Following the release of new microcode updates, Intel and Microsoft have now also published the corresponding security notices. It deals with newly discovered CPU vulnerabilities that affect Intel Core processors and can reveal sensitive data. We have already reported on the new Intel CPU vulnerabilities called “MMIO Stale Data Vulnerabilities”. Now Microsoft and Intel are following up on key details for these hardware-related vulnerabilities and explaining how the vulnerabilities can be exploited.
Memory allocated I/O
The vulnerabilities are related to the so-called memory-mapped I/O – MMIO for short – of a CPU and are therefore collectively referred to as “MMIO stable data vulnerabilities”. A threat actor can read privileged information on its victim’s system after successfully exploiting the vulnerabilities.
These vulnerabilities have been assigned the following CVE numbers:
- CVE-2022-21123 – Shared Read Buffer Data (SBDR)
- CVE-2022-21125 – Common buffer data sample (SBDS)
- CVE-2022-21127 – Update of Special Register for Buffer Data Sampling (SRBDS Update)
- CVE-2022-21166 – Partial Write of Device Registers (DRPW)
Intel explains the error like this: “The ‘MMIO steal data vulnerabilities’ are a class of memory-mapped I/O (MMIO) vulnerabilities that can leak data. When a processor core reads or writes MMIO, the transaction is usually performed using non-cacheable or write-compressing memory types and forwarded to the uncore, a part of the logic in the CPU that is shared between physical processor cores and provides multiple common services Malicious actors can use uncore buffers and mapped registers to store information from different hardware threads within the same physical core or across cores Vulnerabilities affect operations that cause stale data to be read directly into an architectural software-visible state, or sampled from a buffer or registry.
In some attack scenarios, stale data may already be in a buffer.In other attack scenarios, malicious actors can access data storage location leaks es of microarchitecture. Microsoft has in the new Security Advisory ADV220002 also describes possible attack scenarios and recommends importing the updates as soon as possible.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.