admin-guide/hw-vuln/mds.rst

1 MDS - Microarchitectural Data Sampling
9 -------------------
14    - Processors from AMD, Centaur and other non Intel vendors
16    - Older processor models, where the CPU family is < 6
18    - Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)
20    - Intel processors which have the ARCH_CAP_MDS_NO bit set in the
31 ------------
36    CVE-2018-12126  MSBDS  Microarchitectural Store Buffer Data Sampling
37    CVE-2018-12130  MFBDS  Microarchitectural Fill Buffer Data Sampling
38    CVE-2018-12127  MLPDS  Microarchitectural Load Port Data Sampling
39    CVE-2019-11091  MDSUM  Microarchitectural Data Sampling Uncacheable Memory
43 -------
45 When performing store, load, L1 refill operations, processors write data
49 Under certain conditions, usually a fault/assist caused by a load
52 assist and its result will be discarded, the forwarded data will not cause
57 Because the buffers are potentially shared between Hyper-Threads cross
58 Hyper-Thread attacks are possible.
65 ----------------
67 Attacks against the MDS vulnerabilities can be mounted from malicious non-
76 Web-Browsers
79   It's unclear whether attacks through Web-Browsers are possible at
80   all. The exploitation through Java-Script is considered very unlikely,
88 -----------------------
98   .. list-table::
100      * - 'Not affected'
101        - The processor is not vulnerable
102      * - 'Vulnerable'
103        - The processor is vulnerable, but no mitigation enabled
104      * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
105        - The processor is vulnerable but microcode is not updated.
108      * - 'Mitigation: Clear CPU buffers'
109        - The processor is vulnerable and the CPU buffer clearing mitigation is
141 -------------------------
161   other variants cannot be protected against cross Hyper-Thread attacks.
174   - CPU is affected by L1TF:
184     :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.
186   - CPU is not affected by L1TF:
194    L1TF         MDS   VMX-L1FLUSH   Host MDS     MDS-State
219   cross Hyper-Threads when entering idle states. Some XEON PHI variants allow
233   All MDS variants except MSBDS can be attacked cross Hyper-Threads. That
242   :ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.
248 ---------------------------------------------
275 --------------------------
302 -------------------
306   - Enable CPU buffer clearing
311   See :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <default_mitigations>`.