‘Kernel memory leaking’ Intel processor design flaw

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

A fundamental design flaw in Intel’s processor chips related to virtual memory system (Intel x86-64 hardware) allows normal user programs (even JavaScript in web browsers) to discern to some extent the layout or contents of protected kernel memory areas.

It is understood the bug is present in modern Intel processors produced in the past decade. It appears a microcode update can’t address it, so it has to be fixed in software at the OS level. This has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug, which is expected to cause 5 to 30 per cent slow down of your computer on next update!

Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday. Patches for the Linux kernel are available. Apple’s 64-bit macOS, will also need to be updated.

This is bad news for Intel. Last year they had AMT vulnerability remote exploit and now this new blow in Intel security. I don’t think that computer buyers like that their computers become slower! 

Details of the vulnerability within Intel’s silicon are under wraps and are expected to be released later this month – so follow the comments for updates.

183 Comments

  1. Tomi Engdahl says:

    Finding a CPU Design Bug in the Xbox 360
    https://randomascii.wordpress.com

    The recent reveal of Meltdown and Spectre reminded me of the time I found a related design bug in the Xbox 360 CPU – a newly added instruction whose mere existence was dangerous

    Reply
  2. Tomi Engdahl says:

    Intel details performance hit for Meltdown fix on affected processors
    https://techcrunch.com/2018/01/11/intel-details-performance-hit-for-meltdown-fix-on-affected-processors/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Intel’s Navin Shenoy released the results of several benchmarks done internally, and the performance hit from the deeply rooted processor problem disclosed by Google researchers is mercifully small for modern chips.

    The most recent Kaby Lake processors, introduced late last year, generally see less than 5 percent performance loss in SYSmark14SE, and often none at all.

    But the biggest hit for those CPUs, and in fact most of the others as well, is on “responsiveness,” which according to the benchmark app’s creators includes “application launches, file launches, web browsing with multiple tabs, multi-tasking, file copying, photo manipulation, file encryption + compression, and background application installation.” So, pretty much all the stuff most people need to do.

    Gaming performance seems mostly unaffected,

    It’s those with older processors that may see a real slowdown — for example, the sixth-gen Core i7 6700K released in mid-2015. Its performance losses tip toward the 10 percent level, with responsiveness dropping 31 percent on Windows 10.

    Older setups are possibly even more deeply affected, but we can wait for the results. The real risk with those chips is that they are in embedded or hard to reach systems that are difficult to patch, leaving them open to exploitation. So far there have been no reports of hackers taking advantage of any of these bugs, though — it’s not exactly script kiddie stuff.

    Intel Security Issue Update: Initial Performance Data Results for Client Systems
    https://newsroom.intel.com/editorials/intel-security-issue-update-initial-performance-data-results-client-systems/

    Testing Intel Core Processor Platforms and a Variety of Workloads

    Reply
  3. Tomi Engdahl says:

    Protect your Windows devices against Spectre and Meltdown
    https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

    Mitigating Meltdown and Spectre – Windows Server
    How do I mitigate Meltdown and Spectre vulnerabilities?
    https://help.fasthosts.co.uk/app/answers/detail/a_id/3135/~/mitigating-meltdown-and-spectre—windows-server

    Reply
  4. Tomi Engdahl says:

    Meltdown Patch Broke Some Ubuntu Systems
    http://www.securityweek.com/meltdown-patch-broke-some-ubuntu-systems

    Canonical was forced to release a second round of Ubuntu updates that address the recently disclosed CPU vulnerabilities after some users complained that their systems no longer booted after installing the initial patches.

    On January 9, Canonical released Ubuntu updates designed to mitigate Spectre and Meltdown, two recently disclosed attack methods that work against processors from Intel, AMD, ARM, Qualcomm and IBM. The Linux kernel updates mitigate the vulnerabilities that allow the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) attacks.

    Shortly after the kernel was updated to version 4.4.0-108, some Ubuntu users started complaining that their systems had failed to boot. Restoring the system to an earlier version apparently resolved the problem.

    The updates released by Microsoft in response to the CPU flaws also caused problems, but only for users with some older AMD processors. The company has decided to no longer deliver the updates to AMD devices until compatibility issues are resolved. In the case of Ubuntu, however, the update has affected users with Intel processors.

    Reply
  5. Tomi Engdahl says:

    AMD Working on Microcode Updates to Mitigate Spectre Attack
    http://www.securityweek.com/amd-working-microcode-updates-mitigate-spectre-attack

    AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs.

    Shortly after researchers revealed the Spectre and Meltdown attack methods, which allow malicious actors to bypass memory isolation mechanisms and access sensitive data, AMD announced that the risk of attacks against its products was “near zero.”

    The company has now provided additional information on the matter, but maintains that the risk of attacks is low.

    According to AMD, its processors are not vulnerable to Meltdown attacks thanks to their architecture. They are, however, vulnerable to Spectre attacks.

    Spectre attacks are made possible by two vulnerabilities: CVE-2017-5753 and CVE-2017-5715. The former does impact AMD processors, but the chipmaker is confident that operating system patches are sufficient to mitigate any potential attacks.

    Reply
  6. Tomi Engdahl says:

    Spectre and Meltdown Attacks Against Microprocessors
    https://www.schneier.com/blog/archives/2018/01/spectre_and_mel_1.html

    The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution — which of course is not a solution — is to throw them all away and buy new ones.

    This means that a malicious app on your phone could steal data from your other apps. Or a malicious program on your computer — maybe one running in a browser window from that sketchy site you’re visiting, or as a result of a phishing attack — can steal data elsewhere on your machine. Cloud services, which often share machines amongst several customers, are especially vulnerable. This affects corporate applications running on cloud infrastructure, and end-user cloud applications like Google Drive. Someone can run a process in the cloud and steal data from every other users on the same hardware.

    Information about these flaws has been secretly circulating amongst the major IT companies for months as they researched the ramifications and coordinated updates. The details were supposed to be released next week, but the story broke early and everyone is scrambling. By now all the major cloud vendors have patched their systems against the vulnerabilities that can be patched against.

    Reply
  7. Tomi Engdahl says:

    IBM Starts Patching Spectre, Meltdown Vulnerabilities
    http://www.securityweek.com/ibm-starts-patching-spectre-meltdown-vulnerabilities

    IBM has started releasing firmware patches for its POWER processors to address the recently disclosed Meltdown and Spectre vulnerabilities. The company is also working on updates for its operating systems, but those are expected to become available only next month.

    On January 4, one day after researchers disclosed the Meltdown and Spectre attack methods against Intel, AMD and ARM processors, IBM informed customers that it had started analyzing impact on its own products. On Tuesday, the company revealed that its POWER processors are affected.

    IBM told customers that attacks against its Power Systems server line can be fully mitigated only by installing both firmware and operating system patches.

    Reply
  8. Tomi Engdahl says:

    NVIDIA Updates GPU Drivers to Mitigate CPU Flaws
    http://www.securityweek.com/nvidia-updates-gpu-drivers-mitigate-cpu-flaws

    NVIDIA has released updates for its GPU display drivers and other products in an effort to mitigate the recently disclosed attack methods dubbed Meltdown and Spectre.

    Shortly after researchers revealed the existence of the flaws that allow Meltdown and Spectre exploits, which can be leveraged to gain access to sensitive data stored in a device’s memory, NVIDIA announced that its GPU hardware is “immune,” but the company has promised to update its GPU drivers to help mitigate the CPU issues.

    The Meltdown and Spectre vulnerabilities affect processors from Intel, AMD and ARM. Similar to Qualcomm, some of NVIDIA’s system-on-chip (SoC) products rely on ARM CPUs and the company has promised to develop mitigations.

    On Tuesday, NVIDIA informed customers about the availability of GPU display driver updates that include mitigations for one of the Spectre vulnerabilities, specifically CVE-2017-5753. The company is still working on determining if the second Spectre flaw, CVE-2017-5715, affects its GPU drivers. On the other hand, there is no indication that the drivers are impacted by the Meltdown vulnerability (CVE-2017-5754).

    Reply
  9. Tomi Engdahl says:

    Reuters:
    Intel says some data center customers using Broadwell and Haswell processors are reporting more system reboots after applying patch for Meltdown and Spectre — (Reuters) – Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell …

    Intel says patches can cause reboot problems in old chips
    https://www.reuters.com/article/us-cyber-security-intel/intel-says-patches-can-cause-reboot-problems-in-old-chips-idUSKBN1F101X

    Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.

    Earlier on Thursday, the Wall Street Journal reported that Intel was asking cloud computing customers to hold off installing patches that address new security flaws that affect nearly all of its processors because the patches have bugs of their own.

    Reply
  10. Tomi Engdahl says:

    AMD is releasing Spectre firmware updates to fix CPU vulnerabilities
    Zero risk, but not zero impact
    https://www.theverge.com/2018/1/11/16880922/amd-spectre-firmware-updates-ryzen-epyc

    AMD’s initial response to the Meltdown and Spectre CPU flaws made it clear “there is a near zero risk to AMD processors.” That zero risk doesn’t mean zero impact, as we’re starting to discover today. “We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat,” says Mark Papermaster, AMD’s chief technology officer.

    AMD is making firmware updates available for Ryzen and EPYC owners this week, and the company is planning to update older processors “over the coming weeks.” Like Intel, these firmware updates will be provided to PC makers, and it will be up to suppliers to ensure customers receive these.

    AMD is also revealing that its Radeon GPU architecture isn’t impacted by Meltdown or Spectre, simply because those GPUs “do not use speculative execution and thus are not susceptible to these threats.”

    Reply
  11. Tomi Engdahl says:

    Google claims its Spectre and Meltdown mitigation results in no performance degradation
    https://techcrunch.com/2018/01/11/google-claims-its-spectre-and-meltdown-mitigation-results-in-no-performance-degradation/?utm_source=tcfbpage&sr_share=facebook

    The company’s Project Zero team discovered the chip vulnerabilities last year as it outlined in a blog post last week. As Google explained it, there are three variants here. The first two are known as Spectre and the third as Meltdown. The spooky nicknames just add to the drama of this entire event.

    Every chip has a protected area which prevents one application from seeing what another is doing. This is by design to protect critical security information like usernames, passwords and encryption keys. These vulnerabilities have the potential to leave this information exposed if exploited correctly.

    As Google so aptly pointed out, these vulnerabilities have been in place inside modern chips for 20 years. It’s worth noting that there hasn’t been a documented case of anyone exploiting these issues

    With its head start on this issue — a luxury not every vendor had, by the way — the company was able to come up with solutions for Variants 1 and 3 as far back as September. With a large testbed of data, it reports neither customers nor internal users are experiencing any kind of perceptible performance degradation using Google’s platform or software services.

    “No GCP customer or internal team has reported any performance degradation.”

    Variant 2 proved to be much more challenging for the Google engineering team. For a time, the team believed the only way to protect against this exploit was to shut down speculative execution

    came up with a solution that came to be known as “Retpoline.”

    As Google describes this, “With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications. Furthermore, testing this feature, particularly when combined with optimizations such as software branch prediction hints, demonstrated that this protection came with almost no performance loss.”

    To its credit, the company has shared all of its research and solutions publicly

    Earlier today, Intel announced it discovered some performance hits after implementing its own mitigation solutions at the chip level.

    Protecting our Google Cloud customers from new vulnerabilities without impacting performance
    https://www.blog.google/topics/google-cloud/protecting-our-google-cloud-customers-new-vulnerabilities-without-impacting-performance/

    Modern CPUs and operating systems protect programs and users by putting a “wall” around them so that one application, or user, can’t read what’s stored in another application’s memory. These boundaries are enforced by the CPU.

    In September, we began deploying solutions for both Variants 1 and 3 to the production infrastructure that underpins all Google products—from Cloud services to Gmail, Search and Drive—and more-refined solutions in October. Thanks to extensive performance tuning work, these protections caused no perceptible impact in our cloud and required no customer downtime in part due to Google Cloud Platform’s Live Migration technology.

    it was clear from the outset that Variant 2 was going to be much harder to mitigate.

    With the performance characteristics uncertain, we started looking for a “moonshot”—a way to mitigate Variant 2 without hardware support. Finally, inspiration struck in the form of “Retpoline”—a novel software binary modification technique that prevents branch-target-injection

    With Retpoline, we didn’t need to disable speculative execution or other hardware features. Instead, this solution modifies programs to ensure that execution cannot be influenced by an attacker.

    With Retpoline, we could protect our infrastructure at compile-time, with no source-code modifications.

    We immediately began deploying this solution across our infrastructure. In addition to sharing the technique with industry partners upon its creation, we open-sourced our compiler implementation in the interest of protecting all users.

    Reply
  12. Tomi Engdahl says:

    Retpoline: a software construct for preventing branch-target-injection
    https://support.google.com/faqs/answer/7625886

    Executive Summary
    “Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.

    The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.

    (If it brings you any amusement: imagine speculative execution as an overly energetic 7-year old that we must now build a warehouse of trampolines around.)

    Reply
  13. Tomi Engdahl says:

    Intel tried desperately to change the subject from Spectre and Meltdown at CES
    https://techcrunch.com/2018/01/12/intel-tried-desperately-to-change-the-subject-from-spectre-and-meltdown-at-ces/?utm_source=tcfbpage&sr_share=facebook

    It was so bad that the chip maker has to be thrilled to have CES, the massive consumer technology show going on this week in Las Vegas, as a way to change the subject and focus on the other work they are doing.

    For starters, CEO Brian Krzanich had to deal with the elephant in the room at the company keynote on Monday. Spectre and Meltdown patches were coming to 90 percent of the company’s affected chips by next week.

    …perhaps its biggest security scare in its history.”

    It didn’t help matters when Intel’s patch proved buggy and caused some systems to reboot.

    Mitigation efforts have been coming fast and furious from every corner: from chip vendors, from the OS vendors like Microsoft and Apple and from very nearly everyone else. There is concern that the mitigation solutions could in fact slow down computers substantially.

    The company began making a flurry of announcements, planned long before the chip flaws became public last week.

    Reply
  14. Tomi Engdahl says:

    Intel is having reboot issues with its Spectre-Meltdown patches
    https://techcrunch.com/2018/01/12/intel-is-having-reboot-issues-with-its-spectre-meltdown-patches/?utm_source=tcfbpage&sr_share=facebook

    It hasn’t been a fun time to be Intel. Last week the company revealed two chip vulnerabilities that have come to be known as Spectre and Meltdown and have been rocking the entire chip industry ever since (not just Intel). This week the company issued some patches to rectify the problem. Today, word leaked that some companies were having a reboot issue after installing them. A bad week just got worse.

    “We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center,” Shenoy wrote.

    https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/

    Reply
  15. Tomi Engdahl says:

    Russell Brandom / The Verge:
    How the Meltdown and Spectre vulnerabilities stayed secret for 7 months but were eventually revealed after rumors and suspicious Linux kernel patches surfaced

    Keeping Spectre secret
    How an industry-breaking bug stayed secret for seven months — and then leaked out
    https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

    How do you keep a flaw this big a secret long enough for everyone involved to fix it?

    Disclosure is an old problem in the security world. Whenever a researcher finds a bug, the custom is to give vendors a few months to fix the problem before it goes public and bad guys have a chance to exploit it. But as those bugs affect more companies and more products, the dance becomes more complex. More people need to be told and kept in confidence as more software needs to be quietly developed and pushed out. With Meltdown and Spectre, that multi-party coordination broke down and the secret spilled out before anyone was ready.

    Disclosure is an old problem in the security world. Whenever a researcher finds a bug, the custom is to give vendors a few months to fix the problem before it goes public and bad guys have a chance to exploit it. But as those bugs affect more companies and more products, the dance becomes more complex. More people need to be told and kept in confidence as more software needs to be quietly developed and pushed out. With Meltdown and Spectre, that multi-party coordination broke down and the secret spilled out before anyone was ready.

    That early breakdown had consequences. After the release, basic questions of fact became muddled, like whether AMD chips are vulnerable to Spectre attacks (they are), or whether Meltdown is specific to Intel. (ARM chips are also affected.) Antivirus systems were caught off guard, unintentionally blocking many of the crucial patches from being deployed. Other patches had to be stopped mid-deployment after crashing machines. One of the best tools available for dealing with the vulnerability has been a tool called Retpoline, developed by Google’s incident response team

    But according to senior vulnerability analyst Will Dormann, CERT wasn’t aware of the issue until the Meltdown and Spectre websites went live, which led to even more chaos. The initial report recommended replacing the CPU as the only solution.

    For a processor design flaw, the advice was technically true, but only stoked panic as IT managers imagined prying out and replacing the central processor for every device in their care. A few days later, Dormann and his colleagues decided the advice wasn’t actionable and changed the recommendation to simply installing patches.

    “I would have liked to have known,” Dormann says. “If we’d known about it earlier, we would have been able to produce a more accurate document, and people would have been more educated right off the bat, as opposed to the current state, where we’ve been testing patches and updating the document for the past week.”

    Reply
  16. Tomi Engdahl says:

    What are Meltdown and Spectre? Here’s what you need to know.
    https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-heres-what-you-need-know?sc_cid=7016000000127ECAAY

    Conventional industry wisdom was that whatever happened during the process of speculation (known as a “speculative execution window”) was either later confirmed and the results were used by the program, or it was not used and completely discarded. But it turns out that there are ways attackers can view what happened within the speculation window and manipulate the system as a result. An attacker can also steer the behavior of branch predictors to cause certain code sequences to run speculatively that should never normally have been executed.

    Meltdown (variant 3) which received a lot of attention because of its broad impact. In this form of attack, the chip is fooled into loading secured data during a speculation window in such a way that it can later be viewed by an unauthorized attacker. The attack relies upon a commonly-used, industry-wide practice that separates loading in-memory data from the process of checking permissions. Again, the industry’s conventional wisdom operated under the assumption that the entire speculative execution process was invisible

    Mitigating Meltdown involves changing how memory is managed between application software and the operating system. We introduce a new technology, known as KPTI (Kernel Page Table Isolation), which separates memory such that secure data cannot be loaded into the chip’s internal caches while running user code.

    The Spectre attack has two parts. The first (variant 1) has to do with “bounds check” violation.

    it is possible to arrange for code to execute speculatively and read data it should not into the system caches, from where it can be extracted using a side-channel attack

    Mitigating the first part of Spectre involves adding what we call “load fences” throughout the kernel.

    These require small, trivial, and not particularly performance-impacting changes throughout the kernel source.

    The second part of Spectre (variant 2) is in some ways the most interesting. It has to do with “training” the branch predictor hardware to favor speculatively executing pieces of code over those it should be executing.

    By carefully choosing a “gadget” (existing code in the kernel that has access to privileged data) the attacker can load sensitive data in the chip caches, where the same kind of side-channel attack once again serves to extract it.

    One of the biggest problems posed by this second part of Spectre is its potential to exploit the boundary between the operating system kernel and a hypervisor, or between different virtual machines running on the same underlying hardware.

    Mitigating this second part of Spectre requires that the operating system (selectively) disable branch prediction hardware whenever a program requests operating system (system call) or hypervisor services

    This approach works well, but it comes at a performance penalty that is not insignificant. Red Hat’s patches will default to implementing the security change and accepting the performance impact, but we’ve also added system administrators the ability to toggle this (and all the implemented settings) on or off.

    It’s important to bear in mind that these are early days following the discovery of an entirely new class of system security vulnerabilities, and, as a result, mitigations and associated best practice advice may change over time.

    Reply
  17. Tomi Engdahl says:

    AMD chips exposed to both variants of Spectre security flaw
    https://www.reuters.com/article/us-cyber-microchips-amd/amd-chips-exposed-to-both-variants-of-spectre-security-flaw-idUSKBN1F0314

    (Reuters) – Advanced Micro Devices Inc said on Thursday its microprocessors are susceptible to both variants of the Spectre security flaw, days after saying its risk for one of them was “near zero”.

    In a subsequent statement Thursday, AMD said there was “no change” to its position on the susceptibility of its chips to Spectre, but shares fell as much as 4.0 percent after the first AMD announcement.

    AMD’s shares have gained nearly 20 percent since the flaws were made public on Jan. 3 as investors speculated that it could wrest market share from Intel, which is most exposed to the flaws because it is vulnerable to all three variants.

    Reply
  18. Tomi Engdahl says:

    Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes
    https://www.theregister.co.uk/2018/01/15/oracle_still_silent_on_meltdown_but_lists_patches_for_x86_servers/

    Sun ZFS Storage Appliance users: brace for super-critical fix

    Oracle still has nothing to say about whether the Meltdown or Spectre vulnerabilities are a problem for its hardware.

    Big Red today offered The Register another “no comment”, making it a notable absentee from the Intel’s list of x86 vendors’ advisories on how to handle the twin problems.

    Reply
  19. Tomi Engdahl says:

    Meltdown Patch Broke Some Ubuntu Systems
    http://www.securityweek.com/meltdown-patch-broke-some-ubuntu-systems

    Canonical was forced to release a second round of Ubuntu updates that address the recently disclosed CPU vulnerabilities after some users complained that their systems no longer booted after installing the initial patches.

    On January 9, Canonical released Ubuntu updates designed to mitigate Spectre and Meltdown, two recently disclosed attack methods that work against processors from Intel, AMD, ARM, Qualcomm and IBM. The Linux kernel updates mitigate the vulnerabilities that allow the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) attacks.

    Shortly after the kernel was updated to version 4.4.0-108, some Ubuntu users started complaining that their systems had failed to boot. Restoring the system to an earlier version apparently resolved the problem.

    The updates released by Microsoft in response to the CPU flaws also caused problems, but only for users with some older AMD processors. The company has decided to no longer deliver the updates to AMD devices until compatibility issues are resolved.

    Reply
  20. Tomi Engdahl says:

    Variant 1: bounds check bypass (CVE-2017-5753) – a.k.a. Spectre
    Variant 2: branch target injection (CVE-2017-5715) – a.k.a. Spectre
    Variant 3: rogue data cache load (CVE-2017-5754) – a.k.a. Meltdown

    Reply
  21. Tomi Engdahl says:

    What Spectre and Meltdown Mean For WebKit
    https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/

    WebKit is affected because in order to render modern web sites, any web JavaScript engine must allow untrusted JavaScript code to run on the user’s processor. Spectre impacts WebKit directly. Meltdown impacts WebKit because WebKit’s security properties must first be bypassed (via Spectre) before WebKit can be used to mount a Meltdown attack.

    WebKit relies on branch instructions to enforce what untrusted JavaScript and WebAssembly code can do. Spectre means that an attacker can control branches, so branches alone are no longer adequate for enforcing security properties.
    Meltdown means that userland code, such as JavaScript running in a web browser, can read kernel memory. Not all CPUs are affected by Meltdown and Meltdown is being mitigated by operating system changes. Mounting a Meltdown attack via JavaScript running in WebKit requires first bypassing branch-based security checks, like in the case of a Spectre attack. Therefore, Spectre mitigations that fix the branch problem also prevent an attacker from using WebKit as the starting point for Meltdown.

    Spectre and Security Checks
    Spectre means that branches are no longer sufficient for enforcing the security properties of read operations in WebKit. The most impacted subsystem is JavaScriptCore (WebKit’s JavaScript engine). Almost all bounds checks can be bypassed to read arbitrarily out-of-bounds. This could allow an attacker to read arbitrary memory. All type checks are also vulnerable. For example, if some type contains an integer at offset 8 while another type contains a pointer at offset 8, then an attacker could use Spectre to bypass the type check that is supposed to ensure that you can’t use the integer to craft an arbitrary pointer.

    JavaScriptCore is meant to be a secure language virtual machine. It should be possible to load untrusted JavaScript or WebAssembly code into your process without the risk of your process’s memory being leaked to the JavaScript code except in cases where you explicitly export data to JavaScript via our C or Objective-C binding API. Spectre breaks this property of JavaScriptCore because untrusted JavaScript or WebAssembly now has a theoretical path to reading all of the host process’s address space.

    The CPU has the ability to initiate loads from main memory into L1 (the CPU’s level 1 memory cache, which is the fastest and smallest) while executing speculatively. As a performance optimization, the CPU does not undo fetches into L1 when rolling back speculative execution. This leads to a timing-based information leak

    Reply
  22. Tomi Engdahl says:

    What VMware vSphere admins need to know about Meltdown and Spectre
    http://www.rtsab.com/rts_blogg/vmware-vsphere-meltdown-spectre/

    Reply
  23. Tomi Engdahl says:

    Fake Meltdown/Spectre Patch Installs Malware
    http://www.securityweek.com/fake-meltdownspectre-patch-installs-malware

    Cybercriminals are already taking advantage of the massive attention the recently detailed Meltdown and Spectre CPU flaws have received, in an attempt to trick users into installing malware instead, Malwarebytes warns.

    Made public in early January, Meltdown and Spectre are two new side-channel attack methods against modern processors and are said to impact billions of devices. Based on vulnerabilities at the CPU level, the flaws allow malicious apps to access data as it is being processed, including passwords, photos, documents, emails, and the like.

    Chip makers and vendors were alerted on the bugs last year, and some started working on patches for their users several months ago, but waited for a coordinated public disclosure set for last week. Apple, Microsoft, Google, Canonical, and IBM are just a few of the vendors that have already deployed patches.

    Soon after the patches began rolling out, however, attacks taking advantage of the Meltdown/Spectre fever surfaced. One of them, Malwarebytes reports, is targeting German users with the SmokeLoader malware.

    The attack was spotted soon after the German authorities issued a warning on phishing emails trying to take advantage of infamous bugs started to appear.

    Reply
  24. Tomi Engdahl says:

    Meltdown Code Proves Concept
    https://hackaday.com/2018/01/11/meltdown-code-proves-concept/

    If you’ve read about Meltdown, you might have thought, “how likely is that to actually happen?” You can more easily judge for yourself by looking at the code available on GitHub. The Linux software is just proof of concept, but it both shows what could happen and — in a way — illustrates some of the difficulties in making this work. There are also two videos in the repository that show spying on password input and dumping physical memory.

    The interesting thing is that there are a lot of things that will stop the demos from working. For example a slow CPU, a CPU without out-of-order execution, or an imprecise high-resolution timer. This is apparently especially problematic in virtual machines.

    Because of the nature of the hack, it is possible to not read data correctly every time. One of the demos measures the reliability of reading using the Meltdown method. The example shows a 99.93% success rate.

    The real work is done in libkdump which is less than 500 lines of C code. Well — actually, it is a good bit of assembly embedded in the C file. There are a lot of things that will stop the code from working, but you can imagine that some of the code could be improved, too.

    https://github.com/IAIK/meltdown/

    Reply
  25. Tomi Engdahl says:

    Google, Intel, Microsoft, Others Scramble to Fix Cybersecurity Vulnerabilities
    https://www.designnews.com/electronics-test/google-intel-microsoft-others-scramble-fix-cybersecurity-vulnerabilities/33683154458098?ADTRK=UBM&elq_mid=2888&elq_cid=876648

    Big names in the electronics industry, including Google, Intel and Microsoft, are struggling to repair security holes brought about by recently revealed weakness in hardware.

    Hardware flaws may be the new big security gap in computers and phones. In the last few days, it has become apparent that Intel, Microsoft, and other leading electronics companies have been struggling for months to overcome security holes that affect billions of processors worldwide. Intel, Microsoft, and Google released statements assuring customers the fixes are complete or in process. Yet some experts warn that the fixes could hurt performance.

    Some Fixes Are Still on the Way

    The vulnerability apparently has the potential to let attackers through security barriers. “The flaw allows apps or hackers to bypass Kernel security systems and access cached sensitive information within the memory,” Marty P. Kamden, CMO of NordVPN told Design News. “This has led to the redesign of Windows and Linux Kernels. It seems that this particular bug has probably impacted most of the Intel processors manufactured in the past 10 years.”

    Some systems have already been updated with fixes, while other system repairs are still in the process of updating. “Apple and Linux developers have released patches that in one way or another are able to mitigate the possible damage which might emerge from this major flaw, while Windows users must still wait for an update,” said Kamden. “We recommend that people keep their devices updated regardless of the OS used. However, each person must assess their threat level individually until all security patches are completed and publicly released.”

    Reply
  26. Tomi Engdahl says:

    Meltdown, Spectre Repeat Hard Security Lessons
    Speculative execution won’t go away
    https://www.eetimes.com/document.asp?doc_id=1332833

    Vendors are still issuing patches and starting to think about optimizations for them after last week’s disclosure of one of the largest security flaws ever to hit microprocessors. Meltdown and Spectre provided the latest painful lesson about the nature of what’s known in the security world as common vulnerabilities and exposures (CVEs).

    The U.S. maintains what aims to be an authoritative list of CVEs. As of this writing, it included a whopping 94,971 entries.

    Vendors typically assign teams to keep up with the flow of new hacks and patches for them. But few are as broad as Meltdown and Spectre that affect microprocessors that support speculative execution. The technique is used widely in high-end chips shipped over the last several years from companies including AMD, ARM, Apple, IBM, Intel, Oracle, and others.

    Reuters reported that about 5% of the 120 billion chips that ARM has shipped to date may be affected by Spectre, but fewer would be susceptible to Meltdown. Intel and AMD have not disclosed how many of their chips are affected

    Reply
  27. Tomi Engdahl says:

    Cyber Attacks Continue to Succeed
    https://www.eetimes.com/author.asp?section_id=36&doc_id=1332843

    Spectre and Meltdown demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

    Spectre and Meltdown, two methods of exploiting security vulnerabilities found in Intel, AMD and Arm processors, demonstrate weaknesses in current hardware cybersecurity that will force a huge paradigm shift within the semiconductor industry.

    Software-based cybersecurity, the go-to measure to ensure a system won’t be hacked, addresses software vulnerabilities but overlooks hardware design. That’s because more than $150 billion is spent a year on software-based cyber security tools, while relatively little is spent on hardware security tools, and there continues to be a stream of hacks and breaches.

    Reply
  28. Tomi Engdahl says:

    This repository contains several applications, demonstrating the Meltdown bug.
    https://github.com/IAIK/meltdown/

    Reply
  29. Tomi Engdahl says:

    Spectre and PowerPC Chips »
    Spectre’s impact on the G3, G4 and G5 families of processors has been documented.
    Spoiler alert: The G3 and early G4s are resistant to the exploit.

    Actual field testing of Spectre on various Power Macs (spoiler alert: G3 and 7400 survive!)
    https://tenfourfox.blogspot.fi/2018/01/actual-field-testing-of-spectre-on.html

    Spectre example code – x86 / x86_64 and PowerPC
    https://gist.github.com/miniupnp/9b701e87f14ad3e0a455cfb54ba99fed

    Reply
  30. Tomi Engdahl says:

    CPU Exploits Meltdown And Spectre Could Potentially Affect Nintendo Switch
    Nvidia “preparing appropriate mitigations”
    http://www.nintendolife.com/news/2018/01/cpu_exploits_meltdown_and_spectre_could_potentially_affect_nintendo_switch

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*