Intel and Microsoft have published fresh security advisories regarding a list of new CPU vulnerabilities affecting Intel Core processors. These security flaws are related to a CPU's memory-mapped I/O (MMIO) and hence are called "MMIO Stale Data Vulnerabilities" collectively. A threat actor, upon successful exploitation of a vulnerable system, can read privileged information on a compromised system.
Microsoft, in its security advisory ADV220002, has described how potential attack scenarios can unfold:
An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries. In shared resource environments (such as exists in some cloud services configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. In non-browsing scenarios on standalone systems, an attacker would need prior access to the system or an ability to run a specially crafted application on the target system to leverage these vulnerabilities.
These vulnerabilities are known as:
The MMIO uses the processor’s physical-memory address space to access I/O devices that respond like memory components. Intel, in its security advisory INTEL-SA-00615, has described in more details how the vulnerability can be exploited using CPU uncore buffer data:
Processor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. When a processor core reads or writes MMIO, the transaction is normally done with uncacheable or write-combining memory types and is routed through the uncore, which is a section of logic in the CPU that is shared by physical processor cores and provides several common services. Malicious actors may use uncore buffers and mapped registers to leak information from different hardware threads within the same physical core or across cores.
[...] These vulnerabilities involve operations that result in stale data being directly read into an architectural, software-visible state or sampled from a buffer or register. In some attack scenarios, stale data may already reside in a microarchitectural buffer. In other attack scenarios, malicious actors or confused deputy code may propagate data from microarchitecture locations such as fill buffers.
According to Microsoft, the following Windows versions are affected:
- Windows 11
- Windows 10
- Windows 8.1
- Windows Server 2022
- Windows Server 2019
- Windows Server 2016
The list of affected CPUs alongside their respective mitigations are given in the image below:
The full list of affected CPU models can be found on this page on Intel's official website in the 2022 section.