Intel and Microsoft have released new security advisories regarding a list of new CPU vulnerabilities affecting Intel Core processors. These security vulnerabilities relate to a processor’s memory-mapped I/O (MMIO) and are therefore collectively referred to as “MMIO stale data vulnerabilities”. A malicious actor, upon successful exploitation of a vulnerable system, can read privileged information about a compromised system.
Microsoft, in its security advisory ADV220002, described how potential attack scenarios can unfold:
An attacker who successfully exploited these vulnerabilities could be able to read privileged data across trust boundaries. In shared resource environments (as exists in some cloud service configurations), these vulnerabilities could allow one virtual machine to inappropriately access another’s information. In non-navigation scenarios on autonomous systems, an attacker would need prior system access or the ability to run a specially crafted application on the target system to exploit these vulnerabilities.
These vulnerabilities are known as:
The MMIO uses the processor’s physical memory address space to access I/O devices that respond as memory components. Intel, in its security advisory INTEL-SA-00615, further described how the vulnerability can be exploited using the processor’s non-core buffer data:
The CPU MMIO stale data vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. When a CPU core reads or writes MMIO, the transaction is normally performed with non-cache or write-combining memory types and is routed through the uncore, which is a section of CPU logic that is shared by physical processor cores and provides several common services. Malicious actors can use non-core buffers and mapped registers to leak information from different hardware threads within the same physical core or between cores.
[…] The vulnerabilities involve operations that result in the direct reading of stale data in a software-visible or sampled architectural state from a buffer or register. In some attack scenarios, stale data may already reside in a microarchitectural buffer. In other attack scenarios, malicious actors or confusing helper code can propagate data from microarchitecture locations such as padding buffers.
According to Microsoft, the following Windows versions are affected:
- Windows 11
- Windows 10
- Windows 8.1
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
Meanwhile, Linux has already been patched for MMIO Stale Data vulnerabilities.
The list of affected processors and their respective mitigations are given in the image below:
The full list of affected CPU models can be found on this page of Intel’s official website in the 2022 section.
Source: Microsoft via WinFuture