Side Channel Vulnerabilities: Microarchitectural Data Sampling and Transactional Asynchronous Abort

  • Processor: Intel® Core™ i9-9900K processor
  • Memory: 2x16GB
  • Storage: Intel® 760p 512GB SSD NVMe*
  • Display Resolution: 1920x1080
  • OS: Windows* 10, version 1809
  • Graphics: Intel® HD Graphics 630
  • Date Tested: May 7, 2019
  • Tested By: Intel Corporation. Note: All the Client measurements used the same SKUs. For MDS impact, changed only microcode and OS for various configurations
  • SPEC benchmark results based on Intel internal measurements; ratios provided as research usage

  • Processor: 1-node, 2x Intel® Xeon® Platinum 8180 processor (28 core, 2.5 GHz) on S2600WFT platform
  • Memory: 384 GB (12 slots / 32GB / DDR4-2666) total memory
  • Storage: S3710 400G
  • Pre MDS mitigation:
  • OS: Redhat Enterprise Linux* 7.6 3.10.0-957.10.1.el7.x86_64
  • Microcode: 0x200005a
  • Post MDS Mitigation:
  • OS: Redhat Enterprise Linux*
  • Microcode: 0x200005e

  • Processor: 1-node, 2x Intel® Xeon® processor E5-2699 v4 (22 core, 2.2 GHz) on S2600WTTS1R platform
  • Memory: 256 GB (8 slots / 32GB / DDR4-2666 (run at 2400)) total memory
  • Storage: S3710 400G
  • Pre MDS mitigation:
  • OS: Redhat Enterprise Linux* 7.6 3.10.0-957.10.1.el7.x86_64
  • Microcode: 0xb000030
  • Post MDS Mitigation:
  • OS: Redhat Enterprise Linux* 7.6 3.10.0-957.12.2.el7.x86_64
  • Microcode: 0xb000036

Transactional Asynchronous Abort (TAA)(CVE-2019-11135) is a speculative execution side channel issue related to Intel® Transactional Synchronization Extensions (Intel® TSX). TAA affects the same microarchitectural structures as microarchitectural data sampling (MDS). Intel continues to work with industry partners to develop and disclose information and mitigations for TAA.

MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four closely related CVEs first identified by Intel’s internal researchers and partners and independently reported to Intel by external researchers.

  • Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127
  • Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126
  • Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130
  • Microarchitectural Data Sampling Uncacheable Sampling (MDSUM) - CVE-2019-11091

Exploiting MDS and TAA outside the controlled conditions of a research environment is a complex undertaking and Intel is not aware of any reported real-world usage of these security issues. The microcode updates Intel has released, when coupled with corresponding updates to operating system and hypervisor software available from our industry partners, provide many customers with the protections they need. It may be appropriate for some customers to consider additional steps. This includes customers who cannot guarantee that trusted software is running on their system(s) and are using Simultaneous Multi-Threading (SMT). In these cases, customers should consider how they utilize SMT for their particular workload(s), guidance from their OS and VMM software providers, and the security threat model for their particular environment. In all cases, Intel recommends that people keep their systems up to date.

Yes. Processor microcode released as part of Intel’s regular update process, when coupled with operating system and hypervisor software updates available from our industry partners, helps ensure consumers, IT professionals, and cloud service providers have access to the protections they need.
For in-depth information, visit our Software Security website.

There are three cases depending on which mitigation path the user chooses:

a. No mitigation chosen. No performance impact.

b. Disable TSX

  • Applications that do not use TSX are unaffected
  • TSX enabled applications will have all transactions aborted. Impact depends on how heavily TSX is used and how much the application performance depends on TSX transactions committing in parallel.

c. Use VERW to overwrite microarchitectural buffers. On systems that already use MDS mitigation there is no additional impact. On systems that don’t use MDS mitigation currently this will be similar impact as MDS mitigations.

No. Intel is not aware of any reported real-world usage of these vulnerabilities.

Yes. MDS vulnerabilities are addressed by hardware changes with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® processor Scalable family. We expect all future processors will include hardware mitigations addressing these vulnerabilities.

More information can be found by going here.

No. Intel is not recommending that users disable Intel® Hyper-Threading Technology (Intel® HT Technology). It’s important to understand that doing so does not alone provide protection against MDS, and may impact workload performance or resource utilization that can vary depending on the workload.

Coordinated Vulnerability Disclosure (also referred to as "CVD" or “responsible disclosure”) is widely regarded as the best way to responsibly protect customers from security vulnerabilities. CVD is based on two foundational concepts: when companies become aware of security vulnerabilities, (1) they work quickly, collaboratively, and effectively to mitigate those vulnerabilities, and (2) they simultaneously take steps to minimize the risk that exploitable information becomes available before mitigations are available – through leaks or otherwise – to those who would use it for malicious purposes.

These principles are perhaps best expressed by the Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute:
“The public and especially users of vulnerable products deserve to be informed about issues with those products and how the vendor handles those issues. At the same time, disclosing such information without review and mitigation only opens the public up to exploitation. The ideal scenario occurs when everyone coordinates and cooperates to protect the public.”

More information on coordinated disclosure and its importance can be found in the Guide to Coordinated Vulnerability Disclosure.