Intel revealed the information about the new class data leakage through the microarchitectural structures of processors that allow through manipulation with the mechanism mmio ( Memory Mapped Input Output) to determine the information processed on other CPU nuclei. For example, vulnerabilities allow you to extract data from other processes, enclaves of Intel SGX or virtual machines. Vulnerability is specific only for Intel CPU, the processors of other manufacturers of vulnerability do not affect.
vulnerabilities are manifested in various CPU Intel, including processors based on the Haswell, Skylake, Icelake, Broadwell, Lakefirld, Kabylake, Cometlake and Rocketlake, as well as Xeon Ep/Ex, Scalable processors and some Atom. To make an attack, access to MMIO is required, which, for example, can be obtained in virtualization systems that provide the opportunity to appeal to MMIO for guest systems controlled by the attacking. Correction may also be required for systems using the INTEL SGX (Software Guard Extensions).
To block vulnerability, both the updating of the microcode and the use of additional software protection methods based on the use of VerW instructions to clean the contents of microarchitectural buffers at the time of returning from the nucleus to the user’s space or when transmitting the guest system. Similar protection is also used to block previously identified attacks of the MDS (Microarchitectural Data Sampling), Srbds (Special Register Buffer Data Sampling) and TAA (Transactional Asynchronous ABORT).
On the microcode side, the changes necessary for the implementation of protection are proposed in the May microcode update for the CPU Intel (IPU 2022.1). In the Linux nucleus, protection against the new class of attacks in A> in the issues 5.18.5, 5.15.48, 10.10.123, 5.4.199, 4.19.248, 4.14.284 and 4.9.319. To verify the subjectness of the system vulnerabilities in MMIO and assessing the activity of certain protection mechanisms to the Linux nucleus, the file “/sys/devices/system/cpu/vulnerabilites/mmio_stale_data” has been added. To control the protection of the protection, the “MMIO_STALE_DATA” nucleus loading parameter is implemented, which can take the values “Full” (turning on the cleaning of the buffers when moving to the user space and VM), “Full, NOSMT” (as “Full” + additionally disconnects SMT/Hyper- Threads) and “Off” (defense is disabled). Separate corrections are proposed for the hypervisor xen and the operating system quBes