2020-06-09 Published date:
|Industry-wide severity ratings can be found in the National Vulnerability Database
Special Register Buffer Data Sampling
Affected Processors (2018-2021 tab, Special Register Buffer Data Sampling column)
SRBDS mitigation impact on Intel® Secure Key
Microarchitectural Fill Buffer Data Sampling
Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort (TAA)
Refined speculative execution terminology
A new domain bypass transient execution attack known as special register buffer data sampling (SRBDS) may allow data values from special registers to be inferred by malicious code executing on any core of the CPU. This vulnerability affects some client and Intel® Xeon® E3 processors; it does not affect other Intel Xeon or Intel Atom® processors. SRBDS has been assigned CVE-2020-0543 with a base score of CVSS 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.
Certain processor operations (such as RDRAND) microarchitecturally need to read data from outside the physical core (for example, from a random number generator shared between cores). This is often performed through an internal microarchitectural operation called a special register read.
On some processors, the data returned for a special register read is staged in a shared microarchitectural buffer and then transferred to the microarchitectural fill buffer within the physical core that performed the read. On affected processors, when the shared staging buffer is updated on a read, only the portion of the staging buffer needed for that read is updated. The other portions of the staging buffer are not modified. The unmodified portions of the staging buffer may contain stale data from previous special register reads, including those done by other cores. On processors affected by Microarchitectural Fill Buffer Data Sampling (MFBDS) or Intel® Transactional Synchronization Extensions (Intel® TSX) Asynchronous Abort (TAA), an adversary may be able to infer data in the fill buffer entries.
This means that on affected processors that are also affected by MFBDS or TAA, it may be possible for software to infer the value returned by special register reads on other logical processors (including other physical cores) by using MFBDS or TAA techniques. Only the value that was present in the staging buffer used by special register reads can be inferred cross-core.
According to Intel’s evaluation, the special register reads that may be used in methods that rely on their data being kept secret are:
- SGX EGETKEY
Refer to Special Register Buffer Data Sampling for further details.
On affected processors, Intel has released microcode updates whose default behavior is to modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite stale special register data in the shared staging buffer before the stale data can be accessed by any other logical processor on the same core or on a different core.
During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core accesses from other logical processors will be delayed until the special register read is complete and the stale data in the shared staging buffer is overwritten.
On systems that have loaded the microcode with the mitigation, the processors are fully mitigated by default.
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources