Attackers can access storage buffers, load ports and fill in obsolete contents of buffers that may contain data belonging to another process or from different security contexts. Therefore, between user space processes, between the kernel and user space,virtual machineAccidental memory leaks may occur between virtual machines and host environments.
ZombieLoad is different from other speculative side-channel attacks because attackers cannot locate specific data. Attackers can sample the contents of the buffer regularly, but they cannot control the data in the buffer when collecting samples. Therefore, additional work is needed to collect and rebuild data into meaningful data sets. This is also where Zombie Load is more complex.
Although ZombieLoad has a high cost of getting valuable data, major companies attach great importance to this vulnerability. After all, it has affected almost all chips since 2011 and has a wide range of attacks.
Intel itself has released microcodes to ease the problem architecturally, and other technology companies such as Apple, Inc.MicrosoftAnd Google has also released patches.
But there are also companies that thinkPatches alone don't work.Red Hat, for example, thinks Zombie Load is dangerous in cloud scenarios because you can't control what users in adjacent virtual machines are running. John Morello, chief technology officer of Twistlock, a cloud security company, also points out that "this vulnerability may have the greatest impact on dense, multi-tenant public cloud providers."
On the other hand, Ubuntu has already patched, but it says in its security announcement that if there is untrusted or potentially malicious code in the user's system,It is recommended to disable hyperthreading。
If your processor does not support hyperthreading (also known as symmetric multithreading (SMT), then the kernel and corresponding Intel microcode package updates will completely address the MDS (Zombie Load) vulnerability. If your processor supports hyperthreading and has hyperthreading enabled, MDS will not be completely alleviated.
Therefore, if you want to completely alleviate the vulnerability, you need to temporarily abandon the CPU's hyperthreading capabilities. In fact, both Apple and Google have warned MacOS and Chrome OS users to disable hyperthreading for full protection, and Google now defaults to disable hyperthreading from Chrome OS 74.
But the performance cost of disabling hyperthreading is a bit high. Comparing the data of ZombieLoad microcode and patch on system performance:
A spokesman for Intel said that most patched devices could be affected by 3% performance at worst, compared with 9% in a data center environment.
The other sidePostgreSQL benchmark test found that the performance of some workloads decreased by 30% to 40% when hyperthreading was disabled, 34% when Ngnix benchmark was disabled, and researchers at Zombieload said that the performance of some workloads decreased by 30% to 40% when hyperthreading was disabled.
Safety or performance, how to choose?