Intel Shields Processors, Mitigates Register File Data Sampling Exploit
Intel has updated the microcode for its processors to address five security vulnerabilities and has also integrated new code into the Linux kernel to mitigate the effects of a new vulnerability (CVE-2023-28746) related to Register File Data Sampling (RFDS), affecting Atom and E processors.
The company has released microcode updates for processors targeting vulnerabilities SA-00972, SA-00982, SA-00898, SA-00960, and SA-01045. These updates protect against various issues, including potential service denials due to processor bus locks, information leakage through processor return predictions, a medium-level RFDS vulnerability, and an escalation of privilege vulnerability in 3rd and 4th generation Xeon processors with SGX and TDX technologies.
Furthermore, the new processor microcode includes updates to address unspecified functional issues affecting processors from Core Ultra “Meteor Lake” to 7th generation Core processors, as well as 4th and 2nd generation Xeon Scalable processors. This is the first instance of Intel publishing new CPU microcode files for Meteor Lake and Emerald Rapids processors.
The new Intel processor microcode files are available for download from GitHub. Additionally, protection against the RFDS vulnerability related to Register File Data Sampling has been added to the Linux kernel. This vulnerability allows an attacker to obtain outdated register values from the kernel space. Given the potential for sensitive data to be present in kernel registers, the protective measure involves clearing the values in the registers before returning to user space.
The Register File Data Sampling vulnerability affects Intel Atom and E cores, starting from Goldmont, Tremont, Alder Lake, Raptor Lake, and Gracemont.