Microarchitectural Data Sampling
Under certain conditions, data in microarchitectural structures that the currently-running software does not have permission to access may be speculatively accessed by faulting or assisting load or store operations. This does not result in incorrect program execution because these operations never complete, and their results are never returned to software. However, software may be able to forward this speculative-only data to a side channel disclosure gadget in a way that potentially allows malicious actors to infer the data.
Microarchitectural data sampling (MDS) includes CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, (6.5 Medium CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and CVE-2019-11091 (3.8 Low CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). MDS speculative execution side channel methods can be used to expose data in the following microarchitectural structures:
Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130
Microarchitectural Load Port Data Sampling (MLPDS) CVE-2018-12127
Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091
MDS only refers to methods that involve microarchitectural structures other than the level 1 data cache (L1D) and thus does not include Rogue Data Cache Load (RDCL) or L1 Terminal Fault (L1TF). Store buffers, fill buffers, and load ports are much smaller than the L1D, and therefore hold less data and are overwritten more frequently. It is also more difficult to use MDS methods to infer data that is associated with a specific memory address, so malicious actors may need to collect significant amounts of data and analyze it to locate any protected data.