Intel has disclosed information about Microarchitectural vulnerabilities in Intel Atom processors (e-Core), which allow attackers to access data used by a process before it is executed on the same CPU core. This vulnerability, known as Rfds (Register File Data Sampling), is due to the residual information in the processor’s register files that store the contents of registers for all tasks on the same CPU core.
The issue was discovered by Intel engineers during an internal audit. While detailed information about the vulnerability’s operation is not fully revealed, it is believed that attackers cannot selectively choose processes to extract data, making the extraction of information somewhat random. However, monitoring residual information can potentially lead to the leakage of confidential data processed in vector registers, floating and integer number registers, processes of other users, the system’s core, virtual machines, SGX enclaves, and SMM mode.
The leakage primarily affects vector registers used in encryption, memory copying functions, and line processing, as well as functions like Memcpy, StrCmp, and Strlen. Although residual data are not stored directly in software registers, they can be accessed from register files through attack methods like data analysis in the CPU cache.
These vulnerabilities impact ATOM processors based on Alder Lake, Raptor Lake, Tremont, GoldMont, and GraceMont microarchitectures. Since the vulnerable processors do not support Hyperthreading mode, data leakage can occur within the scope of a single CPU core thread. Measures to address the vulnerability have been included in the microcode update microCode-20240312-staging. The protection methods are similar to those used to mitigate previously identified vulnerabilities like MDS, SRBDS, TAA, DRPW, and SBDS.
In addition to updating the microcode, software protection methods utilizing VerW instructions to clear microarchitectural buffers have been implemented to prevent data leakage in kernels and hypervisors. These updates have been incorporated into the Xen hypervisor as well.