitions, and guest entry points (VMENTER). This mitigation handling largely overlaps with the prior MDS / TAA mitigation handling.

Mitigation status on patched Linux kernel builds will be exposed under /sys/devices/system/cpu/vulnerabilities/mmio_stale_data. The kernel change also introduces a new mmio_stale_data= kernel parameter that can be used for forcing the mitigation off, providing full mitigation, or full mitigation with SMT/HT disabled for affected Intel CPUs as the "complete" mitigation.

See this merge for the Linux kernel side mitigation to the MMIO Stale Data vulnerabilities, which is separate from today's Hertzbleed disclosure.
8 Comments
Related News
Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries