Microarchitectural Data Sampling, aka Fallout, RIDL and Zombieload

Disclosed the 14th of May 2019, MDS is yet another side-channel cache-based read-only boundaries violation, with 3 different CVE assigned: CVE-2018-12126, CVE-2018-12127, CVE-2019-11091 and CVE-2018-12130. The same day, the Linux, as well as Windows and macOS released patches, to protect the kernel from a malicious userland.

The 17th of May, Philip Guenther implemented a mitigation, using either hardware mitigation when available, or implementing, like everybody else, Intel’s recommendation: trashing store/load buffers before returning to userland. But since OpenBSD disables hyper-threading by default, they’re not vulnerable in the first place, and are also mitigating userland processes attacking each other.