Recent articles refer to a new security vulnerability on Intel processors.
For these vulnerabilities named RIDL, Fallout or ZombieLoad, you will find below the CVEs in question:
- CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
- CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
- CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
- CVE-2018-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
To Intel's knowledge, there has been no use of these vulnerabilities outside the research community.
The older generations of processors offered by 3DS OUTSCALE are currently impacted by these vulnerabilities. On the other hand, the new generations of processors (Skylake) are not affected.
Given the complexity of the attack and the necessary prerequisites, the exploitation of these vulnerabilities remains highly theoretical. However, it is possible for 3DS OUTSCALE clients to ensure that they do not share hypervisors with other clients by using the Dedicated option (https://wiki.outscale.net/display/EN/About+Instances#AboutInstances-InstanceTenancyandDedicatedInstances). This makes it possible to mitigate vulnerability to external attackers with certainty.
Also, an upgrade of our servers is planned in the coming days to mitigate some aspects of these vulnerabilities (including data targeting).
We are of course keeping a continuous security watch on the subject. 3DS OUTSCALE works closely with Intel teams and other vendors to mitigate and correct such vulnerabilities as soon as they are discovered.