Microsoft, Intel issue urgent warnings about MMIO Stale Data vulnerability on Windows 11, 10

These security flaws are related to the memory mapped I/O (MMIO) component of the CPU, and are therefore collectively known as "MMIO Stale Data Vulnerabilities". After successfully abusing a vulnerable system, a threat actor can simply read privileged information on the system.

In the recently released ADV220002 security advisory document, Microsoft describes the following potential attack scenarios:

'An attacker who successfully exploited these vulnerabilities could read privileged data on the system across trust boundaries. In shared resource environments (such as in some cloud service configurations), these vulnerabilities could allow one virtual machine to improperly access information from another. Given the situation on standalone systems, an attacker would need prior access to the system or the ability to run a specially designed application on the target system to take advantage of these vulnerabilities.

The list of vulnerabilities that have been documented and tracked includes:

1. CVE-2022-21123 - Shared Buffer Data Read (SBDR)
2. CVE-2022-21125 - Shared Buffer Data Sampling (SBDS)
3. CVE-2022-21127 - Special Register Buffer Data Sampling Update (SRBDS Update)
4. CVE-2022-21166 - Device Register Partial Write (DRPW)

MMIO uses the processor's physical memory address space to access I/O devices, which can respond as memory elements. According to the security advisory document INTEL-SA-00615, Intel has also described in more detail how the vulnerability can be exploited using the CPU's uncached cache data:

The MMIO Stale Data vulnerabilities are a type of memory-mapped I/O (MMIO) vulnerability that can expose data. When a processor core initiates an MMIO read or write process, the transaction is typically performed with non-storable or write-associated memory types and is passed through non-volatile memory, which is a logical part in the shared CPU. shared by the processor cores and provides a number of common services.

[.] These vulnerabilities involve a series of operations that result in stale data being read directly into the architecture, software-visible state, or sampled from buffers or registers. In some attack cases, stale data may already be in the microarchitecture cache. For other attack scenarios, malicious actors can transfer data from microarchitecture locations such as fill buffers.

Analysis from Microsoft shows that the following versions of Windows may be affected by the vulnerability:

1. Windows 11
2. Windows 10
3. Windows 8.1
4. Windows Server 2022
5. Windows Server 2019
6. Windows Server 2016

The list of affected CPUs along with the corresponding mitigation measures are given as follows:

The full list of affected CPU models can be found on Intel's official website, in the 2022 section.

Samuel Daniel

Update 22 June 2022