Hacker News new | past | comments | ask | show | jobs | submit login

for those who want to know about who's impacted :

"Intel. We notified Intel about our findings, including a preliminary writeup and proof-of-concept code, on January 31st, 2019. Intel had acknowledged the issue and requested an embargo on the results in this paper, ending May 14th, 2019. Intel has further classified this issue as Microarchitectural Store Buffer Data Sampling (MSBDS), assigning it CVE-2018-12126 and a CVSS ranking of Medium. Finally, Intel had indicated that we are the first academic group to report this issue and that a similar issue was found internally as well.

AMD. We also notified AMD’s security response team regarding our findings, including our writeup. AMD had investigated this issue of their architectures and indicated that AMD CPUs are not vulnerable to the attacks described in this paper.

ARM. We have also notified ARM’s security response team regarding our findings. ARM had investigated this issue and found that ARM CPUs are not vulnerable to the attacks described in this paper. IBM. Finally, we also notified IBM security about the finding reported in this work. IBM had responded that none of their CPUs is affected, including System-V and PowerPC."

And here's a description (from the paper) of the mechanisms :

"The Mechanism Behind Fallout. Fallout exploits an optimization that we call Write Transient Forwarding (WTF), which incorrectly passes values from memory writes to subsequent memory reads. In a nutshell, when the program writes a value to memory, the processor needs to first translate the virtual address of the destination to a physical address and then acquire exclusive access to the location. Rather than stalling the store instruction and subsequent computation, the processor records the value and the address in the store buffer, and continues executing the program. The store buffer then resolves the address, acquires the access to the memory location and stores the data.

When a value is in the store buffer, care should be taken that subsequent loads from the same address do not read stale values from memory. To solve this, the processor matches the addresses of all load instructions against addresses in the store buffer. In the case of a match, the processor forwards the matching value from the store buffer to the load instruction. To increase efficiency, the processor uses partial address matches to rule out the need for store-to-load forwarding. WTF kicks in when a load instruction partially matches a preceding store and the processor determines that the load is bound to fail. In such cases, instead of cleaning up the state of the processor, it marks the load as faulty, and incorrectly forwards the value of the partially matched store.

Exploiting the WTF optimization. Fallout exploits this behavior to leak, through a microarchitectural channel, the value that WTF incorrectly forwards. The attacker deliberately performs a faulty load, causing the CPU to transiently forward an incorrect value from the store buffer. We subsequently leak the value using a Flush+Reload [58] side channel. As the store buffer is a shared resource used by all software running on a CPU core, the incorrectly-forwarded value might not even belong to the attacker’s process."




> ... we call Write Transient Forwarding (WTF)...

WTF starts to be rather overloaded acronym. Reminds me for example of "Wobbly Transformation Format" [0]...

[0]: https://en.wikipedia.org/wiki/UTF-8#WTF-8


"Fallout" also seems like a particularly bad choice of name to sell this vulnerability by, since the game series is so well known.

(I would also prefer descriptive names rather than this kind of marketing, but these are the times we live in.)


The game series is named after an even better known word. This is a bit like complaining Super Mario Odyssey shouldn't have been named after the Honda Odyssey and that Assassin's Creed: Odyssey needlessly muddied the waters further.


The instantly recognizable connotation of "fallout" is "nuclear fallout". The game series, which is post-apocalyptically themed, almost certainly derives its name from that.


Of course it does. But in the context of computing equipment, the computer game series was the first thing that came to my mind. Nuclear fallout is in a different domain.


> for those who want to know about who's impacted : ...

tldr: Intel. Intel is impacted. Again.




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: